To put it another way, if there were millions of people who had taken out ridiculous loans to buy McLarens and Lamborghinis, and then came crying to the public that their cars were being repossessed, and could they please have some of your tax money to pay off their car loans, the response would be a resounding, "Fuck off and die."
Not exactly. If there were some kind of bailout for the actual people who are being made homeless by this mess, then you might have a point. But the bailout is, as always, going to go to the oligarchs who grew fat off this scam and are now losing their shirts. In your analogy, the homeowners will still lose their houses--thus satisfying your crowd--but the lenders will certainly not be homeless.
I duly await your outrage about something that's actually happening, rather than the hypothetical idea that poor people are going to get away with something.
It's terribly sad that the battles fought against laissez-faire capitalism were won so long ago that many--you, for example--have forgotten why they were fought in the first place. The system you aspire to will incontrovertibly result in massive concentration of wealth; it ends in neo-feudalism, with a wealthy few imprisoned in gated communities, surrounded by an endless ocean of the desperately impoverished. If you think that you'd end up in the first class, you're a fool; if you think you'd end up in the second and still agitate for that situation, you're a useful idiot. And if you'd want to live as an oligarch, you're a sociopath.
First of all, not contributing them towards the libc's is sociopathic behaviour (I want only my app to benefit, everyone else go suck bricks sidewise through a thin straw).
Why is it his problem? Sure, it would have been nice for him to write patches for glibc, but what was preventing anyone else from looking at his implementations and pasting them into glibc? Why does it make him a sociopath for not trying to navigate the patch-submission process for glibc--which, given his legendary crankiness, would hardly guarantee that his implementations would get in there in the first place, or stay in there once submitted? I'm unfamiliar with the details of the former qmail license, but it seemed to only prevent people from modifying qmail and redistributing it.
Also, I'm not familiar with the qmail source; what are some of the wheels that djb reinvented?
I have four sets of keys on my machine--keys for SSH, for PGP, for WASTE and for OTR. Why does every app using encryption insist on using its own wrappers for public keys? What's wrong with the infrastructure already present in the OpenPGP standards?
They say all pilots dream of being birds. I'm not sure that's true, but in a way that's what happened to me.
I was still in the glass box but in a way I was back out of it; my perceptual environment was no more real than the simulation I'd built inside but now the signals came from real sensors and cameras. I wasn't just flying the helicopter; I was the helicopter. The parts of my mind that weren't concerned with flying and navigation had been carefully edited away.
I suppose that sounds horrible. It isn't. I have a job to do, an important job, and doing it makes me feel both proud and content. I'm not distracted by anything else. When I'm not needed in flight I sleep, more deeply and peacefully than I ever did as a biological human. And when I'm called I flex my rotors and dance with a speed and grace I could have only dreamed of as a human.
Nobody verifies SSH host keys.
on
Spying On Tor
·
· Score: 2, Insightful
So does SSH. It's the server fingerprint. Much like a certificate, unless you have knowledge of what it should be prior to the connection, it's hard to know you're compromised. The problem is exacerbated by inexperienced users, but fundamentally it's the issue of trusting an unknown set of credentials.
No, it's not the same. Server certificates are signed by a trusted root CA; the public key for that CA is distributed out-of-band on your operating system's installation media. You can reasonably trust that whoever you're connecting to at least went to the trouble to fool the CA.
On the other hand, SSH host keys are signed by nobody; there's no infrastructure in place to allow, for example, your sysadmin to sign SSH host keys using his own PGP mail keys, which you trust via the web-of-trust in place for that. No, you have to maintain your PGP keys and SSH keys separately, for no damned good reason, and we all just hope and pray that our SSH sessions aren't being jacked the first time we connect--and if we are jacked, we blame ourselves rather than the system that makes such stupidity practically mandatory. It's utter insanity, and it's amazing that we all put up with it.
Wait, why would a failure to use DNSSEC matter? Doesn't DNSSEC rely on the idea that registrars will act as CAs and sign records for their respective TLDs? Isn't that something that hasn't yet happened, making DNSSEC records worse than useless at this point?
Tor anonymizes the origin of your traffic, and it encrypts everything inside the Tor network, but it can't encrypt your traffic between the Tor network and its final destination. If you are communicating sensitive information, you should use as much care as you would on the normal scary Internet -- use HTTPS or other end-to-end encryption and authentication.
The link goes to an explanation saying that you should use end-to-end encryption if you want to do more than just hide the source of your traffic. It's written in plain english, and it's fairly prominently featured on the front page. What's the problem?
You're mushing two things together which are massively different in scale, if not in nature. Total paranoia is utterly useless; there are different levels of likelihood for a security breach depending on what you do. If you transmit data in plaintext, it's possible that nobody will be paying attention. If you use GPG, it's possible someone is TEMPESTing you to get around that. We use different methods to achieve different degrees of security. Lumping everything you didn't make from scratch yourself into "it's about trust" is silliness.
The taxpayers will only hold still for a certain amount of screwing. We won't continue to fund every scheme somebody dreams up.
The taxpayers don't fund every scheme somebody dreams up; ask anybody working in basic research how easy it is to get their proposals funded. The IFR, in 1992, made up "most of this year's $167.7 million engineering research budget". (Total budget for that year was under $400 million for that lab.) The federal budget for that year was something like one and a half trillion dollars. We blow ten billion dollars a month in Iraq, which is roughly a thousand times the rate at which money was spent on the IFR program. (Clearly, "the taxpayers" will put up with a lot.) If you're worried about funding nutball schemes, it would be more cost-effective to tackle starry-eyed proposals for transforming the Middle East into Happy Pro-U.S. Democracy Funland than to pick on physicists and on a research tack which wasn't even open-ended basic research, but applied research aimed at producing a particular mechanism. At least the IFR program didn't kill anybody.
Or if you want to pick on research, pick on the NCCAM; that's what you get when you fund every scheme somebody dreams up.
The fact that we've continued to fund Fusion research, now into it's - at least - 40th year with no payback in sight continues to amaze me. And it's only because the payback may be so great that we do so, decade in and decade out.
Well, yeah. The majority of basic research doesn't produce results, but some of it does. Consider the National Cancer Institute's survey of thousands of plant compounds for potential anticancer properties; the vast majority came back negative, but one didn't, and that led to the discovery of a new and highly useful class of chemotherapy agents. Comparing basic research to seed corn is rather cliché, but it's quite apt.
Some great things come out of academic research, but others are a huge money sink and have to be whacked. If it is so great, good chance somebody else will pick it up and carry on.
I have an idea; you should like it. The local firehouse has an old, broken down fire engine, but they've recently received as a donation a very nice, new, shiny one. There was some consternation about what to do with the two engines, but it was decided that the old engine should be taken to false alarms, and the new engine should be used for actual fires.
More seriously, there already exists a system to determine what gets funded and what gets whacked; it's called the grant application process. You seem to be complaining that researchers don't know ahead of time what the results will be. I'm a bit confused as to why you would imagine things to be otherwise.
Trusting that Hushmail isn't doing wacky things with information you send them is a far, far cry from trusting that there are no backdoors built into PGP. You have only Hushmail's word to go with in the former case, but PGP and GPG have both been extensively audited and reviewed; you (or more accurately, someone with the time and inclination to do so) can look at the code from top to bottom, which isn't the case with a web-based service like Hushmail that you're trusting with your goodies.
Don't forget that you have to verify your public key out-of-band with anyone who you want to communicate with, and vice versa. If not, you can quite easily be man-in-the-middle'd.
I just can't imagine sticking my PGP key and passphrase anywhere near my web browser. Sure, I use NoScript and all that jazz, but browsers are some of the most insecure programs in existence. Encryption keys are supposed to be kept as secure as possible; it strikes me as insane to let them touch the swiss-cheesiest app on the machine.
No, there are no designs that don't produce long-lived waste. The IFR concept which you referenced never got beyond a small-scale prototype stage.
Because it was canned due to political concerns--it was at the time a very promising project, and we'd have had a full-scale prototype for more than a decade by now if it hadn't gotten canned.
Pointing to that as a 'design' that doesn't produce long-lived waste is incorrect and misleading since, at best, it only reduces the waste volume.
From the FAQ: "Some constituents of the waste from thermal reactors remain appreciably radioactive for thousands of years, leading to 10,000-year stability criteria for disposal sites. [...] With IFR waste, the time of concern is less than 500 years." I've seen different numbers put forward in different articles, but the theme seems to be that the waste remains dangerous for centuries rather than tens or hundreds of thousands of years, this being a primary difference between the IFR design and other reactor types. By what basis do you claim that "at best, [the IFR] only reduces the waste volume", and by what basis do you claim that the waste is as long-lived as that from current reactors?
More importantly, there are many years of development needed before it would even be known if the IFR concept were operationally feasible.
"... Argonne National Laboratory, which was about three years from finishing a study that was expected to establish firmly the technical and economic practicality of the concept." I suppose "three" is kind of like "many". Either way, if (as I pointed out previously) it hadn't been cancelled when it was, we'd have had an answer to the feasibility question during the Clinton administration.
The Integral Fast Reactor produces a comparatively small amount of waste (the designers guess estimate than a ton per gigawatt of power per year), and the waste itself is no more radioactive than uranium ore after about two hundred years (as opposed to thousands or millions of years).
After the project was nearly ready for production, it was torpedoed largely by John Kerry and Hazel O'Leary. This wasn't a partisan thing; two of the biggest backers were Richard Durbin and Carol Moseley Braun. It's one of the biggest wallbangers in political history that I can think of. I am at a loss as to why anyone is considering building a reactor on any other design.
Generally speaking, it takes more labor to build a device than it does to fix it. Therefore, one would think, it would be cheaper to fix than to replace a broken device. But when device-construction labor is done halfway across the globe by slave laborers, and device-repair work is done by locals who have to pay the same cost of living that the device's owner does, then that assumption breaks down.
It's a distortion of the market brought on by capital being far more mobile than labor, that's all.
Implement only a subset of protocols, ignore the parts that you don't like, or might be insecure or are too boring to implement. Bonus points if you ignore actual features depended on by the users.
I was under the impression that Bernstein's tools tended to take the RFC term "MAY" very literally, and don't always follow instructions that they don't have to. Is there an existing part of a protocol in question (SMTP or DNS) which a purportedly compliant tool (qmail or djbdns) fails to implement completely as defined by the RFC?
Double bonus, if you manage to make it non interoperable by nazi-strict implementation of protocol,
This kind of seems to contradict the above. This may sound naive, but isn't it the nonconforming software's problem if it's emitting illegal data?
The robots.txt exclusion excluded all of the files in the images/ directory; what this means is that the Internet Archive doesn't actually have those files archived. Drat, and double drat. The catalog is there, which may mean that you can find out who uploaded what and possibly contact them, or discover the source that a file came from, but it's nowhere near as useful as the resource itself. The US-only files on imslpforums.org/files are down at the moment, and the Wayback Machine appears to have archived few if any of them. You might be able to find something at the old list of other music score websites, but that's about all.
Well, there's always the Internet Archive. Until, I suppose, they take that down. (Apart from the searching not working, you should be able to get to pretty much everything by browsing.) There are nearly nine thousand scores up on the last available snapshot. It's pretty slow, but it's there.
Project Gutenberg is US-based. Project Gutenberg Canada might be willing to help, but I don't think they have anything like the resources that the main branch does.
Slashdot Mirror
I duly await your outrage about something that's actually happening, rather than the hypothetical idea that poor people are going to get away with something.
It's terribly sad that the battles fought against laissez-faire capitalism were won so long ago that many--you, for example--have forgotten why they were fought in the first place. The system you aspire to will incontrovertibly result in massive concentration of wealth; it ends in neo-feudalism, with a wealthy few imprisoned in gated communities, surrounded by an endless ocean of the desperately impoverished. If you think that you'd end up in the first class, you're a fool; if you think you'd end up in the second and still agitate for that situation, you're a useful idiot. And if you'd want to live as an oligarch, you're a sociopath.
I was disappointed to see this kind of thing modded up. But then I saw that it had been modded funny, and my faith in the system was restored.
Why does it matter that the guy's entry in the database was incorrect? Does that make it more wrong for some nutjob to go all Death Wish on him?
Press release from Answers in Genesis which completely misunderstands the find in 3... 2... 1...
Also, I'm not familiar with the qmail source; what are some of the wheels that djb reinvented?
I have four sets of keys on my machine--keys for SSH, for PGP, for WASTE and for OTR. Why does every app using encryption insist on using its own wrappers for public keys? What's wrong with the infrastructure already present in the OpenPGP standards?
On the other hand, SSH host keys are signed by nobody; there's no infrastructure in place to allow, for example, your sysadmin to sign SSH host keys using his own PGP mail keys, which you trust via the web-of-trust in place for that. No, you have to maintain your PGP keys and SSH keys separately, for no damned good reason, and we all just hope and pray that our SSH sessions aren't being jacked the first time we connect--and if we are jacked, we blame ourselves rather than the system that makes such stupidity practically mandatory. It's utter insanity, and it's amazing that we all put up with it.
(There was once a project to add GPG support to OpenSSH, but it seems to be moribund.)
Wait, why would a failure to use DNSSEC matter? Doesn't DNSSEC rely on the idea that registrars will act as CAs and sign records for their respective TLDs? Isn't that something that hasn't yet happened, making DNSSEC records worse than useless at this point?
But Bernstein is a jerk! Surely we can't use his software!
You're mushing two things together which are massively different in scale, if not in nature. Total paranoia is utterly useless; there are different levels of likelihood for a security breach depending on what you do. If you transmit data in plaintext, it's possible that nobody will be paying attention. If you use GPG, it's possible someone is TEMPESTing you to get around that. We use different methods to achieve different degrees of security. Lumping everything you didn't make from scratch yourself into "it's about trust" is silliness.
Or if you want to pick on research, pick on the NCCAM; that's what you get when you fund every scheme somebody dreams up. Well, yeah. The majority of basic research doesn't produce results, but some of it does. Consider the National Cancer Institute's survey of thousands of plant compounds for potential anticancer properties; the vast majority came back negative, but one didn't, and that led to the discovery of a new and highly useful class of chemotherapy agents. Comparing basic research to seed corn is rather cliché, but it's quite apt. I have an idea; you should like it. The local firehouse has an old, broken down fire engine, but they've recently received as a donation a very nice, new, shiny one. There was some consternation about what to do with the two engines, but it was decided that the old engine should be taken to false alarms, and the new engine should be used for actual fires.
More seriously, there already exists a system to determine what gets funded and what gets whacked; it's called the grant application process. You seem to be complaining that researchers don't know ahead of time what the results will be. I'm a bit confused as to why you would imagine things to be otherwise.
Trusting that Hushmail isn't doing wacky things with information you send them is a far, far cry from trusting that there are no backdoors built into PGP. You have only Hushmail's word to go with in the former case, but PGP and GPG have both been extensively audited and reviewed; you (or more accurately, someone with the time and inclination to do so) can look at the code from top to bottom, which isn't the case with a web-based service like Hushmail that you're trusting with your goodies.
Don't forget that you have to verify your public key out-of-band with anyone who you want to communicate with, and vice versa. If not, you can quite easily be man-in-the-middle'd.
I just can't imagine sticking my PGP key and passphrase anywhere near my web browser. Sure, I use NoScript and all that jazz, but browsers are some of the most insecure programs in existence. Encryption keys are supposed to be kept as secure as possible; it strikes me as insane to let them touch the swiss-cheesiest app on the machine.
There are designs which don't produce long-lived waste. Our lovely government just happened to can the project before it was completed.
The Integral Fast Reactor produces a comparatively small amount of waste (the designers guess estimate than a ton per gigawatt of power per year), and the waste itself is no more radioactive than uranium ore after about two hundred years (as opposed to thousands or millions of years).
After the project was nearly ready for production, it was torpedoed largely by John Kerry and Hazel O'Leary. This wasn't a partisan thing; two of the biggest backers were Richard Durbin and Carol Moseley Braun. It's one of the biggest wallbangers in political history that I can think of. I am at a loss as to why anyone is considering building a reactor on any other design.
Generally speaking, it takes more labor to build a device than it does to fix it. Therefore, one would think, it would be cheaper to fix than to replace a broken device. But when device-construction labor is done halfway across the globe by slave laborers, and device-repair work is done by locals who have to pay the same cost of living that the device's owner does, then that assumption breaks down.
It's a distortion of the market brought on by capital being far more mobile than labor, that's all.
The robots.txt exclusion excluded all of the files in the images/ directory; what this means is that the Internet Archive doesn't actually have those files archived. Drat, and double drat. The catalog is there, which may mean that you can find out who uploaded what and possibly contact them, or discover the source that a file came from, but it's nowhere near as useful as the resource itself. The US-only files on imslpforums.org/files are down at the moment, and the Wayback Machine appears to have archived few if any of them. You might be able to find something at the old list of other music score websites, but that's about all.
Well, there's always the Internet Archive. Until, I suppose, they take that down. (Apart from the searching not working, you should be able to get to pretty much everything by browsing.) There are nearly nine thousand scores up on the last available snapshot. It's pretty slow, but it's there.
Project Gutenberg is US-based. Project Gutenberg Canada might be willing to help, but I don't think they have anything like the resources that the main branch does.