You can usually pay more to have guarantees. Militaries and industries sometimes do that. Are you ready to pay more money (like 2x or 3x) for software ? Arguably Apple does (used to do) a good job in this area.
Yes, my formulation was silly.
I just hoped that people who say "This comes from evil communist China! It must be stopped !" would just work at making "great freedom-loving America" better.
But yeah, silly reaction to a silly comment. Sorry about that.
This kind of article would have been useful BEFORE elections. A slashdot article gives some good press and calling a candidate intelligent and tech-saavy is somehow good for him. Why do we prefer to grumble about bad politicians than trying to help good ones being elected ?
You always depend on a 3rd party to verify it. The entity responsible for the counting can be dishonest even with paper ballots.
I don't know the US system but in France the counting session is public and fraud attempts have to be done under the public's eye. A few attempts have been uncovered that way.
Sure, they can count every vote for #3 as a vote for #2. But the system must then be designed to count the votes incorrectly. This is easy to verify later (take one of each ballot type, feed the votes into the system, see if it is counted properly).
No, that is not easy. The system you propose for instance does not detect votes switching and if it has a way to detect testing session, it can easily have a different behaviour then.
Because if you are not trusting the system to count the votes correctly, why would you trust a person to write down the totals to the proper candidate?
I surely wouldn't trust one people to count the votes correctly without public scrutiny. I mean, if I were in that person's shoes, I would be very tempted to cheat votes, no ? especially if no checks are made afterwards.
So you have a receipt showing that you vote for #3, you know who #3 is, but how can you check that the system counted your vote for #3 as a vote for the candidate you chose ?
Verifiability and anonymity are 2 things out of 3 necessary for a good voting system. The 3rd thing is independence from a third party. If you need to trust a third party to match information, to keep records anonymous or to correctly make a sum, this is not a good evoting machine.
All the current solutions require one of the three constraints to be dumped. That is why the only working occurrences of evoting happen in things like debian lists where anonymity can be dropped. It may not be impossible to cryptographically guarantee the 3 constraints, but this is an active research field of mathematics. Right now some solutions exist but they have really nasty constraints (all voters must participate, and their number must be known at key generation, or they must vote in a given order, etc...)
I believe a satisfying algorithm will finally come, but it is not here yet. So please, instead of funding companies that propose voting black boxes that have laughable security, just give funds to mathematicians and cryptography researchers.
Trust me, a regular American can live happily in many other different "civilizations" once his will have collapsed under the weight of legalausaurus rex (sed lex).
Not sure what you mean about leaving US for a year or two. I must have spent only three weeks in USA in my whole life:) Not sure what "know" means when you put stars around it too.
The fact that a drug has passed FDA approval does not shield the Pharma company that made it from any liability - this is a common misconception that is categorically not true.
But from a business point of view, there is an interesting advantage to the current situation : their revenue stream is direct from their subscribers, it doesn't go through an indirect route that Google controls and that can vary wildly. Actually, a newspaper doubling its number of subscribers seems to me as a clear success. I would like the open model to work well, but the pay-wall model, when you are called "Times" is clearly workable.
Reducing the number of casualties is reducing the number of potential lawsuits. It also happens to be quite ethical and sensible.
Sure, but reducing the number of lawsuits does not reduce the number of casualties. Depending on what the core objective is, some delays may be useless (or even detrimental) to saving lives. If you have a cure to a disease that kills 1000 people a year but that your cure will maybe cause 10 death per year due to side effects, you can save 1000 lives that would not die because of you but would cause more or less directly 10 deaths that you become legally responsible of.
I think some of the procedures are more useful to shield some people from blame than to increase a product safety.
Seriously though, I think the only people who will be wanting to push cures for the common cold are our employers. I can deal with a slight runny nose every so often.
Sure, but I hijacked this discussion to talk about the more general subject of medicine testing.
Sometimes I am caught thinking that reducing these delays (by keeping the whole process safe of course) may be one of the most important things to do in our society.
Does anyone know whether these procedure are optimised to reduce the number of casualties or to reduce the number of potential lawsuits.
In other words, is the main problem legal/political rather than technical ?
As a french keyboard user and C programmer, I must say that I curse the fact that you have to use Alt-Gr for { [ @ # or |
Sure, you get used to it, but it is still less comfortable than using a qwerty keyboard (which I sometimes do).
However, I am too snobbish to write my French emails without accents so I guess I have to accept compromise. Most people here use "é" more often than "{".
Well, the number the press is shouting everywhere is that it costs $250,000 to buy a 0-day exploit thatis not public. Of the 4 zero-days used, two were known. That leaves, at most, $500 000 for the two others. There is also a cryptographic certificate to get. I suspect this is at least as much expensive. 1 million is a high-range estimation I, yes, somehow put out of my ass by making very inflated guesses. It could also be a single person discovering the two unknown flaws that used them to steal Realtek's crypto key and made the virus by himself. It could very well be a zero-budget attack, as improbable as this look. All I am saying is that it didn't cost more than 1 million and that the number of organisations that have access to these resources is colossal.
A question I always ask : why should it be a government ? I estimate a budget of one million dollar to create this thing, and that's a high estimate. That's more than a hobbyist budget (through it could be, if made by the original zero-day finders) but in the range of many organizations. It could also very well be a criminal organization who had simply money as their motive. I am sure that with such an infection on so many presumably critical structures, getting more than one million in blackmailing must not be that hard to do...
The DARPA Grand challenge has been won (easily and quickly, I admit) only a few years ago. Give people some time to adapt it into new cars. It take around 5 years from a design concept to a production car.
Especially in the face of other powerful corporate interests that like to flex a lot of legal muscle? Such instances are few and far between. I don't have any plans on living in the UK, but I'd like to support BT
Slashdot Mirror
You can usually pay more to have guarantees. Militaries and industries sometimes do that. Are you ready to pay more money (like 2x or 3x) for software ? Arguably Apple does (used to do) a good job in this area.
Yes, my formulation was silly.
I just hoped that people who say "This comes from evil communist China! It must be stopped !" would just work at making "great freedom-loving America" better.
But yeah, silly reaction to a silly comment. Sorry about that.
I hope Americans see this as a bad thing and that it will sting them to be more competitive.
This kind of article would have been useful BEFORE elections. A slashdot article gives some good press and calling a candidate intelligent and tech-saavy is somehow good for him. Why do we prefer to grumble about bad politicians than trying to help good ones being elected ?
You always depend on a 3rd party to verify it. The entity responsible for the counting can be dishonest even with paper ballots.
I don't know the US system but in France the counting session is public and fraud attempts have to be done under the public's eye. A few attempts have been uncovered that way.
Sure, they can count every vote for #3 as a vote for #2. But the system must then be designed to count the votes incorrectly. This is easy to verify later (take one of each ballot type, feed the votes into the system, see if it is counted properly).
No, that is not easy. The system you propose for instance does not detect votes switching and if it has a way to detect testing session, it can easily have a different behaviour then.
Because if you are not trusting the system to count the votes correctly, why would you trust a person to write down the totals to the proper candidate?
I surely wouldn't trust one people to count the votes correctly without public scrutiny. I mean, if I were in that person's shoes, I would be very tempted to cheat votes, no ? especially if no checks are made afterwards.
So you have a receipt showing that you vote for #3, you know who #3 is, but how can you check that the system counted your vote for #3 as a vote for the candidate you chose ?
Verifiability and anonymity are 2 things out of 3 necessary for a good voting system. The 3rd thing is independence from a third party. If you need to trust a third party to match information, to keep records anonymous or to correctly make a sum, this is not a good evoting machine.
All the current solutions require one of the three constraints to be dumped. That is why the only working occurrences of evoting happen in things like debian lists where anonymity can be dropped. It may not be impossible to cryptographically guarantee the 3 constraints, but this is an active research field of mathematics. Right now some solutions exist but they have really nasty constraints (all voters must participate, and their number must be known at key generation, or they must vote in a given order, etc...)
I believe a satisfying algorithm will finally come, but it is not here yet. So please, instead of funding companies that propose voting black boxes that have laughable security, just give funds to mathematicians and cryptography researchers.
Trust me, a regular American can live happily in many other different "civilizations" once his will have collapsed under the weight of legalausaurus rex (sed lex).
:) Not sure what "know" means when you put stars around it too.
Not sure what you mean about leaving US for a year or two. I must have spent only three weeks in USA in my whole life
Civilization is not limited to US.
Just saying.
Go vote or go organize a riot. There are no other sane position. If you don't go vote and stay home, you are supporting two liars.
Yeah, who cares about openness. It is all about looks and prices... [/sarcasm]
The fact that a drug has passed FDA approval does not shield the Pharma company that made it from any liability - this is a common misconception that is categorically not true.
Ok thanks, that was what I was looking for...
But from a business point of view, there is an interesting advantage to the current situation : their revenue stream is direct from their subscribers, it doesn't go through an indirect route that Google controls and that can vary wildly. Actually, a newspaper doubling its number of subscribers seems to me as a clear success. I would like the open model to work well, but the pay-wall model, when you are called "Times" is clearly workable.
Reducing the number of casualties is reducing the number of potential lawsuits. It also happens to be quite ethical and sensible.
Sure, but reducing the number of lawsuits does not reduce the number of casualties. Depending on what the core objective is, some delays may be useless (or even detrimental) to saving lives. If you have a cure to a disease that kills 1000 people a year but that your cure will maybe cause 10 death per year due to side effects, you can save 1000 lives that would not die because of you but would cause more or less directly 10 deaths that you become legally responsible of.
I think some of the procedures are more useful to shield some people from blame than to increase a product safety.
Seriously though, I think the only people who will be wanting to push cures for the common cold are our employers. I can deal with a slight runny nose every so often.
Sure, but I hijacked this discussion to talk about the more general subject of medicine testing.
I am so waiting that the IP-bubble bursts.
Actually, solving these issues are maybe the single most important political issue to shape the economic face that the 21st century will have.
Sometimes I am caught thinking that reducing these delays (by keeping the whole process safe of course) may be one of the most important things to do in our society.
Does anyone know whether these procedure are optimised to reduce the number of casualties or to reduce the number of potential lawsuits.
In other words, is the main problem legal/political rather than technical ?
As a french keyboard user and C programmer, I must say that I curse the fact that you have to use Alt-Gr for { [ @ # or |
Sure, you get used to it, but it is still less comfortable than using a qwerty keyboard (which I sometimes do).
However, I am too snobbish to write my French emails without accents so I guess I have to accept compromise. Most people here use "é" more often than "{".
What prevents an ISP to declare that crypto data is in fact random spam or to prevent the use of steganography then ?
Well, the number the press is shouting everywhere is that it costs $250,000 to buy a 0-day exploit thatis not public. Of the 4 zero-days used, two were known. That leaves, at most, $500 000 for the two others. There is also a cryptographic certificate to get. I suspect this is at least as much expensive. 1 million is a high-range estimation I, yes, somehow put out of my ass by making very inflated guesses. It could also be a single person discovering the two unknown flaws that used them to steal Realtek's crypto key and made the virus by himself. It could very well be a zero-budget attack, as improbable as this look. All I am saying is that it didn't cost more than 1 million and that the number of organisations that have access to these resources is colossal.
A question I always ask : why should it be a government ? I estimate a budget of one million dollar to create this thing, and that's a high estimate. That's more than a hobbyist budget (through it could be, if made by the original zero-day finders) but in the range of many organizations. It could also very well be a criminal organization who had simply money as their motive. I am sure that with such an infection on so many presumably critical structures, getting more than one million in blackmailing must not be that hard to do...
The DARPA Grand challenge has been won (easily and quickly, I admit) only a few years ago. Give people some time to adapt it into new cars. It take around 5 years from a design concept to a production car.
I don't understand. Are we for net neutrality or against it ?
Once again, someone is not providing a real internet access.
Especially in the face of other powerful corporate interests that like to flex a lot of legal muscle? Such instances are few and far between. I don't have any plans on living in the UK, but I'd like to support BT
Yeah, I support bittorrent too.
There are no such thing as a free lunch, but there are such things as free software. Don't think it is impossible.