Agreed. Many pundits* are saying that this is the most secretive administration ever, and this just adds another log on the "What are they hiding?" fire. These antics are exactly what everyone was afraid of when Ashcroft was appointed in the first place.
Not really. If your only concern is encrypting/signing mail (and other stuff) within your organization, than the CA only needs to be trusted within your organization. Trust in the CA can be enforced as a condition of employment. This makes PKI practical for many mid size businesses as well, although small businesses should look elsewhere due to the large inital outlay required. If you wish to explicitly trust the PKI of another business than your CA's can issue each other Cross-Certificates.
Also, only one of the three businesses you mention is in the business of selling commercial certificates (Verisign). MS sells PKI products that allow you to generate your own self-signed certificates. MS has a PKI offering coming in.NET but my industry sources tell me that it is about 3 generations behind Entrust and 2 behind Verisign as far as capabilities, security, and (surprise) interoperability. This doesn't surprise me given the MS record with PKI and security in general. I'd better stop there or I won't get any work done today.
there better be a damn good method of protecting the biometric data in transit
Great parent post. 2 things that could provide a "damn good method": 1. There are ways to design scanners and hardware devices to be tamper evident, and/or tamper destructive (If you try to tap the data flow it blows up) 2. In some fingerprint implementations, the fingerprint itself is never stored. The template that the fingerprint data is matched against, cannot be used to reproduce the fingerprint itself. It is only the template that is stored. Given 1 and 2 above, if you load the template to the tamper evident hardware device, you can be reasonably certain that the biometric data is not at risk. If you don't understand or believe that this is possible just think about private key/public key certificate with the private key being stored on a tamper evident Smart Card.
Also, just because it's possible doesn't mean that Company X will decide not to collect and/or sell your Biometric data. If they can they will, so it is up to us to insist on the type of implementation I have described. If they want our fingerprints or iris scan make 'em use powder or a camera the old-fashioned way!
A sea implies salt water. The black sea is accually a sea, because its salt water. I have never heard the great lakes (freshwater) referred to as an inland sea, and I grew up in Ontario.
Right! Just like Utah's Great Salt Lake... uh sea uh...
the astronomical improbability of someone executing the infected file by accident
What, you never double-clicked the wrong file by accident? If it was just that, I would disagree with you, but because they would have to revert to an earlier version AND execute a file they didn't mean to, you are probably right. Don't give MS too much credit though, someone would have found this eventually (scan all files on hard drive for virii) They are just acting this way so they can release it with their spin.
If they tell people to just delete the file, how many do you think will double-click it instead of clicking it? I think that would seriously lower the "astronomical improbability".
It's not the pieces so much as the whole package. The balance between character types is impressive - Fighters are actually a decent character type again thanks to feats, and rogues actually do well in combat now thanks to flanking/backstab. I found GURPS and to a lesser extent Hero to be to mired in complexity. Combats take too long. Haven't tried BRP.
Hero System is still kicking to some extent. They just published a new Rules book (5th edition), with some balance changes, but not emough in my opinion (plus it wieghs more then the D1e10 from the previous post). It is still the best system for SuperHero RPGs, but is a bit lethal in its fantasy settings.
I completely disagree. I left D&D for the Hero system long ago due to D&D's absurdity. I have since come back to the third edition, because of its careful balance, lack of needless complexity, and playability. Combat is efficient while still allowing room for improvization and special moves(Disarm, Trip, Charge, fight defensive, etc.) Feats add depth both for role playing and roll playing. Prestige classes allow infinite character customization. If it sounds like I am sold it's because I am. To WotC I say, "Bully" (Inside joke involving Minotaur NPC, sorry)
In the paper world this is known as a Money Order. I used to use them all the time before I had a checking account. Hmm... checks hmmmm....Hey are there any Venture Capitalists out there?
Also, how it performs in temperature extremes. Remember Napoleon's troops had tin buttons and that tin becomes quite brittle at extremely low temperatures (like you might experience when marching to Russia). It's hard to walk and carry a pack and rifle much less fight when you're pants are falling off and you are also trying to keep your coat closed.
I wonder whether the organs can grow faster than the cancers that eat them, or if we will need to have a stockpile of organs lying around. Should be fun when the organ banks start making mistakes and switching people's organs. Yes, I said when. If they can switch babies at birth, then someone is gonna lose track of whose heart is whose.
The exhibition and accompanying book, Game On ($28, from Laurence King), deconstruct characters (like Lara Croft) along gender and age lines and examine their relationships with players. Oh so it's a pr0n exhibit.
Indeed. borwser implementation of SSL is pretty broken, but since the credit card companies are mostly limiting the card holders liability, it doesn't much matter to the average joe.
For secure email, however PKI implementations are (or at least can be) much tighter. The initial outlay to run your own Ceritifcate Authority is expensive however, so this is best suited to large coms/orgs/govs.
Three companies that sell these systems are: Entrust Inc. RSA Baltimore Technologies
The Department of Defense has mandated that all email must be signed starting...sometime in 2003 (I think). They are using PKI though. As for PGP specifically, I have seen some good uses for it. My favorite is signing email from the dice server for play by email games. Now you can't be sure it wasn't fixed to begin with, but at least you know where it came from!
Encryption is difficult for average users to grasp, - It's like a secret code. products aren't all that easy to use - Most email encryption I have seen is implemented as simply depressing a toolbar icon. Is that really that difficult? and the threats of not protecting e-mail from prying eyes aren't all that easy to explain, Hill said - Hill can't be serious. How about two words? Intellectual property. or how about these two: National Security. Or how about these two: Excessive litigation
Also in an article that supposedly discusses alternatives for encrypting email, PKI isn't even mentioned. What a terrible article.
Slashdot Mirror
That is one hell of a logical leap there my friend, or did you forget about the way that Media Player shipped for XP ?
Agreed. Many pundits* are saying that this is the most secretive administration ever, and this just adds another log on the "What are they hiding?" fire. These antics are exactly what everyone was afraid of when Ashcroft was appointed in the first place.
*Source: NPR report I heard yesterday.
Certainly it's more credible than the tooth fairy or santa claus which could never exist in the real world
Hey how about a spoiler alert next time!
if they are using SourceSafe.
Now we know what really happened to NT 5.0
Most bars do sell nails, but only rusty ones.
Not really. If your only concern is encrypting/signing mail (and other stuff) within your organization, than the CA only needs to be trusted within your organization. Trust in the CA can be enforced as a condition of employment. This makes PKI practical for many mid size businesses as well, although small businesses should look elsewhere due to the large inital outlay required. If you wish to explicitly trust the PKI of another business than your CA's can issue each other Cross-Certificates.
.NET but my industry sources tell me that it is about 3 generations behind Entrust and 2 behind Verisign as far as capabilities, security, and (surprise) interoperability. This doesn't surprise me given the MS record with PKI and security in general. I'd better stop there or I won't get any work done today.
Also, only one of the three businesses you mention is in the business of selling commercial certificates (Verisign). MS sells PKI products that allow you to generate your own self-signed certificates. MS has a PKI offering coming in
"As this prominence became unstable, it erupted into the area"
Science can be so exciting!
This does solve the transit PROBLEM because it eliminates unsecure transit of the biometric data, while acheiving the desired functionality.
there better be a damn good method of protecting the biometric data in transit
Great parent post. 2 things that could provide a "damn good method":
1. There are ways to design scanners and hardware devices to be tamper evident, and/or tamper destructive (If you try to tap the data flow it blows up)
2. In some fingerprint implementations, the fingerprint itself is never stored. The template that the fingerprint data is matched against, cannot be used to reproduce the fingerprint itself. It is only the template that is stored. Given 1 and 2 above, if you load the template to the tamper evident hardware device, you can be reasonably certain that the biometric data is not at risk. If you don't understand or believe that this is possible just think about private key/public key certificate with the private key being stored on a tamper evident Smart Card.
Also, just because it's possible doesn't mean that Company X will decide not to collect and/or sell your Biometric data. If they can they will, so it is up to us to insist on the type of implementation I have described. If they want our fingerprints or iris scan make 'em use powder or a camera the old-fashioned way!
A sea implies salt water. The black sea is accually a sea, because its salt water. I have never heard the great lakes (freshwater) referred to as an inland sea, and I grew up in Ontario.
... uh sea uh...
Right! Just like Utah's Great Salt Lake
the astronomical improbability of someone executing the infected file by accident
What, you never double-clicked the wrong file by accident? If it was just that, I would disagree with you, but because they would have to revert to an earlier version AND execute a file they didn't mean to, you are probably right. Don't give MS too much credit though, someone would have found this eventually (scan all files on hard drive for virii) They are just acting this way so they can release it with their spin.
If they tell people to just delete the file, how many do you think will double-click it instead of clicking it? I think that would seriously lower the "astronomical improbability".
Maybe
It's not the pieces so much as the whole package. The balance between character types is impressive - Fighters are actually a decent character type again thanks to feats, and rogues actually do well in combat now thanks to flanking/backstab. I found GURPS and to a lesser extent Hero to be to mired in complexity. Combats take too long. Haven't tried BRP.
Hero System is still kicking to some extent. They just published a new Rules book (5th edition), with some balance changes, but not emough in my opinion (plus it wieghs more then the D1e10 from the previous post). It is still the best system for SuperHero RPGs, but is a bit lethal in its fantasy settings.
I completely disagree. I left D&D for the Hero system long ago due to D&D's absurdity. I have since come back to the third edition, because of its careful balance, lack of needless complexity, and playability. Combat is efficient while still allowing room for improvization and special moves(Disarm, Trip, Charge, fight defensive, etc.) Feats add depth both for role playing and roll playing. Prestige classes allow infinite character customization. If it sounds like I am sold it's because I am. To WotC I say, "Bully" (Inside joke involving Minotaur NPC, sorry)
In the paper world this is known as a Money Order. I used to use them all the time before I had a checking account. Hmm... checks hmmmm....Hey are there any Venture Capitalists out there?
Also, how it performs in temperature extremes. Remember Napoleon's troops had tin buttons and that tin becomes quite brittle at extremely low temperatures (like you might experience when marching to Russia). It's hard to walk and carry a pack and rifle much less fight when you're pants are falling off and you are also trying to keep your coat closed.
Isn't that where the Harrison Ford left the lost Arc?
The guys at the depot must have been "Top Men"
I wonder if the Hubble site has posted wallpaper of the galactic genetalia?
I wonder whether the organs can grow faster than the cancers that eat them, or if we will need to have a stockpile of organs lying around. Should be fun when the organ banks start making mistakes and switching people's organs. Yes, I said when. If they can switch babies at birth, then someone is gonna lose track of whose heart is whose.
However, if the Sun was in a "bad place" of the galaxy
Wait, are you saying that the Milky Way has naughty bits?
The exhibition and accompanying book, Game On ($28, from Laurence King), deconstruct characters (like Lara Croft) along gender and age lines and examine their relationships with players.
Oh so it's a pr0n exhibit.
Indeed. borwser implementation of SSL is pretty broken, but since the credit card companies are mostly limiting the card holders liability, it doesn't much matter to the average joe. For secure email, however PKI implementations are (or at least can be) much tighter. The initial outlay to run your own Ceritifcate Authority is expensive however, so this is best suited to large coms/orgs/govs.
Three companies that sell these systems are:
Entrust Inc.
RSA
Baltimore Technologies
The Department of Defense has mandated that all email must be signed starting...sometime in 2003 (I think). They are using PKI though. As for PGP specifically, I have seen some good uses for it. My favorite is signing email from the dice server for play by email games. Now you can't be sure it wasn't fixed to begin with, but at least you know where it came from!
Encryption is difficult for average users to grasp, - It's like a secret code.
products aren't all that easy to use - Most email encryption I have seen is implemented as simply depressing a toolbar icon. Is that really that difficult?
and the threats of not protecting e-mail from prying eyes aren't all that easy to explain, Hill said - Hill can't be serious. How about two words? Intellectual property. or how about these two: National Security. Or how about these two: Excessive litigation
Also in an article that supposedly discusses alternatives for encrypting email, PKI isn't even mentioned. What a terrible article.