I wonder if this applies if you're selling services in Fort Meade?
Government agencies are tax exempt in most (nearly all) circumstances. So if you're in the public sector and selling mostly to the Federal government, this probably has minimal effect.
This looks like one of those dumb pandering moves that politicians make a big show of, saying they're going after "big companies" without really understanding the things they're tinkering with.
Not that it's incredibly crucial to your point, I'm pretty sure real Thai iced tea is made with sweetened coconut milk, not heavy cream. I think the jury is out as to which kind of fat is worse for you, but IIRC they're a bit different, nutritionally.
I don't buy it. (And seriously, talk about a straw man.)
Particularly if all they had to distribute were the diffs from the publicly available / upstream source, you're not talking about much bandwidth per download -- unless they make a lot of custom changes, in which case they're probably good for it.
Also, how many typical visitors to an NGO's site are really going to be interested in the code that drives the website? Probably not very many. I doubt whether it would impact the bandwidth usage of most sites in any measurable fashion. And if for some reason they do make some change that becomes wildly popular, it's easy to find someone who'll host it. (I suspect the easiest method in most cases would be to work with the upstream maintainer and have them host it wherever the mainline tree is hosted.)
This is a good point, but I think the conclusion you seem to be drawing (about the rotation of the Earth being a better 'clock' than, say, atomic energy-level transitions or something) isn't necessarily true. There are more forces than just gravity which determine the periods of the planets' orbits; you have bodies gaining and losing mass, bodies occasionally running into each other, solar / interstellar wind, all sorts of factors. It doesn't seem that hard to believe that even if the gravitational constant is absolute and unchanging, that the actual motions of objects could fluctuate.
I'm not sure how you'd quantify how those factors are changing the orbital periods, except by measuring them against some other standard, and that requires that you have a standard that you also think isn't changing.
If you want high-precision time from some celestial source, I suspect that pulsars might be a good candidate; their pulses are governed by their rotation and are very stable (and are based entirely on gravity), and it seems like they probably are affected by a shorter list of outside factors than a planet orbiting a star would be. (Their mass depletion probably affects their rotational period in the very long run, but that ought to be estimable.)
OT: I've always thought the plaque on the Voyager probes involved a neat use of "universal" time standards, and then uses them to determine position. It shows the position of the Earth relative to a bunch of major pulsars, each of which is identified by its period, measured as a multiple of the hyperfine transition period of hydrogen, expressed in binary notation.
Also, that brings up an interesting thought -- I wonder whether you can "prove" that the hydrogen hyperfine line has remained constant over very long periods using radioastronomy; i.e. by looking at the redshifted signal from very long ago and showing that it began at the same frequency as it does now. (Might run into problems because the redshift is, I believe, generally how the age/distance of the signal is shown; the constancy of the hydrogen line is typically assumed.)
Uhh...I think you have a tinfoil adjustment issue there.
Although I did blanch a little when I read the part about the $45,000 camera mounted on the roof. I guess I'd want to be real careful I could see that thing when I went in for lunch...I'd hate to have my paycheck docked for the cost of one of those, just because I picked the wrong McDonalds to take a bathroom break at.
Which is why I, for one, doubt that the back door was intentional. The approval that NSA gives is primarily for use by the US government itself, and most of the obstacles that NSA faces in spying on our own government are bureaucratic ones, not technical ones. I agree, for what it's worth (not much, but we're mostly all armchair generals here, why not join in the fun?).
The flaw seems too obvious to really have been something illicit. If it was an attempt at a backdoor, it was pretty stupid. And it was a weird/improbable way to create a backdoor -- it was PRNG, not really a cryptographic function per se, and while knowing its output could help you break a system, it wouldn't guarantee it. The people at the NSA had to know it would be combed over.
But the fact that it seems to be incompetence rather than malice doesn't make me feel a whole lot better. There are still a bunch of secret-algorithm ciphers around and in use (and which the government, in its infinite wisdom, treats as more secure than the openly-reviewed ones), that the NSA is basically the only organization that has any access to. If they could miss such a trivial flaw in a PRNG that they knew was going to go out for public scrutiny, what could they have let slip by in a cryptographic function that was supposed to be a state secret?
Wow, that's interesting; it's the opposite of what I expected.
I had guessed that if you converted the price back to USD, that software would cost less (in absolute terms) than in the U.S. and that the price disparity would be relative to earnings and the cost of living only (i.e. lower in absolute terms but relatively more expensive, based on hours of labor).
If the minimum wage in Venezuela works out to about $200USD per month, given 160 hours of work (4x 40-hour workweeks), that's about $1.25USD an hour. So on a relative basis, even if the absolute price of a good is the same, it's going to "feel" 4.2x as expensive there to a minimum-wage worker. Or alternately, a $500USD software package to a worker in Venezuela is about $1680 of labor in the U.S.; bit steep for an office suite.
It's a bit surprising that Microsoft doesn't drop the price of software there, particularly since its development is basically a sunk cost (and even looking towards the future, development is already offset by the money they make in established markets; whatever they can make elsewhere is probably just gravy), and the current situation basically assures that they won't make anything from the great bulk of customers. In demanding that unrealistically high a price, they're essentially ensuring they get only a very small fraction of potential customers.
I wonder if they're so concerned about grey-market re-importation into high-cost markets (the U.S. and Europe) that they basically write off sales everywhere else? That's the only thing that seems to make sense to me: if they have decided somewhere that the money they'd make by pricing according to local wages would be lost in cannibalized sales at much higher prices in the U.S./Europe.
Marx got those ideas from the French Revolution, which was also more or less the inspiration for the US Constitution. You mean the U.S. Constitution, written in 1787, and the French Revolution, which began in 1789?
I think you've got your inspirations a bit turned around, there.
I'm not necessarily saying that you're wrong, but that's not how I understand the 'secure' Hushmail mode works.
My understanding is that even if you use the Java client, Hushmail retains a copy of your private key on their server, encrypted using AES-128 with your passphrase of choice.
Were this not the case, you would need to carry around your private key (using a USB stick or some other media) in order to have it available for decryption when you used Hushmail. While secure, this would defeat much of the convenience of using Hushmail in the first place. (Why not just carry around your keys and GPG, or heck, a whole bootable Linux distro, on the stick instead?)
So what Hushmail does is keep everything on their server except your passphrase. That way, you can fire up any computer you want, and the only thing you need to have available is that passphrase, which you can memorize (or store in some other convenient fashion). They send you the Java applet and your AES-encrypted private key, you enter the passphrase, and the key gets decrypted and can be used by the client-side applet to read and sign messages. At the end of your session, the applet throws everything away.
In the insecure, non-Java mode (which may be the default?!), all the encryption is done on the server, which requires that you send the server your passphrase (via a SSL connection) so that it can decrypt the key and perform the decryption or signing. Thus, in this mode, Hushmail has everything: both the encrypted key and its passphrase. That means they can get the decrypted key, and that means they can sell you out to the Feds or anyone else they so desire.
While there might be some way to keep your private key and not even turn the encrypted version of it over to Hushmail, I'm not sure what advantages that mode of operation would have over just using your email provider of choice, and carrying around your own GPG binaries (perhaps with an entire OS, limiting your avenues of attack to hardware- and TEMPEST-based ones). Once you have to have something with you that's too big to memorize, you might as well just keep everything with you and trust no one.
I think what he's pointing out, though, is valid: the price is determined not by the actual value of the goods but by what people are willing to pay. In the U.S., that's apparently $40USD or thereabouts. But in Canada, some MBA has apparently decided people are willing to shell out $50CAD for the same thing.
That 1CAD is worth more than 1USD doesn't really matter; that's not what's driving the price. They've just decided that Canadians will pay more for the same thing and are engaging in some price discrimination on that basis. You could take off all the national-currency price tags, label everything in a uniform standard (grams of gold, say), and stuff would probably still cost more in Canada, because people are apparently used to paying more than in the U.S. and accept it.
Probably the only thing holding them back from charging even more is what it would take before an individual would decide to buy the product from the U.S. and have it shipped to a Canadian address. (As it is, a $10+ USD price difference seems like they're pushing it.)
The only effect that the USD/CAD currency fluctuations have on actual goods prices in Canada versus the U.S. is perhaps making people in Canada more aware of the screwing they're getting, for no particular reason (aside being willing to pay it, or unwilling or unable to avoid it).
buying ms office legally is twice the minimum wage /me scratches head...
Is your minimum wage not expressed as an amount per unit time of some sort? I could understand if it cost two times a standard workweek at minimum wage.
Although I wouldn't be that surprised: the minimum wage in the U.S. is only about $5.25 an hour, so that's $420 for two weeks; a retail copy of Office Standard is $400USD. (Office Professional will set you back another C-note.) Although I doubt many people who are in the target market for Office are really making the Federal minimum; just by knowing how to use a computer you've probably pulled yourself out of that bracket.
I'd be interested in knowing how they price it in other markets -- do they sell it for the equivalent of $400USD in local currency? Or do they price it at about the same number of "worker hours" at the average prevailing wage? (I suspect it's some combination of the two, but it can't be that much cheaper than it is in the U.S., or the domestic market would be filled with grey-market reimportations.)
I think it's pretty damning for Hushmail if the insecure option is the default.
It's one thing if they offer the server-side, non-Java implementation as an option for people who just can't use the secure one, but it's quite another to offer a supposedly "secure" service and then make the insecure version the default.
I was ready to write most of this off as sloppiness by people who should have known better, but if Hushmail makes the non-Java version the default for new accounts, and makes you go into "Advanced" settings in order to enable Java and get real security, they're really not delivering what they're advertising.
FireGPG doesn't really include GPG, though; it's an interface to it, but requires GPG to be installed on your client system. While I guess you could possibly put that on the stick as well, along with Firefox and GPG, it's probably getting easier at that point just to put a whole Linux-based system on the stick and boot from it whenever you desire to do something requiring security.
Passphrase encryption is weak shit, also it's trivially easy for them to launch a man in the middle attack... having a secure and valid keychain is just as important as having a secure private key. Huh? The security of "passphrase encryption" depends solely on how hard your password is to guess. Aside from that, it's AES-128, which is perfectly good encryption. If you use a trivially-guessable password, you're sunk. But if you used, say, 19 random ASCII characters, you're at more than 128 bits of randomness. At 50 guesses per second you're still talking about a brute-force time that's 2.15805661 × 10^29 years, based on my quick envelope-back numbers. And if you're at all concerned about the government spying on you, you'd better be using those sorts of passphrases.
(Of course, if you use a single dictionary word or only a handful of ASCII characters, then the brute forcing is trivial, but that's a PEBKAC problem, not a cryptographic one.)
How did this happen? Fuck knows. It isn't supposed to be possible. Hushmail's system was supposedly designed so that they couldn't do this, even if they wanted to. Perhaps one of them was running with an incredibly weak passphrase and hushmail cracked it on behalf of the feds...? All I can think of. TFA is crappy in this regard, there are better articles which explain what happened in more detail. (Full disclosure: I submitted this Wired article to/. but apparently got beaten.)
Basically, Hushmail has two main modes of operation. One of them is (reasonably) secure, the other is a trainwreck.
In one mode, the 'secure' one, you -- the user -- access their site and download a Java applet to your browser, which contains the OpenPGP encryption engine. You type your emails, they're encrypted on your machine, and sent to the server that way. Hushmail never, at any point in the operation, knows the password to your private key.
Now, because a lot of people use browsers that don't support Java, as of a few years ago, Hushmail came up with an alternative, which doesn't require it. Instead of using a Java applet, it works like a regular HTML/HTTPS webmail system, and all the encryption is done on the server. This means you don't need to be able to run the Java applet on your client machine.
However, and this is the crucial part, when you use this second mode even once, you expose the passphrase to your private key to Hushmail. And that's how they could decrypt all the messages. Once a person used the insecure service, they had basically sold themselves down the river. Hushmail had their passphrase, and from there could decrypt their private key, and from there get at all their messages. (Or at least their incoming messages; I don't know whether Hushmail encrypts outgoing messages to the sender's private key as well as the recipient's.)
From what I can tell, if you used Hushmail and were careful to always use the Java-based service, you wouldn't necessarily be vulnerable to this sort of attack. Since Hushmail wouldn't have your passphrase, the most they could do would be to hand over your encrypted messages and encrypted keys to the Feds, who would then have to try to brute-force your private key. (Meaning, everything would rest on how good a passphrase you used...)
Of course, any time you're depending on a downloaded applet for encryption, you're at the mercy of whomever you're downloading it from... there's no reason (other than it being more difficult) that Hushmail couldn't be forced to "poison" their Java applet, or backdoor its encryption engine. Unless you're going to examine the code yourself each time, you have no way of really trusting it. But that's a lot more technically difficult than just grabbing the password from the server-side decryption engine, which appears to be what they did.
There is no such thing as having a local presence on the Internet. The Internet is global, practically by definition.
The root of your, or your mother's, problem is less one of Internet URLs than of there not being any "local networks" that she chould use besides the Internet. Really, she doesn't need the Internet. What she really needs is some sort of purely national network, which might not be accessible to the rest of the world. That way, she wouldn't have to worry about catering to the lowest-common denominator of input devices.
But such a network doesn't exist; the Internet killed most of them. And in general, I think this is viewed almost universally as a Good Thing. It means that small shops can play in the once-rarefied air of global commerce, it means we can have a discussion on a site like Slashdot that includes people from all over the world, and it means anyone can get local news from virtually anywhere else, if they want to. Personally, I think it's the most significant achievement of the latter 20th century.
But the cost of this, the price you pay for being able to bring up Slashdot in Spain or Ultima Hora in the U.S., is that everyone has to basically agree on a common input device in order to be able to access everyone else's pages. For historical reasons, everyone in the world can input ASCII, and so that's the lingua franca of the Internet.
Purely local operations who really don't want a global network, but who get it anyway, are perhaps the only "downside" of the Internet; they'd probably be better served with something like Minitel. But overall, it's a very small cost for the global network we now have.
The truth is that anybody can set up their own DNS servers and populate them with whatever names they want to.
I think it is telling that all these other countries have not gotten together and actually done so. If many other countries united and put together their own DNS system, lots of people would use it. They probably can't even agree and work together. I think I agree with your general point, but I'm not even sure that "If many other countries united and put together their own DNS system, lots of people would use it" is true.
I doubt that most people know about or care about the DNS system. The Internet works. That's all that matters. Whether it's run by the U.S. or the Chinese or the Brain Slugs, people are going to use whatever system gets them the content they want to see most efficiently and easily.
The whining nations should feel free to set up an alternative root DNS network and see if they can actually make it compelling enough to get a majority of Internet users to switch. Even if they could get over their internal bickering and implement such a network, I have doubts that they'd really improve on the current system enough to draw users to it.
But they're free to try. At the very least it'd be a cool make-work project for a bunch of engineers somewhere.
Why can't the international community create a parallel DNS system and administrate its own domains? I mean, bits are bits, right? Wouldn't just be as simple as setting your DNS servers to ones on a "WorldDNS" network that don't communicate with the US lead system? They can. You could create a new "root" DNS server in an afternoon if you really wanted to. There's no technical reason stopping you or anyone else. Then it's a question of money to put it in a datacenter with good uptime and fast pipes and building in a lot of redundancy.
But this isn't really what the people bitching about U.S. control want. They don't really want control over the system as much as they want to take it away from the U.S. I doubt they would do anything different if they had the opportunity (assuming good faith on their part, i.e. that they wouldn't build in some sort of horrendous censorship features, which I think is a serious risk), and honestly I can't imagine they have much interest in the day-to-day operation of what's mostly an automated system.
It's just a political football, nothing more. The countries involved know that the U.S. will never give it up, so it's an easy way to score points at little to no cost.
There have been a bunch of articles about this recently, and I admit to not having read this particular one yet, but there is at least once device around that's not a "helmet." It's just a sort of bulky/dorky pendant that you wear around your neck, which contains a camera. It takes and saves an image every few seconds, and then you download them all later.
This may not get exactly what you're looking at, every moment, but it does give you the gist of what you were doing or who you were talking to.
You don't need a DNI to make a fairly interesting augmentative technology. A little unit that took a picture of your field of view every 5 seconds and then saved it with a time and date, plus your position from an integrated GPS device, when combined with some good software that allowed you to rapidly browse through the data, would be pretty slick.
Is it a stretch to call it a "brain backup"? Definitely. At best it's an augmentation, just like your date book or address book, or a good paper journal. But a Daytimer isn't a DNI either, and people still use those obsessively. I think there's a lot of room for this technology; Microsoft (and others) just need to tone down the hype a little.
So much for your little conspiracy theory that Flickr intentionally isn't implementing a wanted feature in order for Yahoo to gain more accounts. That's new. Well, I guess it's better late than never.
Yeah, I was annoyed to see that the new "Moonrise" images have a big copyright stamp burned onto them.
You can say a lot of crap about NASA but at least they don't deface their images, and they're pretty good about sending sending press kits and other information out to anyone who wants it.
The only interesting thing I've seen out of them lately is the photo-processing stuff discussed in the TED talk (link further up in the thread), and that was "innovation through acquisition"... they can't even take credit. They bought it. (And I don't even think the actual inventor/developer was doing the TED talk; it was some Microsoft hack.)
Yahoo's not particularly innovative, either (the worst part about Flickr is that it's run by Yahoo...if only Google had bought it instead); I'm in no way defending them.
The catch is that your friends & family have to register with yahoo.
That's kind of a massive, deal-breaking catch. IMO, it renders the feature absolutely useless. It's arrogant to demand that people register and get a stupid Yahoo account just to look at photos (would I do that? hell no; I'm not going to ask anyone else to).
A better system would work more like Google's Picasa system, which lets you make an "unlisted" album with a special URL, and email that URL out to anyone you want. As long as someone has the URL, they can view the album.
Such features have been a hot request item on Flickr for more than two years now, but the developers seem stubborn about not implementing them. I don't know if it's some deal they have with Yahoo, to try and get more people signed up with Yahoo accounts, or something else entirely, but they're shooting themselves in the foot, big time.
Slashdot Mirror
I wonder if this applies if you're selling services in Fort Meade?
Government agencies are tax exempt in most (nearly all) circumstances. So if you're in the public sector and selling mostly to the Federal government, this probably has minimal effect.
This looks like one of those dumb pandering moves that politicians make a big show of, saying they're going after "big companies" without really understanding the things they're tinkering with.
Not that it's incredibly crucial to your point, I'm pretty sure real Thai iced tea is made with sweetened coconut milk, not heavy cream. I think the jury is out as to which kind of fat is worse for you, but IIRC they're a bit different, nutritionally.
I don't buy it. (And seriously, talk about a straw man.)
Particularly if all they had to distribute were the diffs from the publicly available / upstream source, you're not talking about much bandwidth per download -- unless they make a lot of custom changes, in which case they're probably good for it.
Also, how many typical visitors to an NGO's site are really going to be interested in the code that drives the website? Probably not very many. I doubt whether it would impact the bandwidth usage of most sites in any measurable fashion. And if for some reason they do make some change that becomes wildly popular, it's easy to find someone who'll host it. (I suspect the easiest method in most cases would be to work with the upstream maintainer and have them host it wherever the mainline tree is hosted.)
This is a good point, but I think the conclusion you seem to be drawing (about the rotation of the Earth being a better 'clock' than, say, atomic energy-level transitions or something) isn't necessarily true. There are more forces than just gravity which determine the periods of the planets' orbits; you have bodies gaining and losing mass, bodies occasionally running into each other, solar / interstellar wind, all sorts of factors. It doesn't seem that hard to believe that even if the gravitational constant is absolute and unchanging, that the actual motions of objects could fluctuate.
I'm not sure how you'd quantify how those factors are changing the orbital periods, except by measuring them against some other standard, and that requires that you have a standard that you also think isn't changing.
If you want high-precision time from some celestial source, I suspect that pulsars might be a good candidate; their pulses are governed by their rotation and are very stable (and are based entirely on gravity), and it seems like they probably are affected by a shorter list of outside factors than a planet orbiting a star would be. (Their mass depletion probably affects their rotational period in the very long run, but that ought to be estimable.)
OT: I've always thought the plaque on the Voyager probes involved a neat use of "universal" time standards, and then uses them to determine position. It shows the position of the Earth relative to a bunch of major pulsars, each of which is identified by its period, measured as a multiple of the hyperfine transition period of hydrogen, expressed in binary notation.
Also, that brings up an interesting thought -- I wonder whether you can "prove" that the hydrogen hyperfine line has remained constant over very long periods using radioastronomy; i.e. by looking at the redshifted signal from very long ago and showing that it began at the same frequency as it does now. (Might run into problems because the redshift is, I believe, generally how the age/distance of the signal is shown; the constancy of the hydrogen line is typically assumed.)
Uhh...I think you have a tinfoil adjustment issue there.
Although I did blanch a little when I read the part about the $45,000 camera mounted on the roof. I guess I'd want to be real careful I could see that thing when I went in for lunch...I'd hate to have my paycheck docked for the cost of one of those, just because I picked the wrong McDonalds to take a bathroom break at.
The flaw seems too obvious to really have been something illicit. If it was an attempt at a backdoor, it was pretty stupid. And it was a weird/improbable way to create a backdoor -- it was PRNG, not really a cryptographic function per se, and while knowing its output could help you break a system, it wouldn't guarantee it. The people at the NSA had to know it would be combed over.
But the fact that it seems to be incompetence rather than malice doesn't make me feel a whole lot better. There are still a bunch of secret-algorithm ciphers around and in use (and which the government, in its infinite wisdom, treats as more secure than the openly-reviewed ones), that the NSA is basically the only organization that has any access to. If they could miss such a trivial flaw in a PRNG that they knew was going to go out for public scrutiny, what could they have let slip by in a cryptographic function that was supposed to be a state secret?
Wow, that's interesting; it's the opposite of what I expected.
I had guessed that if you converted the price back to USD, that software would cost less (in absolute terms) than in the U.S. and that the price disparity would be relative to earnings and the cost of living only (i.e. lower in absolute terms but relatively more expensive, based on hours of labor).
If the minimum wage in Venezuela works out to about $200USD per month, given 160 hours of work (4x 40-hour workweeks), that's about $1.25USD an hour. So on a relative basis, even if the absolute price of a good is the same, it's going to "feel" 4.2x as expensive there to a minimum-wage worker. Or alternately, a $500USD software package to a worker in Venezuela is about $1680 of labor in the U.S.; bit steep for an office suite.
It's a bit surprising that Microsoft doesn't drop the price of software there, particularly since its development is basically a sunk cost (and even looking towards the future, development is already offset by the money they make in established markets; whatever they can make elsewhere is probably just gravy), and the current situation basically assures that they won't make anything from the great bulk of customers. In demanding that unrealistically high a price, they're essentially ensuring they get only a very small fraction of potential customers.
I wonder if they're so concerned about grey-market re-importation into high-cost markets (the U.S. and Europe) that they basically write off sales everywhere else? That's the only thing that seems to make sense to me: if they have decided somewhere that the money they'd make by pricing according to local wages would be lost in cannibalized sales at much higher prices in the U.S./Europe.
I think you've got your inspirations a bit turned around, there.
I'm not necessarily saying that you're wrong, but that's not how I understand the 'secure' Hushmail mode works.
My understanding is that even if you use the Java client, Hushmail retains a copy of your private key on their server, encrypted using AES-128 with your passphrase of choice.
Were this not the case, you would need to carry around your private key (using a USB stick or some other media) in order to have it available for decryption when you used Hushmail. While secure, this would defeat much of the convenience of using Hushmail in the first place. (Why not just carry around your keys and GPG, or heck, a whole bootable Linux distro, on the stick instead?)
So what Hushmail does is keep everything on their server except your passphrase. That way, you can fire up any computer you want, and the only thing you need to have available is that passphrase, which you can memorize (or store in some other convenient fashion). They send you the Java applet and your AES-encrypted private key, you enter the passphrase, and the key gets decrypted and can be used by the client-side applet to read and sign messages. At the end of your session, the applet throws everything away.
In the insecure, non-Java mode (which may be the default?!), all the encryption is done on the server, which requires that you send the server your passphrase (via a SSL connection) so that it can decrypt the key and perform the decryption or signing. Thus, in this mode, Hushmail has everything: both the encrypted key and its passphrase. That means they can get the decrypted key, and that means they can sell you out to the Feds or anyone else they so desire.
While there might be some way to keep your private key and not even turn the encrypted version of it over to Hushmail, I'm not sure what advantages that mode of operation would have over just using your email provider of choice, and carrying around your own GPG binaries (perhaps with an entire OS, limiting your avenues of attack to hardware- and TEMPEST-based ones). Once you have to have something with you that's too big to memorize, you might as well just keep everything with you and trust no one.
I think what he's pointing out, though, is valid: the price is determined not by the actual value of the goods but by what people are willing to pay. In the U.S., that's apparently $40USD or thereabouts. But in Canada, some MBA has apparently decided people are willing to shell out $50CAD for the same thing.
That 1CAD is worth more than 1USD doesn't really matter; that's not what's driving the price. They've just decided that Canadians will pay more for the same thing and are engaging in some price discrimination on that basis. You could take off all the national-currency price tags, label everything in a uniform standard (grams of gold, say), and stuff would probably still cost more in Canada, because people are apparently used to paying more than in the U.S. and accept it.
Probably the only thing holding them back from charging even more is what it would take before an individual would decide to buy the product from the U.S. and have it shipped to a Canadian address. (As it is, a $10+ USD price difference seems like they're pushing it.)
The only effect that the USD/CAD currency fluctuations have on actual goods prices in Canada versus the U.S. is perhaps making people in Canada more aware of the screwing they're getting, for no particular reason (aside being willing to pay it, or unwilling or unable to avoid it).
Is your minimum wage not expressed as an amount per unit time of some sort? I could understand if it cost two times a standard workweek at minimum wage.
Although I wouldn't be that surprised: the minimum wage in the U.S. is only about $5.25 an hour, so that's $420 for two weeks; a retail copy of Office Standard is $400USD. (Office Professional will set you back another C-note.) Although I doubt many people who are in the target market for Office are really making the Federal minimum; just by knowing how to use a computer you've probably pulled yourself out of that bracket.
I'd be interested in knowing how they price it in other markets -- do they sell it for the equivalent of $400USD in local currency? Or do they price it at about the same number of "worker hours" at the average prevailing wage? (I suspect it's some combination of the two, but it can't be that much cheaper than it is in the U.S., or the domestic market would be filled with grey-market reimportations.)
I think it's pretty damning for Hushmail if the insecure option is the default.
It's one thing if they offer the server-side, non-Java implementation as an option for people who just can't use the secure one, but it's quite another to offer a supposedly "secure" service and then make the insecure version the default.
I was ready to write most of this off as sloppiness by people who should have known better, but if Hushmail makes the non-Java version the default for new accounts, and makes you go into "Advanced" settings in order to enable Java and get real security, they're really not delivering what they're advertising.
FireGPG doesn't really include GPG, though; it's an interface to it, but requires GPG to be installed on your client system. While I guess you could possibly put that on the stick as well, along with Firefox and GPG, it's probably getting easier at that point just to put a whole Linux-based system on the stick and boot from it whenever you desire to do something requiring security.
(Of course, if you use a single dictionary word or only a handful of ASCII characters, then the brute forcing is trivial, but that's a PEBKAC problem, not a cryptographic one.)
Basically, Hushmail has two main modes of operation. One of them is (reasonably) secure, the other is a trainwreck.
In one mode, the 'secure' one, you -- the user -- access their site and download a Java applet to your browser, which contains the OpenPGP encryption engine. You type your emails, they're encrypted on your machine, and sent to the server that way. Hushmail never, at any point in the operation, knows the password to your private key.
Now, because a lot of people use browsers that don't support Java, as of a few years ago, Hushmail came up with an alternative, which doesn't require it. Instead of using a Java applet, it works like a regular HTML/HTTPS webmail system, and all the encryption is done on the server. This means you don't need to be able to run the Java applet on your client machine.
However, and this is the crucial part, when you use this second mode even once, you expose the passphrase to your private key to Hushmail. And that's how they could decrypt all the messages. Once a person used the insecure service, they had basically sold themselves down the river. Hushmail had their passphrase, and from there could decrypt their private key, and from there get at all their messages. (Or at least their incoming messages; I don't know whether Hushmail encrypts outgoing messages to the sender's private key as well as the recipient's.)
From what I can tell, if you used Hushmail and were careful to always use the Java-based service, you wouldn't necessarily be vulnerable to this sort of attack. Since Hushmail wouldn't have your passphrase, the most they could do would be to hand over your encrypted messages and encrypted keys to the Feds, who would then have to try to brute-force your private key. (Meaning, everything would rest on how good a passphrase you used...)
Of course, any time you're depending on a downloaded applet for encryption, you're at the mercy of whomever you're downloading it from
There is no such thing as having a local presence on the Internet. The Internet is global, practically by definition.
The root of your, or your mother's, problem is less one of Internet URLs than of there not being any "local networks" that she chould use besides the Internet. Really, she doesn't need the Internet. What she really needs is some sort of purely national network, which might not be accessible to the rest of the world. That way, she wouldn't have to worry about catering to the lowest-common denominator of input devices.
But such a network doesn't exist; the Internet killed most of them. And in general, I think this is viewed almost universally as a Good Thing. It means that small shops can play in the once-rarefied air of global commerce, it means we can have a discussion on a site like Slashdot that includes people from all over the world, and it means anyone can get local news from virtually anywhere else, if they want to. Personally, I think it's the most significant achievement of the latter 20th century.
But the cost of this, the price you pay for being able to bring up Slashdot in Spain or Ultima Hora in the U.S., is that everyone has to basically agree on a common input device in order to be able to access everyone else's pages. For historical reasons, everyone in the world can input ASCII, and so that's the lingua franca of the Internet.
Purely local operations who really don't want a global network, but who get it anyway, are perhaps the only "downside" of the Internet; they'd probably be better served with something like Minitel. But overall, it's a very small cost for the global network we now have.
I think it is telling that all these other countries have not gotten together and actually done so. If many other countries united and put together their own DNS system, lots of people would use it. They probably can't even agree and work together. I think I agree with your general point, but I'm not even sure that "If many other countries united and put together their own DNS system, lots of people would use it" is true.
I doubt that most people know about or care about the DNS system. The Internet works. That's all that matters. Whether it's run by the U.S. or the Chinese or the Brain Slugs, people are going to use whatever system gets them the content they want to see most efficiently and easily.
The whining nations should feel free to set up an alternative root DNS network and see if they can actually make it compelling enough to get a majority of Internet users to switch. Even if they could get over their internal bickering and implement such a network, I have doubts that they'd really improve on the current system enough to draw users to it.
But they're free to try. At the very least it'd be a cool make-work project for a bunch of engineers somewhere.
We would if the people that think the General Assembly should be the Governing body for the World had their way.
How many nuclear weapons does the General Assembly have?But this isn't really what the people bitching about U.S. control want. They don't really want control over the system as much as they want to take it away from the U.S. I doubt they would do anything different if they had the opportunity (assuming good faith on their part, i.e. that they wouldn't build in some sort of horrendous censorship features, which I think is a serious risk), and honestly I can't imagine they have much interest in the day-to-day operation of what's mostly an automated system.
It's just a political football, nothing more. The countries involved know that the U.S. will never give it up, so it's an easy way to score points at little to no cost.
There have been a bunch of articles about this recently, and I admit to not having read this particular one yet, but there is at least once device around that's not a "helmet." It's just a sort of bulky/dorky pendant that you wear around your neck, which contains a camera. It takes and saves an image every few seconds, and then you download them all later.
This may not get exactly what you're looking at, every moment, but it does give you the gist of what you were doing or who you were talking to.
You don't need a DNI to make a fairly interesting augmentative technology. A little unit that took a picture of your field of view every 5 seconds and then saved it with a time and date, plus your position from an integrated GPS device, when combined with some good software that allowed you to rapidly browse through the data, would be pretty slick.
Is it a stretch to call it a "brain backup"? Definitely. At best it's an augmentation, just like your date book or address book, or a good paper journal. But a Daytimer isn't a DNI either, and people still use those obsessively. I think there's a lot of room for this technology; Microsoft (and others) just need to tone down the hype a little.
When Hotmail started throwing for-pay spam to my inbox
Seriously? I always knew Hotmail was ghetto but if that's true, that really takes the cake.
http://www.flickr.com/help/guestpass/
So much for your little conspiracy theory that Flickr intentionally isn't implementing a wanted feature in order for Yahoo to gain more accounts. That's new. Well, I guess it's better late than never.
Yeah, I was annoyed to see that the new "Moonrise" images have a big copyright stamp burned onto them.
You can say a lot of crap about NASA but at least they don't deface their images, and they're pretty good about sending sending press kits and other information out to anyone who wants it.
What's next, DRM on the videos?
The only interesting thing I've seen out of them lately is the photo-processing stuff discussed in the TED talk (link further up in the thread), and that was "innovation through acquisition" ... they can't even take credit. They bought it. (And I don't even think the actual inventor/developer was doing the TED talk; it was some Microsoft hack.)
Yahoo's not particularly innovative, either (the worst part about Flickr is that it's run by Yahoo...if only Google had bought it instead); I'm in no way defending them.
The catch is that your friends & family have to register with yahoo.
That's kind of a massive, deal-breaking catch. IMO, it renders the feature absolutely useless. It's arrogant to demand that people register and get a stupid Yahoo account just to look at photos (would I do that? hell no; I'm not going to ask anyone else to).
A better system would work more like Google's Picasa system, which lets you make an "unlisted" album with a special URL, and email that URL out to anyone you want. As long as someone has the URL, they can view the album.
Such features have been a hot request item on Flickr for more than two years now, but the developers seem stubborn about not implementing them. I don't know if it's some deal they have with Yahoo, to try and get more people signed up with Yahoo accounts, or something else entirely, but they're shooting themselves in the foot, big time.