You better read my post again. My stats are not 'skewed', they are just sampled from a different population, or, if you want to be exact, from a subset of the general population that the original post was talking about. My whole point is that if you want to address a particular user group, you'll get a different distribution of browsers.
You conjecture that there is a correlation between intelligence and browser usage. While you'll probably see this effect (I agree!), it would be smarter to think about 'computer literacy' and 'technical competence' as the factor that gets people to choose a different browser.
If you look at particular user groups, you'll see a very different picture. When I got slashdotted a few weeks ago, I found some interesting things in my website stats. Only some 25 percent of visitors (coming over from Slashdot) were using IE. A whole lot of people ran Macs, and the percentage of non-Windows users (that is: Linux, OS X and few others) was far greater than 50.
You're looking at the blogging craze from a purely technical viewpoint. But the real news is not the technology (homepage plus CMS). The news lies in the fact that citizen journalism, sometimes paired with a bit of personal exhibitionism, has suddenly become reality. The blogosphere has good potential to change the way society deals with information exchange, reducing the power of media monopolies. It gives back control over information management to the readers, but leads to more scattered, biased and often error-prone reporting. The movement is very promising, yet poses a lot of problem that we all have to deal with, on a technical, sociological and economic level.
What, is that new? That already follows from the fact that there are only N possible hashes, and M possible messages, and NM. In other words, if you have an 8-bit hash (256 values) for a, say, 1K message, then you must get a lot of collisions.
If it takes only three days or so to find a collision, what does that mean practically? Almost nothing. Because the collision that you would find is most likely meaningless. The modification that you'd like to apply to the message (while sticking with the same, given hash) is likely to be something very specific, for example, change $1000 to $10.000. And that, unfortunately, is not easy. This vulnerability can't be easily exploited at this point.
But even saying that "if the algorithm has one vulnerability, then it's likely to have others" is totally illogical - unless a whole class of vulnerabilities has been pointed out.
It's not even time to 'walk to the door' because the fire alarm has gone off, as someone said later down in the comments. Instead, it's time to read the Chinese paper, produce more truthful descriptions of how much of a problem we are going to get with this (does it lead to more severe vulnerabilities), and start working on better hashing algorithms.
X-Plane seems way more realistic, and it's very customizable. However, traditionally, it seems that MS Flightsim used to be easier to hack. How, I don't know if that still holds true, given that X-Plane supports plugins and is available with a specific motion platform, which even makes it suitable for professional training towards some commercial rating.
Couldn't agree more. Most application user interfaces written for Linux suffer from unbearable information overload for common dialogues, while error messages are usually unspecific or way too hard to understand. While some major applications do get things right - Mozilla seems fairly simple, for example - other essential components are way too hard to configure. Look at KDE (and yes, I've tried recent versions). A multitude of strange options, "Themes" vs. "Window Manager" configurations, options in weird places because they are grouped according to technical layer (some screen options go into X-Server config, some into Window Manager config, some are part of a 'Theme') and not according to the user's perception.
For geeks, standardized interfaces in computer labs at universities, for very well-defined workplaced without a lot of flexibility, yes, I would recommend a modern Linux distro such as SUSE. For Jane Doe and also for people who don't want to waste their time figuring out how to set up A, install B and solve problems C,D,E, I recommend Mac OS X for the best combination of usability, reliability, security, compatibility and choice of applications.
The developer has proven themselves in an environment where capability is obvious, transparent, and peer reviewed. Try getting that out of a resume. They are hiring a known.
The company gets to use that person's *fame*/name as a marketing tool. The developer is probably more willing to put in the extra hours because they must enjoy coding to spend so much spare time doing it.
Just like when somebody gets hired in science, at least for the more senior positions. Which supports my opinion that Open Source development is, in a way, a reincarnation of the long-established academic process.
sure, from an architecture point of view, things are very similar. Be it PGP, X.509/S/MIME or Ciphire, they're similar. X.509 doesn't support several signatures on a key, while OpenPGP does. Sign&Encrypt might have some subtle differences in Ciphire.
Both PGP and X.509 can use a web of trust to establish authenticity - with PGP it's basically built-in and well-established, for X.509 you need Thawte's web of trust, which is less flexible, but works.
PGP has the lowest comfort level (for me: Apple Mail and GnuGPG with GPG plugin) in particular because everything is done in cleartext and certificates need to be exchanged or put in a repository. S/MIME is way better because of the integrated support. Now Ciphire is even more comfortable and something for the naive end-user -- and I would recommend it if it were an open architecture, free to be implemented by anyone.
Very unlikely. The NSA is the U.S. intelligence agency dealing with national issues. Ciphire is a European company, based in Germany (Munich, dev labs) and Switzerland.
If at all, it would be the German BND (Bundesnachrichtendienst), which (still) happens to have its headquarters in Munich. But don't forget that the German government funded the implementation of PKI in open source clients (I think some KDE client was used) in project Aegypten.
For S/MIME, you'll need to retrieve the recipients public key (i.e. certificate) first, which you usually to by receiving a signed e-mail from that person. From then on, everything is easy and, honestly, more conventient than using a GPG plugin with your mail client, because mail clients support S/MIME natively.
Generating and installing your own certificate is, well, not complicated, but too much hassle for a naive user. You have to find the right function on thawte's website, enter all sorts of personal data, add and confirm your e-mail addresses, request a key and pick the right certificate type, and so on.
And in my experience, this is somewhat difficult to do on Windows for non-techie users. It's easier on the Mac, as usual. So that's where Ciphire is so much easier.
The verdict: Ciphire is a good idea in general and a fine solution for internal security in companies (across different sites), but difficult to justify as a standard due to its closed nature.
I fear this 'online poker' guy is getting attacked, too, in which case we would miss out on all the great spam comments in our blogs. Wouldn't that be a sad, sad world?
At least it got a an Honorary Mention in the "Interactive Art" category of the Prix Ars Electronica 2004. That's a big thing to get in the world of art&technology.
I wouldn't call it 'research' though. Neither do the inventors.
Dublin is indeed one of the most expensive places in Europe. And you pay much more for a decent house near Dublin City Centre than those EUR 250.000 posted by somebody in reply to your post. To say it all, even if you just bought a sandwhich a few meters away from where MLE was, you got ripped off by the take-away.
However, Ireland happened to be willing to sponsor MLE back then. And that's a good reason to go there, and not to a cheaper country such as Spain or Portugual.
It has been and is still at CSAIL, successor to AI and computer science at MIT. They're at the new Stata center, just a stone's throw away from the Media Lab. The odd thing thing is that, as I heard, Stallman was moved into an office in the William H. Gates building.
Let's say there is stuff I won't talk about in public.
But whenever you say something failed because of funding issues, that always means that somebody didn't want to fund it for some reason. And that reason may as well have been the scientific output.
If Media Lab received $5m from MLA / the Indian government, then that wasn't just for the name, but also for a transfer of know-how. Whether this transfer actually took place in the end, is another question.
this is just another one of those scares that try to get people to vote for some (much more scary) security policies.
first of all, it's not 100mph. your average jet (something like a A320) comes down at around 145 knots, that's about 160mph. (it would, even in this configuration, stall at 100mph --> crash!).
there is a system called 'autoland' that does pretty much what its name says, either up to now very low decision heights or, if airport / runway are equipped appropriately, right down to the runway. the approach can be flown by the autopilot, so to be quite clear, if - and that alone seems impossible - one of the pilots would be blinded by a very strong laser that would be magically pointed in the right direction - that wouldn't bring down a jet.
i would think it is so much easier to disrupt public life - why would anyone bother? i suspect the world would be a better place if we turned to the really important, underlying problems and forget our fear of terrorism for a while!
Especially when it comes to server-side or server-type software, I find myself having more freedom on the Mac - for one reason. I can use industry-grade, stable open-source unix servers such as Apache, diverse SQL databases, mail servers, you name it. I can also run hundreds of programming languages without having the 'Cygwin' mess, or difficulties compiling things on Windows.
If I had to switch to Linux, I could. I wouldn't like the UI, but the underlying tools would be similar.
I don't deal with the financial sector professionally, but all my private homebanking with 4 banks in three different European countries and a broker work just fine without IE (I use Safari = KHTML). No ActiveX there - I believe it's state of the art not to use IE specific stuff.
(But I guess I wouldn't choose a bank in the first place that requires stuff like IE or even Windows...)
Such a law is not meant to be enforced against random people like us. But it serves to punish people that are suspected of illegal activity, but can't be convicted because they encrypted their communications. Then, these suspects can be arrested on grounds of violation of such a law, and tried when further evidence has been gathered.
I'd like to compare it to a weapons license that you need to obtain in every sane country in order to possess firearms legally.
i don't think what the poster meant with 'Desktop Integration'.
Photoshop for example is nicely integrated. It supports all the standard keyboard shortcuts (Apple-H needs a config though), accepts drag&drop, for example from iPhoto. File selectors are standard, and the like.
That's what I would expect of my office suite. Can't do it with X11.
Also, can't do it with non-native widgets from a UI point of view. This is much more about users who can tell what icons are for, etc etc, feel 'at home' and the like -- it's less about what's "pretty", as some of the people seem to think that criticize Mac users demanding integration.
Slashdot Mirror
You conjecture that there is a correlation between intelligence and browser usage. While you'll probably see this effect (I agree!), it would be smarter to think about 'computer literacy' and 'technical competence' as the factor that gets people to choose a different browser.
If you look at particular user groups, you'll see a very different picture. When I got slashdotted a few weeks ago, I found some interesting things in my website stats. Only some 25 percent of visitors (coming over from Slashdot) were using IE. A whole lot of people ran Macs, and the percentage of non-Windows users (that is: Linux, OS X and few others) was far greater than 50.
You're looking at the blogging craze from a purely technical viewpoint. But the real news is not the technology (homepage plus CMS). The news lies in the fact that citizen journalism, sometimes paired with a bit of personal exhibitionism, has suddenly become reality. The blogosphere has good potential to change the way society deals with information exchange, reducing the power of media monopolies. It gives back control over information management to the readers, but leads to more scattered, biased and often error-prone reporting. The movement is very promising, yet poses a lot of problem that we all have to deal with, on a technical, sociological and economic level.
Agreed. DJB's Poly1305-AES might be worth mentioning here (?).
The findings are that SHA-1 is not collision free
What, is that new? That already follows from the fact that there are only N possible hashes, and M possible messages, and NM. In other words, if you have an 8-bit hash (256 values) for a, say, 1K message, then you must get a lot of collisions.
If it takes only three days or so to find a collision, what does that mean practically? Almost nothing. Because the collision that you would find is most likely meaningless. The modification that you'd like to apply to the message (while sticking with the same, given hash) is likely to be something very specific, for example, change $1000 to $10.000. And that, unfortunately, is not easy. This vulnerability can't be easily exploited at this point.
But even saying that "if the algorithm has one vulnerability, then it's likely to have others" is totally illogical - unless a whole class of vulnerabilities has been pointed out.
It's not even time to 'walk to the door' because the fire alarm has gone off, as someone said later down in the comments. Instead, it's time to read the Chinese paper, produce more truthful descriptions of how much of a problem we are going to get with this (does it lead to more severe vulnerabilities), and start working on better hashing algorithms.
X-Plane seems way more realistic, and it's very customizable. However, traditionally, it seems that MS Flightsim used to be easier to hack. How, I don't know if that still holds true, given that X-Plane supports plugins and is available with a specific motion platform, which even makes it suitable for professional training towards some commercial rating.
Couldn't agree more. Most application user interfaces written for Linux suffer from unbearable information overload for common dialogues, while error messages are usually unspecific or way too hard to understand. While some major applications do get things right - Mozilla seems fairly simple, for example - other essential components are way too hard to configure. Look at KDE (and yes, I've tried recent versions). A multitude of strange options, "Themes" vs. "Window Manager" configurations, options in weird places because they are grouped according to technical layer (some screen options go into X-Server config, some into Window Manager config, some are part of a 'Theme') and not according to the user's perception. For geeks, standardized interfaces in computer labs at universities, for very well-defined workplaced without a lot of flexibility, yes, I would recommend a modern Linux distro such as SUSE. For Jane Doe and also for people who don't want to waste their time figuring out how to set up A, install B and solve problems C,D,E, I recommend Mac OS X for the best combination of usability, reliability, security, compatibility and choice of applications.
Just like when somebody gets hired in science, at least for the more senior positions. Which supports my opinion that Open Source development is, in a way, a reincarnation of the long-established academic process.
sure, from an architecture point of view, things are very similar. Be it PGP, X.509/S/MIME or Ciphire, they're similar.
X.509 doesn't support several signatures on a key, while OpenPGP does. Sign&Encrypt might have some subtle differences in Ciphire.
Both PGP and X.509 can use a web of trust to establish authenticity - with PGP it's basically built-in and well-established, for X.509 you need Thawte's web of trust, which is less flexible, but works.
PGP has the lowest comfort level (for me: Apple Mail and GnuGPG with GPG plugin) in particular because everything is done in cleartext and certificates need to be exchanged or put in a repository. S/MIME is way better because of the integrated support. Now Ciphire is even more comfortable and something for the naive end-user -- and I would recommend it if it were an open architecture, free to be implemented by anyone.
Very unlikely. The NSA is the U.S. intelligence agency dealing with national issues. Ciphire is a European company, based in Germany (Munich, dev labs) and Switzerland.
If at all, it would be the German BND (Bundesnachrichtendienst), which (still) happens to have its headquarters in Munich. But don't forget that the German government funded the implementation of PKI in open source clients (I think some KDE client was used) in project Aegypten.
For S/MIME, you'll need to retrieve the recipients public key (i.e. certificate) first, which you usually to by receiving a signed e-mail from that person. From then on, everything is easy and, honestly, more conventient than using a GPG plugin with your mail client, because mail clients support S/MIME natively.
Generating and installing your own certificate is, well, not complicated, but too much hassle for a naive user. You have to find the right function on thawte's website, enter all sorts of personal data, add and confirm your e-mail addresses, request a key and pick the right certificate type, and so on.
And in my experience, this is somewhat difficult to do on Windows for non-techie users. It's easier on the Mac, as usual. So that's where Ciphire is so much easier.
The verdict: Ciphire is a good idea in general and a fine solution for internal security in companies (across different sites), but difficult to justify as a standard due to its closed nature.
So, what do we learn from your post? I conclude, the original post was an authentic Slashdot(TM) submission. Just like we know it.
How sad.
I fear this 'online poker' guy is getting attacked, too, in which case we would miss out on all the great spam comments in our blogs. Wouldn't that be a sad, sad world?
At least it got a an Honorary Mention in the "Interactive Art" category of the Prix Ars Electronica 2004. That's a big thing to get in the world of art&technology.
I wouldn't call it 'research' though. Neither do the inventors.
Dublin is indeed one of the most expensive places in Europe. And you pay much more for a decent house near Dublin City Centre than those EUR 250.000 posted by somebody in reply to your post. To say it all, even if you just bought a sandwhich a few meters away from where MLE was, you got ripped off by the take-away.
However, Ireland happened to be willing to sponsor MLE back then. And that's a good reason to go there, and not to a cheaper country such as Spain or Portugual.
It has been and is still at CSAIL, successor to AI and computer science at MIT. They're at the new Stata center, just a stone's throw away from the Media Lab. The odd thing thing is that, as I heard, Stallman was moved into an office in the William H. Gates building.
Let's say there is stuff I won't talk about in public. But whenever you say something failed because of funding issues, that always means that somebody didn't want to fund it for some reason. And that reason may as well have been the scientific output. If Media Lab received $5m from MLA / the Indian government, then that wasn't just for the name, but also for a transfer of know-how. Whether this transfer actually took place in the end, is another question.
this is just another one of those scares that try to get people to vote for some (much more scary) security policies. first of all, it's not 100mph. your average jet (something like a A320) comes down at around 145 knots, that's about 160mph. (it would, even in this configuration, stall at 100mph --> crash!). there is a system called 'autoland' that does pretty much what its name says, either up to now very low decision heights or, if airport / runway are equipped appropriately, right down to the runway. the approach can be flown by the autopilot, so to be quite clear, if - and that alone seems impossible - one of the pilots would be blinded by a very strong laser that would be magically pointed in the right direction - that wouldn't bring down a jet. i would think it is so much easier to disrupt public life - why would anyone bother? i suspect the world would be a better place if we turned to the really important, underlying problems and forget our fear of terrorism for a while!
Especially when it comes to server-side or server-type software, I find myself having more freedom on the Mac - for one reason. I can use industry-grade, stable open-source unix servers such as Apache, diverse SQL databases, mail servers, you name it. I can also run hundreds of programming languages without having the 'Cygwin' mess, or difficulties compiling things on Windows. If I had to switch to Linux, I could. I wouldn't like the UI, but the underlying tools would be similar.
All in all CCTV is kind of funny, but doesn't really make my day :-(
I don't deal with the financial sector professionally, but all my private homebanking with 4 banks in three different European countries and a broker work just fine without IE (I use Safari = KHTML). No ActiveX there - I believe it's state of the art not to use IE specific stuff. (But I guess I wouldn't choose a bank in the first place that requires stuff like IE or even Windows...)
Such a law is not meant to be enforced against random people like us. But it serves to punish people that are suspected of illegal activity, but can't be convicted because they encrypted their communications. Then, these suspects can be arrested on grounds of violation of such a law, and tried when further evidence has been gathered.
I'd like to compare it to a weapons license that you need to obtain in every sane country in order to possess firearms legally.
it should read: "I don't think you understood what..."
i don't think what the poster meant with 'Desktop Integration'. Photoshop for example is nicely integrated. It supports all the standard keyboard shortcuts (Apple-H needs a config though), accepts drag&drop, for example from iPhoto. File selectors are standard, and the like. That's what I would expect of my office suite. Can't do it with X11. Also, can't do it with non-native widgets from a UI point of view. This is much more about users who can tell what icons are for, etc etc, feel 'at home' and the like -- it's less about what's "pretty", as some of the people seem to think that criticize Mac users demanding integration.