In the post that I replied to you quote, "Better privacy: API users exchange data with the server using hashed URLs so the server never knows the actual URLs queried by the clients." This is specifically describing the Safe Browsing Lookup API, which does send hashed URLs to their servers.
The link you provided says that, "The Safe Browsing Lookup API is a new experimental API that enables applications to simply look up URLs from our Safe Browsing service and get the state of URLs (e.g. phishing, malware) directly."
So whether you send URLs to their servers depends on whether you choose to use the Lookup API or what they set as the default in Chrome in the future. It's important to actually discuss this and not just pretend that it doesn't exist.
But they're comparing the hash that you send with the hash that they have generated from a list of malicious sites, right? So the server certainly knows which site you are visiting if it's on the "malicious" list. Which is good, because you want a YES or NO on whether the site is malicious.
So the only thing that Google, indexer of the internet, needs in order to know all of the other sites you visit is a hash of every other URL on the internet. It is not at all unreasonable to assume that they have this, since they probably use it internally (and why would they use a different hashing algorithm for Safe Browsing than they use internally?).
The Safe Browsing API v2 has the following advantages:
* Better privacy: API users exchange data with the server using hashed URLs so the server never knows the actual URLs queried by the clients.
The fact that the doc you quoted specifically mentions protecting your privacy from Google itself is what makes their assurance less comforting. When someone claims to have taken steps to protect you from themselves (and those steps don't seem to offer much protection on further inspection), it's natural to be suspicious.
You don't get points for finishing early, but you do get points for getting the correct answer. The elimination strategy (and going back to questions that you weren't sure about) is meant to improve your chances of getting the right answer.
Using up the allotted time in order to maximize your score is, in fact, a time management tool.
There are free(mium) alternatives to DynDNS, like freedns, so you can change providers if one tanks. If you use your own domain (like freedns allows you to do), you can switch between them without much trouble (you'll just change your NS with the registrar).
Run your own mailserver and pay for backup MX service. This helps ease any worries you may have about losing email (due to your server/ISP downtime, etc). The backup MX is only used if your mail server can't be contacted and will hold mail while you fix the situation. (From a privacy perspective, your email will only be vulnerable to third part disclosure during the times that you're experiencing some sort of catastrophe.)
The sysadmin work is certainly something to deal with, but if you stick with a barebones install and a stable (but actively supported) mail server, you can keep your involvement to a minimum. I find SpamAssassin to to a great job of filtering spam.
There's some work involved in setting everything up, but maintaining it all is pretty painless.
In the US, moving to this system would almost surely come with the banks relieving themselves of all liability for fraud. Since the EMV system is completely and totally secure (which, of course, it's not), any charge must have been authorized by the cardholder and can't be disputed.
The meager customer protections that exist for credit cards are a relic of the past. In the current US, there's no way a new system would make anyone with money hold any of the risk.
So... the retailer is accepting stolen cards. How else would they expect that to play out? You never get to keep stolen property, even if you pay for it in good faith. Why would the retailer get to profit from a fraudulent transaction? This is an avoidable situation, especially with mail-order items. Only ship to the billing address of the card and you'll cut these events down to a tiny number.
Now I agree that the credit card system is extremely poorly set up, but almost every situation that results in a merchant chargeback can be traced to poor behavior on the merchant's part (not verifying the cardholder's ID, not addressing the customer's complaints, etc).
Alice's Adventures in Wonderland was published in 1865 (73 years before LSD was synthesized) by man who has no known connections to drug use. The Cheshire cat itself predates even Lewis Carroll.
The only "acid trip" aspect of any of this is a Disney movie from 1951 (which is admittedly very trippy).
Good point wrt withholding the knowledge of the payment. Being paid to use the algorithm is certainly sketchy, but if the technical team received only the word that the NSA had advised they use a particular algorithm it could certainly seem like advice worth following.
The blame for this can't be kept entirely off of the techie's shoulders, though. While management may have made the deal and pocketed the money, management isn't capable of actually altering the product. At some point the product they shipped was made to be different than the product the technical side originally designed and it took cooperation from the technical team to make that change happen.
The idea of restitution for the misdeeds of the long-dead ancestors of one party against the long-dead ancestors of another party is toxic to a just society. While their ancestors endured unspeakable treatment, they personally are owed nothing more than any other American citizen. "Entitlement" is literally the foundation of your entire proposition.
(And what is this something that they're owed anyway? And how is that compatible with a society that claims "all men are created equal"? How is it right to take from one group of people and give to another based on who their ancestors are?)
Not really. You don't wait for a breach to fix an apparent security hole. Extraordinary proof is required to claim that an apparent security hole is not worth patching... not the other way around.
No, the problem is that you're thinking too short term.
The desire to get a predictable monetary return on investment is why private industry has largely backed out of basic research. This is why the government largely fills that role. Desiring the government to act like a business in every way will only lead to a complete abandonment of basic research by our society. Without it, we'll only see incremental increases in technology (mostly those that lead to shinier gadgets) and your premise (that colonization will be cheaper in the future) doesn't necessarily follow.
It's possible that a sustainable colony on another planet could do for the economy what the New World settlement did several hundred years ago. Investing all of our money today in derivatives, smartphones, and housing bubbles will certainly make a few people richer today but it won't keep expanding our economy forever.
The NIST curves being insecure doesn't only apply to random number generation. SSL still uses NIST curves for almost all other ECC, which includes most of the perfect forward secrecy ciphers. If the NIST curves are really broken, SSL (as deployed) is also broken. (Try "openssl ecparam -list_curves" sometime. NIST curves dominate the landscape and they are most often chosen when using ECC.)
There's speculation that the curves were selected because they make ECC (ECDSA, ECDH, etc) weaker than would be expected. If so, this would be true even if a non EC RNG is used.
Plus I believe TFA (can't reload it now) said it was handled by the executives directly; the technical team was not involved. So Jim Bizdos may not even have understood what he was getting into. For if he had I would bet he would have asked for more....
They couldn't have weakened the encryption directly from an executive position, though, so the technical team had to be involved. Even the executives would know that their business depended on trust, too, so they couldn't have operated from ignorance of that sort.
You're still thinking too short term, which is why this sort of project belongs to the realm of government and not the private investor.
A successful off-planet colony may take quote some time to become self sufficient and start establishing profitable industry. 'A long time' could even mean several hundred years. But the end result could be similar to colonizing the new world in economic effect: new resources, new industries, new markets.
Establishing an off-world colony is really just an engineering problem at this point (especially if it's on a relatively tame place like Mars or the Moon). The positive economic impact of a successful colony (ie, permanent and self-sufficient) will be massive. We just need the will as a people to make plans that far into the future.
The sad thing (not sad for this dipshit, but sad for obsessive over-planners) is that his plan didn't even really fail. There was certainly a hitch, in that he was a suspect, but they likely didn't have any real evidence on him. Like you said, had he only planned for this little contingency, he would possibly not be in this situation.
This, in general, always shocks me about criminals: they never plan for getting caught. Even if they come up with elaborate plans for their crimes, they rarely seem to have backup (or even escape) plans....though, I suppose that there's some selection bias here (we most often catch those who don't plan well).
That covers monitoring. Throw in a couple of servos and drivers to control the ventilation and you have a complete system. Drop the Pi/Arduino combo and use a Beaglebone Black and you keep roughly the same expenditure.
I think I have a project lined up for the holidays...
[ By the way, it had been a little while since I last used BatchPCB, but they've since sold their operation to OSH Park, who now does all of the fab work in the US and the turnaround is much quicker. If you're looking for reasonably priced small batch PCBs, check them out. ]
Countdown timers are somewhat common in the US, though they're typically installed as pedestrian crosswalk timers. This limits them to urban and suburban intersections that see pedestrian traffic and municipalities that have updated them from the simple WALK/DON'T WALK symbols.
At complex intersections, the ped timers don't necessarily line up with the car traffic lights, though. I'd love to see real timers for the traffic lights themselves.
While's it's true that a "veto-proof" majority will be able to pass a law, it doesn't mean that the president is barred from attempting to veto it (even though the veto will likely be overridden). The president vetoing a bill that will pass anyway is a form of protest. The president signing a bill is a declaration that he accepts and agrees with the bill. Any other interpretation is just politics.
Google morphed from being a tech company to an advertising company when the bills started coming due for running their search engine. The evil that you're complaining about is what motivated the never-have-to-delete-a-message email boxes.
My definition of God is certainly very narrow, because a God that has a physical manifestation would in essence just be another measurable force to be investigated. At least the physical manifestation would be observable and in that case it would be indistinguishable from any of the other aspects of the universe that science is already used to study. Since those manifestations would not be distinguishable from "natural" forces, it seems that a definition of God that includes them is overly broad. Ultimately, you could say that God is everything, but from that perspective this whole debate is a little meaningless.
I brought "spirituality" in as a placeholder for only the metaphysical portions of religion, because those are the only aspects of religion that aren't subject to scientific investigation. The other parts of religion are either history or actual testable physical phenomena (prayers having real physical results, miracles, etc). Spirituality isn't the best term, but nothing better came to mind at the moment.
You're absolutely right about using proof in place of evidence. It was just a slip, as I explained to Limecat, and I'm pretty horrified that I actually did it. If you replace proof with evidence in my post, it reads how I intended it.
With that out of the way, the discussion comes to finding an acceptable definition of God. I suspect that is at the root of much of the disagreement in this whole topic, but there's no reason we can't settle that once and for all here!;)
Slashdot Mirror
In the post that I replied to you quote, "Better privacy: API users exchange data with the server using hashed URLs so the server never knows the actual URLs queried by the clients." This is specifically describing the Safe Browsing Lookup API, which does send hashed URLs to their servers.
The link you provided says that, "The Safe Browsing Lookup API is a new experimental API that enables applications to simply look up URLs from our Safe Browsing service and get the state of URLs (e.g. phishing, malware) directly."
So whether you send URLs to their servers depends on whether you choose to use the Lookup API or what they set as the default in Chrome in the future. It's important to actually discuss this and not just pretend that it doesn't exist.
But they're comparing the hash that you send with the hash that they have generated from a list of malicious sites, right? So the server certainly knows which site you are visiting if it's on the "malicious" list. Which is good, because you want a YES or NO on whether the site is malicious.
So the only thing that Google, indexer of the internet, needs in order to know all of the other sites you visit is a hash of every other URL on the internet. It is not at all unreasonable to assume that they have this, since they probably use it internally (and why would they use a different hashing algorithm for Safe Browsing than they use internally?).
The Safe Browsing API v2 has the following advantages:
* Better privacy: API users exchange data with the server using hashed URLs so the server never knows the actual URLs queried by the clients.
The fact that the doc you quoted specifically mentions protecting your privacy from Google itself is what makes their assurance less comforting. When someone claims to have taken steps to protect you from themselves (and those steps don't seem to offer much protection on further inspection), it's natural to be suspicious.
You don't get points for finishing early, but you do get points for getting the correct answer. The elimination strategy (and going back to questions that you weren't sure about) is meant to improve your chances of getting the right answer.
Using up the allotted time in order to maximize your score is, in fact, a time management tool.
There are free(mium) alternatives to DynDNS, like freedns, so you can change providers if one tanks. If you use your own domain (like freedns allows you to do), you can switch between them without much trouble (you'll just change your NS with the registrar).
Run your own mailserver and pay for backup MX service. This helps ease any worries you may have about losing email (due to your server/ISP downtime, etc). The backup MX is only used if your mail server can't be contacted and will hold mail while you fix the situation. (From a privacy perspective, your email will only be vulnerable to third part disclosure during the times that you're experiencing some sort of catastrophe.)
The sysadmin work is certainly something to deal with, but if you stick with a barebones install and a stable (but actively supported) mail server, you can keep your involvement to a minimum. I find SpamAssassin to to a great job of filtering spam.
There's some work involved in setting everything up, but maintaining it all is pretty painless.
Probably because in the post I was replying to you claimed, "my post was to criticize the use of archaic units on an international website".
The inability (or lazy unwillingness) to translate commonly used units into familiar units reflects most poorly on you.
My biggest beef is saying "soldiers drive ninety to work" on an internationally populated website without specifying units at all!
In the US, moving to this system would almost surely come with the banks relieving themselves of all liability for fraud. Since the EMV system is completely and totally secure (which, of course, it's not), any charge must have been authorized by the cardholder and can't be disputed.
The meager customer protections that exist for credit cards are a relic of the past. In the current US, there's no way a new system would make anyone with money hold any of the risk.
So... the retailer is accepting stolen cards. How else would they expect that to play out?
You never get to keep stolen property, even if you pay for it in good faith. Why would the retailer get to profit from a fraudulent transaction? This is an avoidable situation, especially with mail-order items. Only ship to the billing address of the card and you'll cut these events down to a tiny number.
Now I agree that the credit card system is extremely poorly set up, but almost every situation that results in a merchant chargeback can be traced to poor behavior on the merchant's part (not verifying the cardholder's ID, not addressing the customer's complaints, etc).
Alice's Adventures in Wonderland was published in 1865 (73 years before LSD was synthesized) by man who has no known connections to drug use. The Cheshire cat itself predates even Lewis Carroll.
The only "acid trip" aspect of any of this is a Disney movie from 1951 (which is admittedly very trippy).
Good point wrt withholding the knowledge of the payment. Being paid to use the algorithm is certainly sketchy, but if the technical team received only the word that the NSA had advised they use a particular algorithm it could certainly seem like advice worth following.
The blame for this can't be kept entirely off of the techie's shoulders, though. While management may have made the deal and pocketed the money, management isn't capable of actually altering the product. At some point the product they shipped was made to be different than the product the technical side originally designed and it took cooperation from the technical team to make that change happen.
The idea of restitution for the misdeeds of the long-dead ancestors of one party against the long-dead ancestors of another party is toxic to a just society. While their ancestors endured unspeakable treatment, they personally are owed nothing more than any other American citizen. "Entitlement" is literally the foundation of your entire proposition.
(And what is this something that they're owed anyway? And how is that compatible with a society that claims "all men are created equal"? How is it right to take from one group of people and give to another based on who their ancestors are?)
If you want to interface computers/etc with Ademco/Honeywell stuff, there's an interface module here that does the trick nicely.
Not really. You don't wait for a breach to fix an apparent security hole. Extraordinary proof is required to claim that an apparent security hole is not worth patching... not the other way around.
No, the problem is that you're thinking too short term.
The desire to get a predictable monetary return on investment is why private industry has largely backed out of basic research. This is why the government largely fills that role. Desiring the government to act like a business in every way will only lead to a complete abandonment of basic research by our society. Without it, we'll only see incremental increases in technology (mostly those that lead to shinier gadgets) and your premise (that colonization will be cheaper in the future) doesn't necessarily follow.
It's possible that a sustainable colony on another planet could do for the economy what the New World settlement did several hundred years ago. Investing all of our money today in derivatives, smartphones, and housing bubbles will certainly make a few people richer today but it won't keep expanding our economy forever.
Statist authoritarians. The biggest threat to an all-powerful government is a citizenry that has no need for it.
The NIST curves being insecure doesn't only apply to random number generation. SSL still uses NIST curves for almost all other ECC, which includes most of the perfect forward secrecy ciphers. If the NIST curves are really broken, SSL (as deployed) is also broken. (Try "openssl ecparam -list_curves" sometime. NIST curves dominate the landscape and they are most often chosen when using ECC.)
There's speculation that the curves were selected because they make ECC (ECDSA, ECDH, etc) weaker than would be expected. If so, this would be true even if a non EC RNG is used.
Plus I believe TFA (can't reload it now) said it was handled by the executives directly; the technical team was not involved. So Jim Bizdos may not even have understood what he was getting into. For if he had I would bet he would have asked for more....
They couldn't have weakened the encryption directly from an executive position, though, so the technical team had to be involved. Even the executives would know that their business depended on trust, too, so they couldn't have operated from ignorance of that sort.
You're still thinking too short term, which is why this sort of project belongs to the realm of government and not the private investor.
A successful off-planet colony may take quote some time to become self sufficient and start establishing profitable industry. 'A long time' could even mean several hundred years. But the end result could be similar to colonizing the new world in economic effect: new resources, new industries, new markets.
Establishing an off-world colony is really just an engineering problem at this point (especially if it's on a relatively tame place like Mars or the Moon). The positive economic impact of a successful colony (ie, permanent and self-sufficient) will be massive. We just need the will as a people to make plans that far into the future.
The sad thing (not sad for this dipshit, but sad for obsessive over-planners) is that his plan didn't even really fail. There was certainly a hitch, in that he was a suspect, but they likely didn't have any real evidence on him. Like you said, had he only planned for this little contingency, he would possibly not be in this situation.
This, in general, always shocks me about criminals: they never plan for getting caught. Even if they come up with elaborate plans for their crimes, they rarely seem to have backup (or even escape) plans. ...though, I suppose that there's some selection bias here (we most often catch those who don't plan well).
That covers monitoring. Throw in a couple of servos and drivers to control the ventilation and you have a complete system. Drop the Pi/Arduino combo and use a Beaglebone Black and you keep roughly the same expenditure.
I think I have a project lined up for the holidays...
[ By the way, it had been a little while since I last used BatchPCB, but they've since sold their operation to OSH Park, who now does all of the fab work in the US and the turnaround is much quicker. If you're looking for reasonably priced small batch PCBs, check them out. ]
Countdown timers are somewhat common in the US, though they're typically installed as pedestrian crosswalk timers. This limits them to urban and suburban intersections that see pedestrian traffic and municipalities that have updated them from the simple WALK/DON'T WALK symbols.
At complex intersections, the ped timers don't necessarily line up with the car traffic lights, though. I'd love to see real timers for the traffic lights themselves.
While's it's true that a "veto-proof" majority will be able to pass a law, it doesn't mean that the president is barred from attempting to veto it (even though the veto will likely be overridden). The president vetoing a bill that will pass anyway is a form of protest. The president signing a bill is a declaration that he accepts and agrees with the bill. Any other interpretation is just politics.
Google morphed from being a tech company to an advertising company when the bills started coming due for running their search engine. The evil that you're complaining about is what motivated the never-have-to-delete-a-message email boxes.
That's fair enough.
My definition of God is certainly very narrow, because a God that has a physical manifestation would in essence just be another measurable force to be investigated. At least the physical manifestation would be observable and in that case it would be indistinguishable from any of the other aspects of the universe that science is already used to study. Since those manifestations would not be distinguishable from "natural" forces, it seems that a definition of God that includes them is overly broad. Ultimately, you could say that God is everything, but from that perspective this whole debate is a little meaningless.
I brought "spirituality" in as a placeholder for only the metaphysical portions of religion, because those are the only aspects of religion that aren't subject to scientific investigation. The other parts of religion are either history or actual testable physical phenomena (prayers having real physical results, miracles, etc). Spirituality isn't the best term, but nothing better came to mind at the moment.
You're absolutely right about using proof in place of evidence. It was just a slip, as I explained to Limecat, and I'm pretty horrified that I actually did it. If you replace proof with evidence in my post, it reads how I intended it.
With that out of the way, the discussion comes to finding an acceptable definition of God. I suspect that is at the root of much of the disagreement in this whole topic, but there's no reason we can't settle that once and for all here! ;)