You have a right to travel. That is to say, you can walk. (Hey, how do you think the early settlers in California got there?) You can take a taxi. Hop on the bus. Bum a ride from a friend. Stick out your thumb where permitted.
You even have the right to drive your car around your own property in whatever manner you want, including blind drunk, as long as you don't cross onto public property, other's property, or recklessly endanger others.
What you don't have is the *right* to hop into the left seat of that 747 and fly it to Vegas yourself, not even if you're a qualified pilot. You don't have the right to drive the bus. Or your SUV, or even (in some areas) ride a bike on the city streets if 1) you haven't demonstrated your basic proficiency and 2) you haven't demonstrated your ability to avoid being a threat to others.
I do NOT like the idea of turning a DL into a "good citizenship award, e.g., revoking the license if someone is behind on child support payments. This is not directly related to public safety and should be uncoupled.
But at the same time, I support mandatory prison time for anyone caught driving while their license is suspended for being a hazard to others. Hell, give people life sentences without parole for their second DUI resulting in death. When I hear about some Bubba with 16 DUI convictions, including 5 resulting in deaths, I start thinking about death penalties... for the government officials who let this idiot back on the road. I doubt they would be equally sanguine about someone who just punched strangers at random even when on parole for earlier assaults.
SSN cards aren't proof of citizenship since anyone who works in this country (with a few exceptions) is required to pay into the system, pay Federal income taxes, etc.
This doesn't affect tourists or students, who are legally prohibited from working, but it does affect resident aliens.
Have you looked at libnss-ldap? Install that, set up your/etc/nsswitch.conf file to refer to ldap in addition to your other resources, and all well-behaved programs (re: that use the NSS routines in glibc instead of attempting to modify/etc/whatever directly) should update the LDAP records.
Let's make a quick visit to an alternative earth. During the Gulf War, satellites observed a brilliant flash over the Pacific Ocean (iirc) due to a small impact event that resulted in a high-altitude air burst.
In this alternative earth the object had a slightly different orbit, so it impacted near US troops. It was also slightly larger, large enough to create a small crater, but nothing like "Meteor Crater" in Arizona.
In this alternative earth, in the confusion of a conventional war the US (and the rest of the world) concluded that Iraq used a nuclear weapon against US forces. The US (and other nuclear powers), fearing that other weapons of mass destruction were being prepared for use, acted to knock out these weapons first. The death toll was in the high millions, but it was considered a bargain since it saved billions. Or so they thought, when they thought a biological weapon attack would soon follow.
Now let's fast forward to Sept. 11th. Imagine a small impact over a North American or European city in immediate aftermath of the 9/11 attacks, an impact initially indistinguishable from a nuclear detonation.
THAT is why even small impacts matter. History is full of large-scale human events being triggered by "one-in-a-million" chance events.
No, there's a huge difference between the existing nuclear powers and India and Pakistan.
The existing nuclear powers have extensive C3I systems in place. (C3I = command, control, communications and intelligence.) We know, from having suicidal soldiers with access to nukes and from transportation accidents to take the threat posed by own people seriously. E.g., do you know how many nuclear weapons are known to be missing, and the circumstances around their loss?
That's why our nukes (except for the Soviet "doomsday" system) have so many safeguards built into them. A pod requires at least two people to vote to launch... and both people have to vote to launch. A missile launch requires two pods to vote to launch, but it will stay in the silo if a third votes to veto. (A 3-1 vote will launch). Missiles can require multiple votes. Warhead PALS can require access codes, permanently disabling the warhead if the incorrect code is entered.
India and Pakistan, in contrast, haven't developed the same level of C3I. I'm sure that there's been a lot of under-the-table technology transfer to both countries, but there's still a lot more concern about a rogue agent getting ahold of the weapons and subsequently using them.
There are also some deadlines for any species that follow us. E.g., the earth has had fairly consistent temperatures even though the sun has been getting brighter because CO2 was getting locked up by life and other geological processes. So the amount of greenhouse gases have tended downward over time.
So far so good, but there's little CO2 left to remove from the atmosphere. As it continues to drop, we'll lose trees. No trees, no wood for construction projects. A bit latter, we'll lose even bushes and shrubs - the only form of plant life will be grasses.
Over an even longer timeframe (250 MY?), we'll hit a "wet greenhouse" phase. Hot oceans release more water vapor, which initially produces clouds that reflect sunlight. But this only goes so far, eventually the "water vapor as greenhouse gas" effect will dominate the "water vapor as bright white clouds" effect and the oceans will boil. This eventually leads to a "dry greenhouse" like Venus.
I'm not sure whether I'm optimistic (I think our window is much wider than you), or pestimistic (if we fail as a species, our successors may not have enough time to evolve.)
Hey, historically-challenged dude, early smallpox vaccines (which used live smallpox virus, not cowpox) WAS only used by the rich. They were the only ones who could afford to be laid up in bed for a month while the illness ran its course. The poor opposed vaccination since the virus often jumped from the rich to the poor who couldn't afford vaccination.
In Europe this wasn't an issue - smallpox (and its high mortality rate) was a childhood disease. In the Americas it was still a rare disease, and George Washington took a tremendous gamble in vaccinating his troops on reports that the British were planning on spreading smallpox among his troops. This infection subsequently traveled down to Mexico, and back north as far as Southeastern Alaska. It's an interesting question, but totally unanswerable, how many people died in the 19th Century from the aftermath of the American Revolution, vs. the number who died from the US's own infected blankets.
The moral of this story is that global vaccination is best, but in many circumstances a limited vaccination can be nearly as effective. Mandatory vaccination of travellers will do a lot more good than mandatory vaccination of the people who work in the fields. Securing your servers will do a lot more good than securing pockets of desktop machines.
In this job market, forget trying to get an entry level position. Why would anyone bother with somebody with no pertinent experience when there are plenty of people with years of experience available and desperate for work?
This depends on your area, of course. The high-tech meccas got hit hardest because of the blind panic in the dot com collapse (where entire programs were abruptly terminated, often leaving very senior people jobless), if he's someplace everyone else fled years ago he won't have as much competition as he would in the major cities.
Hell, why worry about the occasional dist that you download?
How would you feel about sending some money towards N'Sync each and every day because you use CD-R for daily incremental backups?
Sure, you could use CD-RWs, but that requires you to track them, blank them, etc. With a CD-R you can just label them and toss them into the archive vault.
Of course that pimple-faced kid buying a 100-pack at Costco is probably not using them for backups. But so what? Do I have to spend a week in jail every week because some rapists went unpunished? Do I have to spend two weekends picking up trash, under court supervision, because some drunk drivers went uncaught? Then why do I have to pay this "pirating" tax on media destined to archive my source code and mail box?
Well, technically they can. But the public, including that rent-a-cop in the convenience store, can only detain a person 1) if they witnessed a crime and 2) to turn them over to a sworn police officer at the earliest possible time. If either piece is missing, you can nail them for "false arrest." This is an important thing to remember if you're ever (wrongly) accused of shoplifting - demand a real cop, *now*, to either arrest you or release you. If they refuse to call the cops... life will soon get *very* interesting.
Even those bounty hunters have limited rights. They can detain someone who signed the bond papers, but there are some well-documented cases where the bounty hunters were prosecuted for kidnapping after detaining the wrong person and failing to exercise due diligence in verifying the identity of that person.
But sworn police officers can detain people even if the officer didn't witness a crime. They can detain people even if there's no witnesses at hand, e.g., if they reasonably believe that the person is the subject of an arrest warrant issued by another jurisdiction.
The cost of a false positive in a convenience store is minimal. They think you're a shoplifter because of their face recognition software? Fine, you walk away and shop at another store where they're more careful with their accusations.
But a false positive with a police officer may have you arrested, at gunpoint, and detained for hours or days until you can prove that you aren't the escaped mass murderer you resemble.
(IANAL, but this is stuff that should be required knowledge for a walking around on the street!)
If I understand the way the system worked, everyone had 64-bit keys. However the 'international' version always set 24 bits to known values. I use quotes because many companies didn't want to bother tracking two different packages and sold 'international' encryption everywhere.
This is straightforward because your "password" is not your encryption key. The key is generated by encrypting the password with itself (skipping a *lot* of details) and the ciphertext is the encryption key. It's trivial to add another step that replaces some of these bits with known values. As long as the same password->encryption key algorithm is used the user will never know this happened.
(It's worth nothing that DES 64-bit keys are actually 56-bits of real key, the rest is parity. I don't know if the 40-bit keys were true 40 bits, or if they were as few as 32-bits of real key.)
As an aside, you're confusing the geographic and legal definitions of "North America." The US and Canada have very similar cultures since both are former British colonies which absorbed earlier French colonies (Quebue, Louisiana). Mexico and points south, former Spanish colonies, might be on the same side of the equator but have a very different culture.
This is only a problem if they're using their own "very special" cryptography, e.g., the ever popular "xor with passphrase and a counter." For some odd reason that's used in several products -- and can be easily cracked with some commercial products.
If the crypto was done right, the message was compressed and then encrypted in "chaining" mode with DES, 3DES, IDEA, AES, or a similar strong cipher. Having known plaintext won't help much in this case.
The issue most of us face isn't somebody actively snooping into our lives at all times, it's our boss taking a peek around our system to try to find some dirt. Nothing criminal, not even acting in bad faith, but a discussion of how much the VP looked like a drunk duck or a dancing Balmer at a "rally the troops" meeting would do nicely in damaging our image with senior management.
Of course the boss could ask IT to search the mail archives kept by the company, but then they would have dirt on him! Nope, much better to make a midnight raid and 'accidently' forward the incriminating message to the topic of discussion late some night....
A while back Sears (IIRC) obtained a list of names and addresses of people who don't want to get junk mail from the that preferences site... and promptly mailed them junk mail about a special offer of interest to people who value their privacy.
They quickly stopped that practice. They had to - they were an easy target for people upset at this perceived misused of the list.
But do you really think that anyone making criminal solications will give a damn about what people will say after they misuse a central list of valid email addresses? Even if the list is covered by a law that provides an automatic $500 judgement, good luck collecting it. You don't think they're going to start sending spam from *their* accounts, do you?
Oh joy. I guess nobody remembered that it's well documented that many people have an exaggerated startle response. It's not a matter of fear, or drug use, or fatigue, or anything else other than some messed up wiring in our brains.
Note the word "our" - I know about this because I have it. If somebody knocks on my door, and I'm expected them, I'm fine. If someone knocks on my door and I'm not expecting anyone, my heart is pounding (elevated pulse and blood pressure) for an hour.
I, and others, can often compensate for this by becoming hyperaware of our environment. If you catch movement out of the corner of your eye, you aren't as startled when they suddenly make a loud noise. But in a busy environment like an airport, we're always stressed out.
Re:Once more, for all the slow JBT's.
on
The Eyes Have It
·
· Score: 2
Polygraphs are fairly successful at intimidating the generally honest, but the hardcore criminals and foreign agents know they're worthless.
Worse, there are enough idiots in high places who prefer to believe in magic than science that they'll redirect the efforts away from hard evidence that points to the real bad guys, and focus instead on the innocents who just had a bad day that first time around. Many people consider this the most damaging side-effect of the belief in lie detectors - few LEAs can afford to waste time chasing down false leads or ignoring real ones.
The best analogy isn't to seatbelts, it's to a flawed airbag that deploys during slow collisions (giving many drivers unnecessary black eyes and broken arms), but which regularly fails to deploy in high-speed collisions where you need it the most.
Obviously all salary and overhead figures will depend on the local market - there will be a huge difference in the price of talent in San Francisco (esp. in 1999 or early 2000) vs. Cleveland.
Likewise support requirements can vary widely depending on the local policies - Mac and Unix overhead is generally less because users can be expected to do some of the work for themselves. If you have knowledgable users - and management that doesn't fear them - you don't need as many MCSEs. If management fears its employees (I remember one shop where they panicked because a friend locked his screen when he went to lunch), you'll need a lot more support staff because they are required for everything.
The key point is unchanged - the salary costs dwarf the costs of the basic software license. Microsoft tends to push the fact that Unix people tend to be more expensive, we counter by pointing out that fewer Unix people are required. Worrying about a few thousand dollars for a license misses the point.
As for server licenses - what do they cost now? Specifically, I remember a friend having to fight a battle over databases - Oracle wanted something close to a quarter million, MSSQL was about half that but required converting servers to NT/W2K and (iirc) there was a lot of uncertainty over the number of CALs required.
First off, if you think that the copy of XP that came bundled with your new system is "free" you are an idiot. The OEM paid MS a significant amount of money (the exact amount is never disclosed, but believed to be in the $100-$200 range) and it's passed on to the consumer. Same as the cost of the hard disks, memory, CD or DVD drive, etc.
But on the main point, your $500 retail copy of XP-server gives you the right to set up a server. But not to use it - that requires a client license. For every service. You want a database? Again, you need a license - and MSSQL is expensive. Plus client licenses. Ditto upgrades to the back office (exchange), IIS, etc.
I haven't seen price comparisons for XP vs. Linux, but I seem to recall that a Win2K server set up for a reasonably sized workgroup would cost $100k and up by the time you had all necessary licenses. In contrast, that $3000 HP charges for their distribution (which includes their own proprietary tools) is pretty cheap.
P.S., maybe you can find a NT MCSE who doesn't drool, but other studies have shown that you better have one MCSE for every 5 users or so. Your 100-person workgroup will need 20 MCSEs to keep it working. In contrast, the average load on Unix sysadmins in 20- to 100- users per admin (depending on the shop) - you'll need 2-5 unix admins to support the same workgroup. (You need at least 2 to cover vacations, illness, etc.)
Assuming each person costs $150k/year (salary, benefits, overhead), the unix shop costs $300k-750k to support. The Windows shop will cost $3 million to support.
It's not a double standard when you're discussing different things.
The Mac/Linux/*BSD crowd, overall, just tries to point out that the emperor has no clothes. In response, the naked emperor demands that everyone close their eyes. (Consider MS's recent position regarding the disclosure of vulnerabilities. I know, MS is targeted because it's more popular... so explain how IIS has more exploits than Apache even though the latter is far more widely used?)
MS, in contrast, has a repeated track record of funding and trumpeting skewed tests. The Netcraft "study," for example, had the best minds in MS on hand to tune the server. The Linux system, in contrast, warranted a single vague post to the incorrect newsgroup - they didn't even bother contacting Red Hat to inform them of the tests.
Unfortunately, the other major chain (Barnes & Nobel) has decided that constant mass mailings aren't really spamming, not even after I have repeatedly asked them to stop and threatened to boycott them if they don't, since I bought a book from them online once.
So no more Barnes & Nobel. If I'm in the area I'll hit the Tattered Cover (which is a far better bookstore than either of the other two), but it's too inconvenient for routine use.
So do I choose the chain that sh*ts on its employees, or sh*ts on its customers? What a choice....
Hmm... on the one hand you have large rooms lit by the standard el cheapo fluorescent tubes. On the other hand you have a bunch of educated people prefering darkness to bad illumination.
Think it's just a coincidence?
Now toss in the fact that most monitor's (and all TVs) are "hot" - they're far more blue than they should be since it's a cheap way for the manufacturer to make them look "bright." (That's also why rooms with TVs look blue from outside.) Better monitors allow you to adjust the "color temperature", but most people don't know about this control or find a cooler temperature "dull."
This means that people who work in front of a screen are getting hit with excess blue, and the overhead fluorescent lights also have excess blue.
Still think it's just a coincidence?
Personally, I wouldn't mind seeing OSHA mandates that overhead lights be full-spectrum and monitors be adjustable to the natural temperature (6500K?). It takes a few days to get used to it, but it's a lot more comfortable.
This is rather ironic in light of a recent Colorado Supreme Court decision. I don't know the details - just a quick blurp on the evening news - but in the past few weeks the CSC ruled a case where a woman sued for "invasion of privacy" after a financial fraud newsletter discussed her 2-year-old conviction for financial crimes.
The court held that the story was still newsworthy, so she had no protection. However outside of legitimate news stories and the like, everyone else has the right to control ALL uses of their name and likeness in this state. This is far stricter than in every other state...
Given this ruling, all of this "information sharing" may now be considered an "invasion of privacy" in this state. If I pay hard cash for an unpublished (not just unlisted) number, I think I can reasonably consider all other optional services to be equally private.
Name one court that has actually found click-thru "contracts" to be binding.
Seriously, there's a damn good reason why UCITA explicitly states that "click-thru" licenses are enforceable - few if any courts have found them acceptable in the past. At best they were "just" mandatory (don't like the license, then don't use the software... but you will NEVER get a refund under any circumstances). At worst they were so "abusive" as to shock the sensibilities of any court that looked at the contract.
I read someplace (Knuth? Burke?) that this rule was invented long after ancient times. For most of the empire there was only addition - with the symbols often "out of order" to modern eyes, and even after the subtractive rule was introduced there are some truly bizarre constructions found in the ruins. Not only would the ancients use MIM for 1999, they were just as likely to use IMM.
Slashdot Mirror
You have a right to travel. That is to say, you can walk. (Hey, how do you think the early settlers in California got there?) You can take a taxi. Hop on the bus. Bum a ride from a friend. Stick out your thumb where permitted.
You even have the right to drive your car around your own property in whatever manner you want, including blind drunk, as long as you don't cross onto public property, other's property, or recklessly endanger others.
What you don't have is the *right* to hop into the left seat of that 747 and fly it to Vegas yourself, not even if you're a qualified pilot. You don't have the right to drive the bus. Or your SUV, or even (in some areas) ride a bike on the city streets if 1) you haven't demonstrated your basic proficiency and 2) you haven't demonstrated your ability to avoid being a threat to others.
I do NOT like the idea of turning a DL into a "good citizenship award, e.g., revoking the license if someone is behind on child support payments. This is not directly related to public safety and should be uncoupled.
But at the same time, I support mandatory prison time for anyone caught driving while their license is suspended for being a hazard to others. Hell, give people life sentences without parole for their second DUI resulting in death. When I hear about some Bubba with 16 DUI convictions, including 5 resulting in deaths, I start thinking about death penalties... for the government officials who let this idiot back on the road. I doubt they would be equally sanguine about someone who just punched strangers at random even when on parole for earlier assaults.
SSN cards aren't proof of citizenship since anyone who works in this country (with a few exceptions) is required to pay into the system, pay Federal income taxes, etc.
This doesn't affect tourists or students, who are legally prohibited from working, but it does affect resident aliens.
Have you looked at libnss-ldap? Install that, set up your /etc/nsswitch.conf file to refer to ldap in addition to your other resources, and all well-behaved programs (re: that use the NSS routines in glibc instead of attempting to modify /etc/whatever directly) should update the LDAP records.
Let's make a quick visit to an alternative earth. During the Gulf War, satellites observed a brilliant flash over the Pacific Ocean (iirc) due to a small impact event that resulted in a high-altitude air burst.
In this alternative earth the object had a slightly different orbit, so it impacted near US troops. It was also slightly larger, large enough to create a small crater, but nothing like "Meteor Crater" in Arizona.
In this alternative earth, in the confusion of a conventional war the US (and the rest of the world) concluded that Iraq used a nuclear weapon against US forces. The US (and other nuclear powers), fearing that other weapons of mass destruction were being prepared for use, acted to knock out these weapons first. The death toll was in the high millions, but it was considered a bargain since it saved billions. Or so they thought, when they thought a biological weapon attack would soon follow.
Now let's fast forward to Sept. 11th. Imagine a small impact over a North American or European city in immediate aftermath of the 9/11 attacks, an impact initially indistinguishable from a nuclear detonation.
THAT is why even small impacts matter. History is full of large-scale human events being triggered by "one-in-a-million" chance events.
No, there's a huge difference between the existing nuclear powers and India and Pakistan.
The existing nuclear powers have extensive C3I systems in place. (C3I = command, control, communications and intelligence.) We know, from having suicidal soldiers with access to nukes and from transportation accidents to take the threat posed by own people seriously. E.g., do you know how many nuclear weapons are known to be missing, and the circumstances around their loss?
That's why our nukes (except for the Soviet "doomsday" system) have so many safeguards built into them. A pod requires at least two people to vote to launch... and both people have to vote to launch. A missile launch requires two pods to vote to launch, but it will stay in the silo if a third votes to veto. (A 3-1 vote will launch). Missiles can require multiple votes. Warhead PALS can require access codes, permanently disabling the warhead if the incorrect code is entered.
India and Pakistan, in contrast, haven't developed the same level of C3I. I'm sure that there's been a lot of under-the-table technology transfer to both countries, but there's still a lot more concern about a rogue agent getting ahold of the weapons and subsequently using them.
There are also some deadlines for any species that follow us. E.g., the earth has had fairly consistent temperatures even though the sun has been getting brighter because CO2 was getting locked up by life and other geological processes. So the amount of greenhouse gases have tended downward over time.
So far so good, but there's little CO2 left to remove from the atmosphere. As it continues to drop, we'll lose trees. No trees, no wood for construction projects. A bit latter, we'll lose even bushes and shrubs - the only form of plant life will be grasses.
Over an even longer timeframe (250 MY?), we'll hit a "wet greenhouse" phase. Hot oceans release more water vapor, which initially produces clouds that reflect sunlight. But this only goes so far, eventually the "water vapor as greenhouse gas" effect will dominate the "water vapor as bright white clouds" effect and the oceans will boil. This eventually leads to a "dry greenhouse" like Venus.
I'm not sure whether I'm optimistic (I think our window is much wider than you), or pestimistic (if we fail as a species, our successors may not have enough time to evolve.)
Hey, historically-challenged dude, early smallpox vaccines (which used live smallpox virus, not cowpox) WAS only used by the rich. They were the only ones who could afford to be laid up in bed for a month while the illness ran its course. The poor opposed vaccination since the virus often jumped from the rich to the poor who couldn't afford vaccination.
In Europe this wasn't an issue - smallpox (and its high mortality rate) was a childhood disease. In the Americas it was still a rare disease, and George Washington took a tremendous gamble in vaccinating his troops on reports that the British were planning on spreading smallpox among his troops. This infection subsequently traveled down to Mexico, and back north as far as Southeastern Alaska. It's an interesting question, but totally unanswerable, how many people died in the 19th Century from the aftermath of the American Revolution, vs. the number who died from the US's own infected blankets.
The moral of this story is that global vaccination is best, but in many circumstances a limited vaccination can be nearly as effective. Mandatory vaccination of travellers will do a lot more good than mandatory vaccination of the people who work in the fields. Securing your servers will do a lot more good than securing pockets of desktop machines.
In this job market, forget trying to get an entry level position. Why would anyone bother with somebody with no pertinent experience when there are plenty of people with years of experience available and desperate for work?
This depends on your area, of course. The high-tech meccas got hit hardest because of the blind panic in the dot com collapse (where entire programs were abruptly terminated, often leaving very senior people jobless), if he's someplace everyone else fled years ago he won't have as much competition as he would in the major cities.
Hell, why worry about the occasional dist that you download?
How would you feel about sending some money towards N'Sync each and every day because you use CD-R for daily incremental backups?
Sure, you could use CD-RWs, but that requires you to track them, blank them, etc. With a CD-R you can just label them and toss them into the archive vault.
Of course that pimple-faced kid buying a 100-pack at Costco is probably not using them for backups. But so what? Do I have to spend a week in jail every week because some rapists went unpunished? Do I have to spend two weekends picking up trash, under court supervision, because some drunk drivers went uncaught? Then why do I have to pay this "pirating" tax on media destined to archive my source code and mail box?
Your local convenience store can't detain you.
Well, technically they can. But the public, including that rent-a-cop in the convenience store, can only detain a person 1) if they witnessed a crime and 2) to turn them over to a sworn police officer at the earliest possible time. If either piece is missing, you can nail them for "false arrest." This is an important thing to remember if you're ever (wrongly) accused of shoplifting - demand a real cop, *now*, to either arrest you or release you. If they refuse to call the cops... life will soon get *very* interesting.
Even those bounty hunters have limited rights. They can detain someone who signed the bond papers, but there are some well-documented cases where the bounty hunters were prosecuted for kidnapping after detaining the wrong person and failing to exercise due diligence in verifying the identity of that person.
But sworn police officers can detain people even if the officer didn't witness a crime. They can detain people even if there's no witnesses at hand, e.g., if they reasonably believe that the person is the subject of an arrest warrant issued by another jurisdiction.
The cost of a false positive in a convenience store is minimal. They think you're a shoplifter because of their face recognition software? Fine, you walk away and shop at another store where they're more careful with their accusations.
But a false positive with a police officer may have you arrested, at gunpoint, and detained for hours or days until you can prove that you aren't the escaped mass murderer you resemble.
(IANAL, but this is stuff that should be required knowledge for a walking around on the street!)
If I understand the way the system worked, everyone had 64-bit keys. However the 'international' version always set 24 bits to known values. I use quotes because many companies didn't want to bother tracking two different packages and sold 'international' encryption everywhere.
This is straightforward because your "password" is not your encryption key. The key is generated by encrypting the password with itself (skipping a *lot* of details) and the ciphertext is the encryption key. It's trivial to add another step that replaces some of these bits with known values. As long as the same password->encryption key algorithm is used the user will never know this happened.
(It's worth nothing that DES 64-bit keys are actually 56-bits of real key, the rest is parity. I don't know if the 40-bit keys were true 40 bits, or if they were as few as 32-bits of real key.)
As an aside, you're confusing the geographic and legal definitions of "North America." The US and Canada have very similar cultures since both are former British colonies which absorbed earlier French colonies (Quebue, Louisiana). Mexico and points south, former Spanish colonies, might be on the same side of the equator but have a very different culture.
This is only a problem if they're using their own "very special" cryptography, e.g., the ever popular "xor with passphrase and a counter." For some odd reason that's used in several products -- and can be easily cracked with some commercial products.
If the crypto was done right, the message was compressed and then encrypted in "chaining" mode with DES, 3DES, IDEA, AES, or a similar strong cipher. Having known plaintext won't help much in this case.
You've been watching too many spy movies...
The issue most of us face isn't somebody actively snooping into our lives at all times, it's our boss taking a peek around our system to try to find some dirt. Nothing criminal, not even acting in bad faith, but a discussion of how much the VP looked like a drunk duck or a dancing Balmer at a "rally the troops" meeting would do nicely in damaging our image with senior management.
Of course the boss could ask IT to search the mail archives kept by the company, but then they would have dirt on him! Nope, much better to make a midnight raid and 'accidently' forward the incriminating message to the topic of discussion late some night....
A while back Sears (IIRC) obtained a list of names and addresses of people who don't want to get junk mail from the that preferences site... and promptly mailed them junk mail about a special offer of interest to people who value their privacy.
They quickly stopped that practice. They had to - they were an easy target for people upset at this perceived misused of the list.
But do you really think that anyone making criminal solications will give a damn about what people will say after they misuse a central list of valid email addresses? Even if the list is covered by a law that provides an automatic $500 judgement, good luck collecting it. You don't think they're going to start sending spam from *their* accounts, do you?
Oh joy. I guess nobody remembered that it's well documented that many people have an exaggerated startle response. It's not a matter of fear, or drug use, or fatigue, or anything else other than some messed up wiring in our brains.
Note the word "our" - I know about this because I have it. If somebody knocks on my door, and I'm expected them, I'm fine. If someone knocks on my door and I'm not expecting anyone, my heart is pounding (elevated pulse and blood pressure) for an hour.
I, and others, can often compensate for this by becoming hyperaware of our environment. If you catch movement out of the corner of your eye, you aren't as startled when they suddenly make a loud noise. But in a busy environment like an airport, we're always stressed out.
Worse, there are enough idiots in high places who prefer to believe in magic than science that they'll redirect the efforts away from hard evidence that points to the real bad guys, and focus instead on the innocents who just had a bad day that first time around. Many people consider this the most damaging side-effect of the belief in lie detectors - few LEAs can afford to waste time chasing down false leads or ignoring real ones.
The best analogy isn't to seatbelts, it's to a flawed airbag that deploys during slow collisions (giving many drivers unnecessary black eyes and broken arms), but which regularly fails to deploy in high-speed collisions where you need it the most.
Obviously all salary and overhead figures will depend on the local market - there will be a huge difference in the price of talent in San Francisco (esp. in 1999 or early 2000) vs. Cleveland.
Likewise support requirements can vary widely depending on the local policies - Mac and Unix overhead is generally less because users can be expected to do some of the work for themselves. If you have knowledgable users - and management that doesn't fear them - you don't need as many MCSEs. If management fears its employees (I remember one shop where they panicked because a friend locked his screen when he went to lunch), you'll need a lot more support staff because they are required for everything.
The key point is unchanged - the salary costs dwarf the costs of the basic software license. Microsoft tends to push the fact that Unix people tend to be more expensive, we counter by pointing out that fewer Unix people are required. Worrying about a few thousand dollars for a license misses the point.
As for server licenses - what do they cost now? Specifically, I remember a friend having to fight a battle over databases - Oracle wanted something close to a quarter million, MSSQL was about half that but required converting servers to NT/W2K and (iirc) there was a lot of uncertainty over the number of CALs required.
First off, if you think that the copy of XP that came bundled with your new system is "free" you are an idiot. The OEM paid MS a significant amount of money (the exact amount is never disclosed, but believed to be in the $100-$200 range) and it's passed on to the consumer. Same as the cost of the hard disks, memory, CD or DVD drive, etc.
But on the main point, your $500 retail copy of XP-server gives you the right to set up a server. But not to use it - that requires a client license. For every service. You want a database? Again, you need a license - and MSSQL is expensive. Plus client licenses. Ditto upgrades to the back office (exchange), IIS, etc.
I haven't seen price comparisons for XP vs. Linux, but I seem to recall that a Win2K server set up for a reasonably sized workgroup would cost $100k and up by the time you had all necessary licenses. In contrast, that $3000 HP charges for their distribution (which includes their own proprietary tools) is pretty cheap.
P.S., maybe you can find a NT MCSE who doesn't drool, but other studies have shown that you better have one MCSE for every 5 users or so. Your 100-person workgroup will need 20 MCSEs to keep it working. In contrast, the average load on Unix sysadmins in 20- to 100- users per admin (depending on the shop) - you'll need 2-5 unix admins to support the same workgroup. (You need at least 2 to cover vacations, illness, etc.)
Assuming each person costs $150k/year (salary, benefits, overhead), the unix shop costs $300k-750k to support. The Windows shop will cost $3 million to support.
It's not a double standard when you're discussing different things.
The Mac/Linux/*BSD crowd, overall, just tries to point out that the emperor has no clothes. In response, the naked emperor demands that everyone close their eyes. (Consider MS's recent position regarding the disclosure of vulnerabilities. I know, MS is targeted because it's more popular... so explain how IIS has more exploits than Apache even though the latter is far more widely used?)
MS, in contrast, has a repeated track record of funding and trumpeting skewed tests. The Netcraft "study," for example, had the best minds in MS on hand to tune the server. The Linux system, in contrast, warranted a single vague post to the incorrect newsgroup - they didn't even bother contacting Red Hat to inform them of the tests.
Unfortunately, the other major chain (Barnes & Nobel) has decided that constant mass mailings aren't really spamming, not even after I have repeatedly asked them to stop and threatened to boycott them if they don't, since I bought a book from them online once.
So no more Barnes & Nobel. If I'm in the area I'll hit the Tattered Cover (which is a far better bookstore than either of the other two), but it's too inconvenient for routine use.
So do I choose the chain that sh*ts on its employees, or sh*ts on its customers? What a choice....
Hmm... on the one hand you have large rooms lit by the standard el cheapo fluorescent tubes. On the other hand you have a bunch of educated people prefering darkness to bad illumination.
Think it's just a coincidence?
Now toss in the fact that most monitor's (and all TVs) are "hot" - they're far more blue than they should be since it's a cheap way for the manufacturer to make them look "bright." (That's also why rooms with TVs look blue from outside.) Better monitors allow you to adjust the "color temperature", but most people don't know about this control or find a cooler temperature "dull."
This means that people who work in front of a screen are getting hit with excess blue, and the overhead fluorescent lights also have excess blue.
Still think it's just a coincidence?
Personally, I wouldn't mind seeing OSHA mandates that overhead lights be full-spectrum and monitors be adjustable to the natural temperature (6500K?). It takes a few days to get used to it, but it's a lot more comfortable.
This is rather ironic in light of a recent Colorado Supreme Court decision. I don't know the details - just a quick blurp on the evening news - but in the past few weeks the CSC ruled a case where a woman sued for "invasion of privacy" after a financial fraud newsletter discussed her 2-year-old conviction for financial crimes.
The court held that the story was still newsworthy, so she had no protection. However outside of legitimate news stories and the like, everyone else has the right to control ALL uses of their name and likeness in this state. This is far stricter than in every other state...
Given this ruling, all of this "information sharing" may now be considered an "invasion of privacy" in this state. If I pay hard cash for an unpublished (not just unlisted) number, I think I can reasonably consider all other optional services to be equally private.
Name one court that has actually found click-thru "contracts" to be binding.
Seriously, there's a damn good reason why UCITA explicitly states that "click-thru" licenses are enforceable - few if any courts have found them acceptable in the past. At best they were "just" mandatory (don't like the license, then don't use the software... but you will NEVER get a refund under any circumstances). At worst they were so "abusive" as to shock the sensibilities of any court that looked at the contract.
I read someplace (Knuth? Burke?) that this rule was invented long after ancient times. For most of the empire there was only addition - with the symbols often "out of order" to modern eyes, and even after the subtractive rule was introduced there are some truly bizarre constructions found in the ruins. Not only would the ancients use MIM for 1999, they were just as likely to use IMM.
The original poster didn't say he got his first real job at 14, he said he had "5 years of experience." That's a very different thing.