He missed the point altogether. He's right, the consumers *don't* care that they're "sticking it to Microsoft". They care that the price point is under $300, something that is almost impossible to do if you are paying for Windows in addition to the hardware, i.e. you're paying the "Microsoft tax".
Avoiding the MS tax is indeed why users buy this. The reason it's come to the fore now is that hardware is cheap enough that buying a license for an MS OS is a significant part of the price.
Funding science is exactly the kind of thing that government should be doing. It falls in with roads, parks, and libraries as the kind of thing that benefits everyone in the community. Many people (most people?) opt out of paying for such things if they are choosing individually, but are happy to if they know the choice is everyone pay or the service is gone.
Fundamental science benefits everyone. It scares the crap out of me to see intelligent people advocating that we move toward a medieval patron model for science.
Our government is more fucked up than usual right now, but that's because we've put a selfish idiot in power and caved to his every foolish demand. If we can put just a little effort into electing politicians who put just a little effort into working for the benefit of the people instead of living on hate and credit cards, we can turn that around.
Slavery in exactly the same sense that any work you do for someone else is slavery - I don't want to work to other people's orders, but I must because I want to support myself.
The more jobs you can create for a particular labor pool, the more choice they have to do work they like, and the more they get in return for their labor.
I thought of this some time ago, but for outsourcing. Imagine if you could pay $4000 for a ubibot, then pay someone in the third world $0.50 an hour to do housework, yard work, etc. for you through a VR interface.
They get a safe job that pays reasonably for their area, and you get cheap labor.
Big whoop because you are likely to make errors of about the same size regardless of how big you draw something, and when you shrink it the errors shrink too. It creates a small image that looks almost error free, even if you're fairly crappy at drawing.
I agree it's not that cool of a toy, but it does actually do something (somewhat) interesting.
What are you talking about? First, it foments hatred mostly among non-USians, primarily among Iraqis. Second, I didn't say I hated anyone - it sure seems to me that it's the guys advocating killing that are the haters.
What kind of screwy world do we live in where advocacy of turning our money from bullets & choppers toward scientific research qualifies one as hating?
The whole National Science Foundation has a $6 billion budget, but we spend $75 billion a year (off budget, mind you, that's not counting the $400 billion a year we spend on defense) on a war that does nothing but foment hatred against the US?
The list is so general that it is bound to be accurate to a certain degree. Also, I seriously doubt that even the brightest and knowledgeable people can predict the really revolutionary stuff that's going to happen. I mean, back in 1989, how many (few?) people could envision the Internet in its current form? Certain societal advances are so revolutionary and disruptive that we cannot even begin to imagine them.
Well, Vernor Vinge did a pretty good job of predicting the modern internet ('cept that he threw in cyberspace) in True Names in 1981...
Everything you list there simply says that doctors are required to know stuff. Ostensibly that stuff is derived from scientific studies, but knowing a fact derived via science is not at all the same thing as knowing how to do science.
Science is about observation, forming hypotheses, building good experiments to validate them, performing those experiments, and using statistical methods to reason about the implications of the results of your experiments.
Just because you remember a bunch of things you are taught doesn't mean you know science. If you don't have some backbone of researchers doing science to verify the stuff you think you know, it's not science, it's just stuff.
It's nice to hear that there's some kind of experimental evidence to back that up.
I'll still bet that restoring the sight to someone would be at least partially successful, but I suppose there's no knowing until there is a good enough operation that the possibility of results outweighs the downsides.
Oh, and what in the world makes you say the private key is 'weakly encrypted'? Hushmail uses AES, which is a standard for symmetric encryption. If you've chosen a good passphrase, until & unless there's an algorithmic breakthrough regarding AES, it is essentially unbreakable.
(By essentially unbreakable, I mean it would be far cheaper to install a software or hardware keylogger on your machine than to break it.)
Well, my workplace, library, and dad might take issue with me installing a new email client so I can read my email there, which I like to do.
I would absolutely not use Hushmail for information I wanted to keep secret from the government, at least if I thought the gov't might conceivably get a warrant for it.
The fact of the matter is that you absolutely cannot be as good as sure of your security in the world today. The government installs keyloggers. The government puts inline hardware keyboard readers. I doubt that anything shy of WMD is going to get the fabled van outside your house monitoring your EM emissions, but it is practical to do so if they're willing to spend a few $1000s on surveillance.
There are varying degrees of security. For information that I don't want anyone to have access to, but I know the gov't has no reason to issue a warrant on me and the info is not illegal anyway, Hushmail w/applet is a great solution. Hushmail via html is almost no solution at all, because anyone at Hushmail could scam your key, and without doing stuff that someone would almost certainly notice (faking out the applet... someone is going to notice the new download, and decompile, and then they're outed).
I do see one big avoidable hole in Hushmail w/applet: they ask your username before they send you the applet. This gives them the option to send a special broken applet just to the users whose keys they want to lift. It would be just as easy for them to wait until the applet downloads to ask both username and passphrase, and then it would be much harder to slide an applet with borken security in on you.
I have used Hushmail for ages, and it is entirely secure. These users did something foolish - they demanded, then got, then used a "more convenient" version of Hushmail that did the encryption on the server instead of on the client.
Standard Hushmail downloads (& caches) an applet on your computer that encrypts & decrypts your private key with your passphrase. Only the encrypted private key is stored on Hushmail servers, and your email encrypted with the public key. They don't give your decrypted email up to authorities, even with a court order. Because, by design, they CAN'T. The unencrypted private key is never on their server.
The new & improved Hushmail works without you having to have Java support or download an applet. It can only work by decrypting the private key server-side, which means Hushmail has (at least briefly) the information to decrypt all your email. Which means that if they get a court order, they must capture that information and provide your decrypted emails or they go to jail.
Of course, with the applet they could give you a new one that sends them the decrypted key - I'm not sure of the legality of them doing so, even with a court order. However, this is not what happened - all they did was provide information they had on their servers, as required by law.
The only way to be sure of your security is to build a device by hand that does all the decryption & display on the device, inspect all of the code you put on it by hand (preferably compiling using a compiler you wrote in machine language). Oh, and only read email on the device in an opaque faraday cage, naked.
Hushmail gives you precisely as much security as they possibly can, and no more.
Coming from a position of almost complete ignorance on this topic, I'll bet that's hogwash.
If a person can integrate a direction sense from a belt that always buzzes on the northern side, I'm sure the brain structures designed for sight can learn to see. I wouldn't be surprised if it took a long time...
What would make people stipulate that this can't be learned after a certain time?
Gibson didn't invent cyberspace. Vernor Vinge invented cyberspace (although I don't think he coined the term) in True Names.
If you haven't read it, I highly recommend it. Read True Names to get a notion of the profound visionary Vernor Vinge is. (Remember it was published in 1981).
Then read Rainbows End with your newfound respect for Vinge's powers of prognostication, and recognize that you're seeing into the near future.
Clearly taking $1000 from someone who has $1 billion is less harmful to them than taking $1000 from someone who has $1001. It is wrong either way, but the first is far less wrong.
I'm not rendering any opinion about the morality of this particular case. I would have to know what kind of content was in the book, how much of it was Rowling's work, whether they were attempting to present themselves as associated with Rowling, etc. Details matter.
Oh, sure, but if we're assuming that you get to install software on the user's machine as that user, all bets are off. You can do ANYTHING to the user's machine, and monitor ALL data that goes in or out of the machine.
I don't see how they can do a useful MITM... they can view all of the data, but the data has to be encrypted using a certificate with the hostname in it, and signed by a CA recognized by the client. CAs should only be distributing such tickets to the owner of the hostname, so how can the ISP pretend to be that hostname? And if they can't provide a certificate that pretends to be that hostname, how can they decrypt the traffic?
I have heard that IE used to have a bug that allowed MITM for SSL, but I assume that has long since been fixed.
Slashdot Mirror
Ah, I see - pudge is replying to the story (which I didn't read, because it looks like worthless crap).
I still think the whole thing is infantile, original story and reply both.
Can someone explain to me why the grandparent of this post seems to have disappeared?
I have to say that pudge's reply looks pretty infantile, and if he then followed it up by deleting the original post, all the more so.
He missed the point altogether. He's right, the consumers *don't* care that they're "sticking it to Microsoft". They care that the price point is under $300, something that is almost impossible to do if you are paying for Windows in addition to the hardware, i.e. you're paying the "Microsoft tax".
Avoiding the MS tax is indeed why users buy this. The reason it's come to the fore now is that hardware is cheap enough that buying a license for an MS OS is a significant part of the price.
Funding science is exactly the kind of thing that government should be doing. It falls in with roads, parks, and libraries as the kind of thing that benefits everyone in the community. Many people (most people?) opt out of paying for such things if they are choosing individually, but are happy to if they know the choice is everyone pay or the service is gone.
Fundamental science benefits everyone. It scares the crap out of me to see intelligent people advocating that we move toward a medieval patron model for science.
Our government is more fucked up than usual right now, but that's because we've put a selfish idiot in power and caved to his every foolish demand. If we can put just a little effort into electing politicians who put just a little effort into working for the benefit of the people instead of living on hate and credit cards, we can turn that around.
They just have different design goals than you do.
Slavery in exactly the same sense that any work you do for someone else is slavery - I don't want to work to other people's orders, but I must because I want to support myself.
The more jobs you can create for a particular labor pool, the more choice they have to do work they like, and the more they get in return for their labor.
I thought of this some time ago, but for outsourcing. Imagine if you could pay $4000 for a ubibot, then pay someone in the third world $0.50 an hour to do housework, yard work, etc. for you through a VR interface.
They get a safe job that pays reasonably for their area, and you get cheap labor.
Big whoop because you are likely to make errors of about the same size regardless of how big you draw something, and when you shrink it the errors shrink too. It creates a small image that looks almost error free, even if you're fairly crappy at drawing.
I agree it's not that cool of a toy, but it does actually do something (somewhat) interesting.
What are you talking about? First, it foments hatred mostly among non-USians, primarily among Iraqis. Second, I didn't say I hated anyone - it sure seems to me that it's the guys advocating killing that are the haters.
What kind of screwy world do we live in where advocacy of turning our money from bullets & choppers toward scientific research qualifies one as hating?
The whole National Science Foundation has a $6 billion budget, but we spend $75 billion a year (off budget, mind you, that's not counting the $400 billion a year we spend on defense) on a war that does nothing but foment hatred against the US?
I think our (and your) priorities are a bit off.
Well, Vernor Vinge did a pretty good job of predicting the modern internet ('cept that he threw in cyberspace) in True Names in 1981...
He just did.
Everything you list there simply says that doctors are required to know stuff. Ostensibly that stuff is derived from scientific studies, but knowing a fact derived via science is not at all the same thing as knowing how to do science.
Science is about observation, forming hypotheses, building good experiments to validate them, performing those experiments, and using statistical methods to reason about the implications of the results of your experiments.
Just because you remember a bunch of things you are taught doesn't mean you know science. If you don't have some backbone of researchers doing science to verify the stuff you think you know, it's not science, it's just stuff.
Technologically advanced aliens would take over the universe at near light speed.
http://blog.wired.com/27bstroke6/2007/11/pgp-creator-def.html
It's nice to hear that there's some kind of experimental evidence to back that up.
I'll still bet that restoring the sight to someone would be at least partially successful, but I suppose there's no knowing until there is a good enough operation that the possibility of results outweighs the downsides.
Oh, and what in the world makes you say the private key is 'weakly encrypted'? Hushmail uses AES, which is a standard for symmetric encryption. If you've chosen a good passphrase, until & unless there's an algorithmic breakthrough regarding AES, it is essentially unbreakable.
(By essentially unbreakable, I mean it would be far cheaper to install a software or hardware keylogger on your machine than to break it.)
Well, my workplace, library, and dad might take issue with me installing a new email client so I can read my email there, which I like to do.
I would absolutely not use Hushmail for information I wanted to keep secret from the government, at least if I thought the gov't might conceivably get a warrant for it.
The fact of the matter is that you absolutely cannot be as good as sure of your security in the world today. The government installs keyloggers. The government puts inline hardware keyboard readers. I doubt that anything shy of WMD is going to get the fabled van outside your house monitoring your EM emissions, but it is practical to do so if they're willing to spend a few $1000s on surveillance.
There are varying degrees of security. For information that I don't want anyone to have access to, but I know the gov't has no reason to issue a warrant on me and the info is not illegal anyway, Hushmail w/applet is a great solution. Hushmail via html is almost no solution at all, because anyone at Hushmail could scam your key, and without doing stuff that someone would almost certainly notice (faking out the applet... someone is going to notice the new download, and decompile, and then they're outed).
I do see one big avoidable hole in Hushmail w/applet: they ask your username before they send you the applet. This gives them the option to send a special broken applet just to the users whose keys they want to lift. It would be just as easy for them to wait until the applet downloads to ask both username and passphrase, and then it would be much harder to slide an applet with borken security in on you.
I have used Hushmail for ages, and it is entirely secure. These users did something foolish - they demanded, then got, then used a "more convenient" version of Hushmail that did the encryption on the server instead of on the client.
Standard Hushmail downloads (& caches) an applet on your computer that encrypts & decrypts your private key with your passphrase. Only the encrypted private key is stored on Hushmail servers, and your email encrypted with the public key. They don't give your decrypted email up to authorities, even with a court order. Because, by design, they CAN'T. The unencrypted private key is never on their server.
The new & improved Hushmail works without you having to have Java support or download an applet. It can only work by decrypting the private key server-side, which means Hushmail has (at least briefly) the information to decrypt all your email. Which means that if they get a court order, they must capture that information and provide your decrypted emails or they go to jail.
Of course, with the applet they could give you a new one that sends them the decrypted key - I'm not sure of the legality of them doing so, even with a court order. However, this is not what happened - all they did was provide information they had on their servers, as required by law.
The only way to be sure of your security is to build a device by hand that does all the decryption & display on the device, inspect all of the code you put on it by hand (preferably compiling using a compiler you wrote in machine language). Oh, and only read email on the device in an opaque faraday cage, naked.
Hushmail gives you precisely as much security as they possibly can, and no more.
Coming from a position of almost complete ignorance on this topic, I'll bet that's hogwash.
If a person can integrate a direction sense from a belt that always buzzes on the northern side, I'm sure the brain structures designed for sight can learn to see. I wouldn't be surprised if it took a long time...
What would make people stipulate that this can't be learned after a certain time?
Of course, you won't mod parent up since I'm replying to my own message. Jeez, what a whore!
But now you have to mod this post up, 'cause moderators can't resist reverse psychology.
But now you won't mod this post up, 'cause I pointed out the reverse psychology.
But now you have to mod this post up...
Gibson didn't invent cyberspace. Vernor Vinge invented cyberspace (although I don't think he coined the term) in True Names.
If you haven't read it, I highly recommend it. Read True Names to get a notion of the profound visionary Vernor Vinge is. (Remember it was published in 1981).
Then read Rainbows End with your newfound respect for Vinge's powers of prognostication, and recognize that you're seeing into the near future.
Clearly taking $1000 from someone who has $1 billion is less harmful to them than taking $1000 from someone who has $1001. It is wrong either way, but the first is far less wrong.
I'm not rendering any opinion about the morality of this particular case. I would have to know what kind of content was in the book, how much of it was Rowling's work, whether they were attempting to present themselves as associated with Rowling, etc. Details matter.
Oh, sure, but if we're assuming that you get to install software on the user's machine as that user, all bets are off. You can do ANYTHING to the user's machine, and monitor ALL data that goes in or out of the machine.
I don't see how they can do a useful MITM... they can view all of the data, but the data has to be encrypted using a certificate with the hostname in it, and signed by a CA recognized by the client. CAs should only be distributing such tickets to the owner of the hostname, so how can the ISP pretend to be that hostname? And if they can't provide a certificate that pretends to be that hostname, how can they decrypt the traffic?
I have heard that IE used to have a bug that allowed MITM for SSL, but I assume that has long since been fixed.