Piling on the info, the form of the equation in grandparent is not wrong -- it's a special case. For all the reasons stated by parent it becomes wrong because this form of the equation is a result derived of "Special Relativity". "Special" means your reference frame is not accelerating , etc. "General Relativity" gives you the complete version of this equation in all frames, but my copy of Jackson is in the attic at my folks' house so I can't dig it out for you now -- it's almost time to leave for church.
....and suggestions like the article makes are pie in the sky "corporations have magic powers" crap. Make banks pay for phishing and you'll create a cottage industry of phishing victims, of the sort that plagues the insurance industry today.
Bruce's point is that any data that can't be completely secured really shouldn't have been available online in the first place.
The reason phishing works is because banks put sensitive information online where it can be accessed remotely once the phishing part of the attack is complete. Take the data offline and phishers will go away because there's no data to access, even if they do get people to give them their passwords. Right now, banks have no DISincentive to take the data offline because they're making money, and our losses are acceptable collateral damage to them. Don't believe me? Look at the way they hand out credit cards - and that's when they *are* willing to take losses themselves.
Would it set banks back 10 years or so? Yup, but it's also the right thing to do.
Of course the burden is on the victim, fraud is already a criminal offense. This bill classifies phishing specifically as a CIVIL offense so the victim can collect damages. In order to collect, the victim has to sue. Don't you remember the OJ civil trial?
Oh, and IANAL. Just knows what I sees on the teevee.
Ah, the joys of an object oriented universe. Nah, you don't need to understand the internals of *how* it works, you just need the API docs.
Do programming courses in college still teach actual algorithms (prime number sieve, sorting, searching, etc.) or just how to program to APIs? I know OOP makes development easier precisely because you don't have to understand the object internals, but it's like a pocket calculator -- there are real lessons to be learned from putting it away and doing the work manually.
Also, I realize that I'm picking on programmers here, but the truth is that IT mindshare eventually follows them, so the disinterested attitude that found its way into the ranks of the developers eventually got around to everyone else.
I am also somewhat alarmed at how many IT people I have met who do not program, never have programmed and never plan to program.
BTW, present company (probably) excepted, of course.
You know what the problem is? The RIAAs look at the buttload of not-very-wise teenagers out there willing to spend 2.99 for a ringtone, but only 99 cents for a whole song and somehow they feel slighted even though that's practically a free sale because they didn't have to spend a penny in production or distribution! Some people just *don't* *understand* the Internet, and that's why capitalistic natural selection will doom them.
P.S. I don't mind people talking on their cellphones in public NEARLY as much as their insipid self-defining ring tones. If I hear that Harry Potter theme one more time at the airport I'm going to THROTTLE someone, AND I LIKE HARRY POTTER!
P.P.S. It is my opinion that the RIAAs deserve *nothing* from the iPod sales because that was Apple's compensation in the deal. Jobs took all the risk pricing the songs at 99 cents because Apple doesn't do much better that breaking even after the RIAAs get their cut.
Furthermore, I think thought corporate acceptance of FOSS should be more about RISK MANAGEMENT, protecting your investment and avoiding forced obsolescence than anything else. That's something even the most curmudgeonly anti-hippie board member should patently understand. I dunno why that wasn't brought up in his piece.
P.S. Ha-ha! The script-detector word on my submission form is 'posers'.
I don't know quite how to put this, so I am just going to say it.
The degree doesn't make you an engineer. The MATH makes you an engineer. The degree is just your univerity vouching that you have completed your math and other engineering studies competently.
.. or did you think you could argue a structurally unsound bridge you designed to be more sympathetic and resist collapsing because the math in college was too hard?
In my opinion, I think the author of this book is a quack and all I had to see was the first paragraph on the first page of his web site where he states that he has dispensed with (geometric) axioms. You cannot do anything in mathematics without axioms. Period. Math is not capable of proving something from nothing.
If you need storage shelving in the closets, etc. ClosetMaid shelving is very lightweight, modular and flexible system that had for pretty cheap at most Lowes/HomeDepot type stores. A lot of it needs to be bolted into the walls with either stud screws or drywall fasteners, so check with your landlord first.
It's obvious from the short period of time FEMA has had to set up this registration site that the code behind it has been in development for some time. It's likely a standard set of pages and code that come from a template they developed, so they copy it over and change the names and database connection and they're site's up and running. The problem isn't that FEMA was caught having to react to a disaster - that's their job. The problem is that their solution and design were chosen without concern for the actual needs and capabilities of the people they are chartered to assist.
Access isn't about Minority or not, the ADA still requires wheelchair accessible bathroom stalls and entryways regardless the microscopic percentage of your employees that actually need them.
The bottom line is that there are probably a couple of guys who make decisions high up in the FEMA IT department who - for whatever reason - just don't understand the fact that not everyone "lives in a Microsoft world" with them.
IANAL (blah, blah), but shouldn't the Americans with Disabilities Act (ADA) have something to say about this? Seems to me that limiting choice is the last thing the federal government ought to be caught doing, especially if there are specific plugins & features in alternate browsers that provide access to the web (for disabled individuals) that isn't available with IE.
Also, I bet judge Kotar-Kotelly would love to hear about this.
/Yeah, that last line was probably a cheap shot. //No, I don't really think there's anything she can really do about it anyway.
Bruce's Argument #2) Just because a component is signed doesn't mean that it is safe.
My Comments: I fully agree with this. However Code Signing was never intended for this purpose. Code signing was design to prove the authenticity and integrity of the code. It was never designed to certify that the piece is also securely written.
I thought the purpose of code signing was to vouch for the integrity of the SIGNER, not the code itself. If you want to argue that code signing guarantees the code because nobody but the signer could sign it, OK, but that still leaves you having to explain to users which signers are OK and which aren't.
The thing that's always bugged me about signing is that it relies on the root cert issuers (Verisign, Thawt, etc.) to do their jobs and verify that their customers are who they say they are, and the sense I'm getting lately is that $800 and a valid email address is enough to convince them that you are anyone you want to be. Am I wrong?
This is a bad example, but what happens if Joe the hacker incorporates a dummy company named "Micr0soft.com", registers a domain for it, installs web & mail servers with matching certs, then buys a code-signing cert from your favorite root-cert company, then uses that cert to sign plugins as "Micros0ft.com"? It would have a valid cert path, wouldn't it? Do the root cert issuers even check for that kind of crap anymore? They used to take D&B numbers as proof of identity, or in lieu of that, notorized copies of incorporation documents on letterhead, but I don't think they even bother checking anymore. At least, they didn't when I bought an SSL cert in December.
Slashdot Mirror
Piling on the info, the form of the equation in grandparent is not wrong -- it's a special case. For all the reasons stated by parent it becomes wrong because this form of the equation is a result derived of "Special Relativity". "Special" means your reference frame is not accelerating , etc. "General Relativity" gives you the complete version of this equation in all frames, but my copy of Jackson is in the attic at my folks' house so I can't dig it out for you now -- it's almost time to leave for church.
Bruce's point is that any data that can't be completely secured really shouldn't have been available online in the first place.
The reason phishing works is because banks put sensitive information online where it can be accessed remotely once the phishing part of the attack is complete. Take the data offline and phishers will go away because there's no data to access, even if they do get people to give them their passwords. Right now, banks have no DISincentive to take the data offline because they're making money, and our losses are acceptable collateral damage to them. Don't believe me? Look at the way they hand out credit cards - and that's when they *are* willing to take losses themselves.
Would it set banks back 10 years or so? Yup, but it's also the right thing to do.
My $0.02. YMMV
Three years ago, investors would have been throwing money their way without a pause.
You misspelled "six" -- it's 2005 now.
You're welcome, glad I could help.
"The question is not happy or unhappy, it's blessed or unblessed."
- Bob Dylan
Of course the burden is on the victim, fraud is already a criminal offense. This bill classifies phishing specifically as a CIVIL offense so the victim can collect damages. In order to collect, the victim has to sue. Don't you remember the OJ civil trial?
Oh, and IANAL. Just knows what I sees on the teevee.
So why is it that we don't use the "mysterious powers of teh intarnets" to track down potential schtizophrenics and get them some help?
Ah, the joys of an object oriented universe. Nah, you don't need to understand the internals of *how* it works, you just need the API docs.
Do programming courses in college still teach actual algorithms (prime number sieve, sorting, searching, etc.) or just how to program to APIs? I know OOP makes development easier precisely because you don't have to understand the object internals, but it's like a pocket calculator -- there are real lessons to be learned from putting it away and doing the work manually.
Also, I realize that I'm picking on programmers here, but the truth is that IT mindshare eventually follows them, so the disinterested attitude that found its way into the ranks of the developers eventually got around to everyone else.
I am also somewhat alarmed at how many IT people I have met who do not program, never have programmed and never plan to program.
BTW, present company (probably) excepted, of course.
Forgive my ignorance, but exactly was this released again?
Sherman, My boy....
...please set the WayBack machine for 1997!
You know what the problem is? The RIAAs look at the buttload of not-very-wise teenagers out there willing to spend 2.99 for a ringtone, but only 99 cents for a whole song and somehow they feel slighted even though that's practically a free sale because they didn't have to spend a penny in production or distribution! Some people just *don't* *understand* the Internet, and that's why capitalistic natural selection will doom them.
P.S. I don't mind people talking on their cellphones in public NEARLY as much as their insipid self-defining ring tones. If I hear that Harry Potter theme one more time at the airport I'm going to THROTTLE someone, AND I LIKE HARRY POTTER!
P.P.S. It is my opinion that the RIAAs deserve *nothing* from the iPod sales because that was Apple's compensation in the deal. Jobs took all the risk pricing the songs at 99 cents because Apple doesn't do much better that breaking even after the RIAAs get their cut.
Tinderbox? Microsoft broke down and finally implemented *Tinderbox*? I'm speechless.
I used to do this with my friends in college - I bought Eye of the Beholder, he bought Ultima Underworld. When we finished them, we'd trade boxes.
Wasn't the whole TCI/IP stack based on BSD code?
Furthermore, I think thought corporate acceptance of FOSS should be more about RISK MANAGEMENT, protecting your investment and avoiding forced obsolescence than anything else. That's something even the most curmudgeonly anti-hippie board member should patently understand. I dunno why that wasn't brought up in his piece.
P.S. Ha-ha! The script-detector word on my submission form is 'posers'.
I don't know quite how to put this, so I am just going to say it.
The degree doesn't make you an engineer. The MATH makes you an engineer. The degree is just your univerity vouching that you have completed your math and other engineering studies competently.
In my opinion, I think the author of this book is a quack and all I had to see was the first paragraph on the first page of his web site where he states that he has dispensed with (geometric) axioms. You cannot do anything in mathematics without axioms. Period. Math is not capable of proving something from nothing.
If you need storage shelving in the closets, etc. ClosetMaid shelving is very lightweight, modular and flexible system that had for pretty cheap at most Lowes/HomeDepot type stores. A lot of it needs to be bolted into the walls with either stud screws or drywall fasteners, so check with your landlord first.
Ok, so what happens to the energy when you dissappate it? It has to GO somewhere.
I call bullstuff.
It's obvious from the short period of time FEMA has had to set up this registration site that the code behind it has been in development for some time. It's likely a standard set of pages and code that come from a template they developed, so they copy it over and change the names and database connection and they're site's up and running. The problem isn't that FEMA was caught having to react to a disaster - that's their job. The problem is that their solution and design were chosen without concern for the actual needs and capabilities of the people they are chartered to assist.
Access isn't about Minority or not, the ADA still requires wheelchair accessible bathroom stalls and entryways regardless the microscopic percentage of your employees that actually need them.
The bottom line is that there are probably a couple of guys who make decisions high up in the FEMA IT department who - for whatever reason - just don't understand the fact that not everyone "lives in a Microsoft world" with them.
IANAL (blah, blah), but shouldn't the Americans with Disabilities Act (ADA) have something to say about this? Seems to me that limiting choice is the last thing the federal government ought to be caught doing, especially if there are specific plugins & features in alternate browsers that provide access to the web (for disabled individuals) that isn't available with IE.
Also, I bet judge Kotar-Kotelly would love to hear about this.
Indeed. That's what PowerPoint is for, isn't it?
Embedded multimedia is sooo 1993.
Yeah! Woz left the company *years* ago!
Your naiveté betrays you -- there is no such thing as "rock solid". Ever.
Bruce's Argument #2) Just because a component is signed doesn't mean that it is safe.
My Comments: I fully agree with this. However Code Signing was never intended for this purpose. Code signing was design to prove the authenticity and integrity of the code. It was never designed to certify that the piece is also securely written.
I thought the purpose of code signing was to vouch for the integrity of the SIGNER, not the code itself. If you want to argue that code signing guarantees the code because nobody but the signer could sign it, OK, but that still leaves you having to explain to users which signers are OK and which aren't.
The thing that's always bugged me about signing is that it relies on the root cert issuers (Verisign, Thawt, etc.) to do their jobs and verify that their customers are who they say they are, and the sense I'm getting lately is that $800 and a valid email address is enough to convince them that you are anyone you want to be. Am I wrong?
This is a bad example, but what happens if Joe the hacker incorporates a dummy company named "Micr0soft.com", registers a domain for it, installs web & mail servers with matching certs, then buys a code-signing cert from your favorite root-cert company, then uses that cert to sign plugins as "Micros0ft.com"? It would have a valid cert path, wouldn't it? Do the root cert issuers even check for that kind of crap anymore? They used to take D&B numbers as proof of identity, or in lieu of that, notorized copies of incorporation documents on letterhead, but I don't think they even bother checking anymore. At least, they didn't when I bought an SSL cert in December.
Indiana Jones:
Archaeology is the search for fact, not truth. If it's truth you're looking for, Dr. Tyree's philosophy class is right down the hall.
I had a friend in grad school (physics) who noted from personal experience that Sonic The Hedgehog was "invariant under LSD transformation".