They are supposed to check with the Secretary of State's Office in the state of incorporation, a requirement that the business be in good standing, etc.
And what law requires that? Moreover, how is Geotrust going to check the Secretary of State's Office for a company that's incorporated in Bangledesh? Or any company where there's no agency that determines if a business is in good standing? Last I heard the internet is global. You're thinking everyone runs the SSL cert business like Verisign used to. That's simply not the case anymore. Many CERT issuers are also registrars, and will give you a cert for your domain no questions asked, just like they should. You've unfortunately fallen for the CERT issuers marketing scheme, and that's that a signed CERT implies some level of confidence in the business. It does not, and never will.
Proving once again the relative lack of worth of requiring SSL certificates to be signed.
Well, I think relative is the key word here. What a signed SSL cert does protect against is a man-in-the-middle attack. That is, when I connect to https://secure.newegg.com/ and negotiate an encryption session, and don't get a "this certificate not recognized" error, I can be assured that I've actually negotiated with newegg.com, and not some other guy that's sitting in between me and newegg.com and has given me HIS certificate, and not neweggs. That's the only worth of signed certs. Not much, but you take what you can get.
This is the result of years of advertising by cert authorities, Verisign in particular.
Exactly. When I first heard of signed certs, I assumed this too from all the marketing by Verisign. Foolish on my part in retrospect, but hey, SSL was new and what did I know?
So you would support having to share your business plan to get a cert, with certs costing thousands of $CUR just to pay for all of the investigation they would require? After all, in 15 minutes you could register mountain-america.net, set up a really crappy (but no worse than many) looking coffee-shop website, and say that you were going to sell coffee over the internet.
Exactly. Certs have never implied a legitimate business, and really can't do that.
the solution is fixing the process by which people can get SSL certificates in the first place. There need to be more checks and balances. The current process is essentially; give us your money please, ok here's your certificate.. Enjoy!
How is any cert provider going to know that a phisher is going to use a cert for a similarly named website? If I go and buy the domain mountain-america.com, setup a website that looks like I'm going to sell vacations to the mountains on that URL, get my signed cert, then turn around the next day and make it look like the mtnamerica.org website, how is the cert issuer going to read my mind and know that?
No, the answer is that banks need to be issueing some kind of security device that does all the verification. I'm fairly certain all of this is technically possible via everyday encryption.
Of course, the whole idea of phishing is to take advantage of the human tendency to assume waaaay too much.
Oh I agree completely. It's just the article seems to assume there's something wrong with the SSL cert issuer, and I really see litle fault from them. The fault is with banks who're letting people do transactions across the internet without people being able to verify that the bank is who they say they are.
The fatal flaw in the hypothetical course of action is trusting the non-standard domain name...but you can hardly blame Joe Sixpack for that one when so many financial institutions actually use one-off domains or partner sites. I was working on some phishing rules last year and counted something like 5 domains that Citibank used alone.
I think you're absolutely right. The natural inclination of a lot of Slashdot users is to blame the idiot users. To a small degree that's true, but largely I think the banks are to blame here. The bank has decided to offer these services, but hasn't done a whole lot to protect its customers from fraud. There's very little way for Joe Sixpack to verify that the bank is who they say they are. I think banks are going to have to issue some kind of security device (smartcard perhaps) that both validates an encrypted connection to the bank, and verifies the user. Without that, these phishing attacks are only going to get worse.
Beyond the cert saying the business was in Salt Lake City Utah, I don't really see how there was some big confidence broken here. The SSL cert was issued for "www.mountain-america.net". The bank in question is "www.mtnamerica.org". Whoever thinks that a signed SSL certificate is supposed to verify anything other than the person/entity asking for the cert is the same person who owns the domain is assuming waaaay to much.
In essense signed certs are only supposed to protect from a man-in-the-middle attack, not someone being fooled into going to a similarly named website. Why shouldn't I be able to get a signed cert for mountain-america.net if I own it? There's plenty of similarly named legit businesses that all have certs issued to them.
That's really the key question here, and the answer will determine how usefull it is. No one wants a mobile device, be it a PDA or whatever that kills the battery in an hour. I see no technical specs on power consumption, which is a bit worrying since I can only assume that nVidia isn't terribly proud of it.
Well, I think the market is more high end PDAs, or even a competitor to the video iPod. I don't think many people want to play movies on the teeny tiny screen on their cell phone,
I think you're being a bit over-critical. You try designing something given a drastically different environment than we normally design things for, you can't fully test it in the environment, AND you have limited weight, size, etc. This isn't an easy job and shooting for lasting long enough to get the science done isn't such a dumb idea.
Why are you so critical of NASA? Is there some other space agency that's been wildly sucessful that makes NASA look foolish? Seems to me the britsh Beagle smashed into the surface of Mars and was never heard from again. The Soviet Union has had a large number of unsuccessfull Mars missions as well.
They do. But none of this has to do with whether or not this qualifies as "cold" fusion, which it clearly does.
Other than arguing semantics, I don't understand what you point is. It was my understanding that "cold fusion" means fusion that somehow overcomes the normal coulomb repulsion between charged particles without just slamming particles together. Maybe that understanding of the definition of cold fusion is incorrect, and it merely means fusion without what we normally define as "high temperature" (random particle motion, yadda yadda). I think perhaps what the original poster is trying to convey is that this form of fusion is still the normal old "get past the coulomb repulsion by slamming particles together" fusion.
# You can buy music online from other music stores--Rhapsody, Napster, etc (I don't know all of them, 'cause I don't listen to mainstream music, but they're there).
That's true, but does Apple effectively have a monopoly on the market for digital music? I can't answer that question since I really don't buy digital music. The existance of competition doesn't mean Apple doesn't have a monopoly. Linux is an alternative OS for x86 computers, but that doesn't mean Microsoft doesn't have a monopoly on Windows.
You can play iTMS music on any Mac or Windows computer (I think they've got iTunes running on Linux under Crossover Office, but I'm not sure), as well as on any iPod.
Well, this lawsuit is about the iPod, not playing music on your computer. I don't really see how being able to play iTunes music on your computer is really relevent to the lawsuit.
So I'm assuming that there is no way even in principle this technology could be scaled to yield more power than it uses.
From the sound of what's going on, I think that's correct. The thing about a confined fusion generator is that it works through having the plasma at enormous temperatures. At these high temperatures the particles are slamming into each other at high speed, occasionally so hard they fuse together. This fusion itself produces more heat, so there's a feedback loop that's sustaining the reaction. This device sounds like it works through just accelerating particles with an electric field to high speeds, and then smashes the particles into one another. I don't see any potential for feedback here, so a sustained reaction seems unlikely.
That's exactly what I'm talking about - you may have more right to privacy, but you are totally enslaved by it.
That's kind of a funny attitude. So if I didn't have a right to keep my medical information private, I shouldn't care? I don't feel "enslaved" by keeping information private. I want to continue to keep it private, because I feel I benefit from keeping it private. It's not like I _have_ to keep this information private. I guess I fail to understand how someone can be enslaved by having the choice of privacy.
After reading some posts here, I think the idea is that there's a tight integration of iTunes and the iPod. The only real way to buy music legally online (for the vast majority of music) is through iTunes. IIRC music from iTunes will only play on iPod music players. Sure you can burn it to CD, and then re-rip to mp3, but I think that's really missing the point. The vast majority of consumers just aren't going to go through all that hassle.
This is where the idea of unfair competition comes from, since Apple controls both markets. It's difficult for a competitor to get into the portable music player market because there's no large distribution channel for music in mp3 form.
Some people are comparing this to the tight integration of Xbox-360 games with the Xbox-360. I don't think that's a good comparison. XBox 360 games are all specifically created to play on the specific game platform. That's not at all true for music, which is intended to be played on anything compatible with the format.
That's exactly what I'm wondering here. The article didn't really address that question, and seemed more intent on this seemingly ridiculous idea that Apple needs to have a monopoly on selling things called the iPod. Huh? All that needs to happen is that Apple needs to be declared a monopoly on digital music players, and they need to have stiffled competition. What does having a monopoly on a single brand have to do with anything?
I really have no idea if Apple has done any of that, and without and evidence to that fact, then they haven't.
However it IS illegal to use your monopoly to extend unfairly into other areas. Hence, if MS earned a monopoly in the OS market that is ok but if they use it to create a monopoly for browsers or office software then *that* is illegal.
It's a little more broad than that, but your example is essentially correct. I believe what's illegal is using your monopoly power to unfairly squash competition. Microsoft could have fairly competed in the browser market and remained within the law. But when they start fighting unfairly, that's another matter. Essentially when you have a monopoly you have to play by a different set of rules.
Spam is often referred to as UCE "Unsolicited Commercial Email", which his emails were not.
Well, from what the people interviewed say it certainly sounds like the emails were unsolicited. I guess they weren't "commercial" though. (Actually I'm pretty sure most people use the term "Unsolicited bulk email). This stuff easily fits that definition, so I think by most peoples definition, this is spam. It may be all nice and legal, but that doesn't excuse this guy from being an asshole.
If you believe that your data over the internet is private, then you have an odd idea of how the internet works.
I know exactly how the internet works, I just think I have an expectation of privacy. The tools to encrypt your email are publicly available. If you don't use them, you are effectively writing all your emails on postcards.
You'd really need to talk to a lawyer on that one. Expectation of privacy isn't based on interceptability. You need look no further than analog cell phone interception to see that.
I'm not aware of your local customs, but where I live when you leave a job your last employer must provide documentation (for tax purposes) that details your salary earned so far, from this it isn't all that difficult to discern whether you were lying or not in your application - if you care that much. At which point your new employer would be perfectly within his rights to cut your salary. (As I say, you might have a different system).
Wow. Scary. Employers in the US have no such rights to your former salary. That's why we consider it much more private information. In an open system or a closed system, you will most likely get paid the same - playing the game will really only get you so far.
Oh I disagree. It's always to the advantage of the employer to know what your salary history is, and it's always to your detriment. Of course knowing other peoples salaries is beneficial to employees, but your system doesn't provide for that. As to FBI agents with breast possession warrants - your problems are bigger than the porn police knowing your secrets. (Hint: police state).
No doubt. But I was only trying to counter the point that we don't have secrets that are reasonable to keep.
Therefore sure it should be impossible to have a valid trademark? Remember the reasoning behind "Pentium" rather than "586"?
So what is the "TM" doing on it?
My guess it what they've actually trademarked is "Duo Core" and "Solo Core". Notice how those are strange terms like duo, solo, and not common english expressions like dual core, single core that everyone uses to describe multi-core processors. Even Intel can't think they can trademark the word core and get away with it.
Secondly, why would you trust a third party with your secrets?
Because there's laws on the books about wiretapping and reading peoples communications. I'm pretty sure Google couldn't legally offer a service like "Find out if your spouse is cheating on you! Just pay us $20 per search and we'll give you emails with certain key words in them!". If there aren't such laws, there should be.
Slashdot Mirror
They are supposed to check with the Secretary of State's Office in the state of incorporation, a requirement that the business be in good standing, etc.
And what law requires that? Moreover, how is Geotrust going to check the Secretary of State's Office for a company that's incorporated in Bangledesh? Or any company where there's no agency that determines if a business is in good standing? Last I heard the internet is global. You're thinking everyone runs the SSL cert business like Verisign used to. That's simply not the case anymore. Many CERT issuers are also registrars, and will give you a cert for your domain no questions asked, just like they should. You've unfortunately fallen for the CERT issuers marketing scheme, and that's that a signed CERT implies some level of confidence in the business. It does not, and never will.
So if there's DNS poisoning, you could still be talking to another server.
Huh. Interesting. Can you provide any more information on this bug?
Proving once again the relative lack of worth of requiring SSL certificates to be signed.
Well, I think relative is the key word here. What a signed SSL cert does protect against is a man-in-the-middle attack. That is, when I connect to https://secure.newegg.com/ and negotiate an encryption session, and don't get a "this certificate not recognized" error, I can be assured that I've actually negotiated with newegg.com, and not some other guy that's sitting in between me and newegg.com and has given me HIS certificate, and not neweggs. That's the only worth of signed certs. Not much, but you take what you can get.
This is the result of years of advertising by cert authorities, Verisign in particular.
Exactly. When I first heard of signed certs, I assumed this too from all the marketing by Verisign. Foolish on my part in retrospect, but hey, SSL was new and what did I know?
So you would support having to share your business plan to get a cert, with certs costing thousands of $CUR just to pay for all of the investigation they would require? After all, in 15 minutes you could register mountain-america.net, set up a really crappy (but no worse than many) looking coffee-shop website, and say that you were going to sell coffee over the internet.
Exactly. Certs have never implied a legitimate business, and really can't do that.
the solution is fixing the process by which people can get SSL certificates in the first place. There need to be more checks and balances. The current process is essentially; give us your money please, ok here's your certificate.. Enjoy!
How is any cert provider going to know that a phisher is going to use a cert for a similarly named website? If I go and buy the domain mountain-america.com, setup a website that looks like I'm going to sell vacations to the mountains on that URL, get my signed cert, then turn around the next day and make it look like the mtnamerica.org website, how is the cert issuer going to read my mind and know that?
No, the answer is that banks need to be issueing some kind of security device that does all the verification. I'm fairly certain all of this is technically possible via everyday encryption.
Of course, the whole idea of phishing is to take advantage of the human tendency to assume waaaay too much.
Oh I agree completely. It's just the article seems to assume there's something wrong with the SSL cert issuer, and I really see litle fault from them. The fault is with banks who're letting people do transactions across the internet without people being able to verify that the bank is who they say they are.
The fatal flaw in the hypothetical course of action is trusting the non-standard domain name...but you can hardly blame Joe Sixpack for that one when so many financial institutions actually use one-off domains or partner sites. I was working on some phishing rules last year and counted something like 5 domains that Citibank used alone.
I think you're absolutely right. The natural inclination of a lot of Slashdot users is to blame the idiot users. To a small degree that's true, but largely I think the banks are to blame here. The bank has decided to offer these services, but hasn't done a whole lot to protect its customers from fraud. There's very little way for Joe Sixpack to verify that the bank is who they say they are. I think banks are going to have to issue some kind of security device (smartcard perhaps) that both validates an encrypted connection to the bank, and verifies the user. Without that, these phishing attacks are only going to get worse.
Beyond the cert saying the business was in Salt Lake City Utah, I don't really see how there was some big confidence broken here. The SSL cert was issued for "www.mountain-america.net". The bank in question is "www.mtnamerica.org". Whoever thinks that a signed SSL certificate is supposed to verify anything other than the person/entity asking for the cert is the same person who owns the domain is assuming waaaay to much.
In essense signed certs are only supposed to protect from a man-in-the-middle attack, not someone being fooled into going to a similarly named website. Why shouldn't I be able to get a signed cert for mountain-america.net if I own it? There's plenty of similarly named legit businesses that all have certs issued to them.
That's really the key question here, and the answer will determine how usefull it is. No one wants a mobile device, be it a PDA or whatever that kills the battery in an hour. I see no technical specs on power consumption, which is a bit worrying since I can only assume that nVidia isn't terribly proud of it.
Well, I think the market is more high end PDAs, or even a competitor to the video iPod. I don't think many people want to play movies on the teeny tiny screen on their cell phone,
I think you're being a bit over-critical. You try designing something given a drastically different environment than we normally design things for, you can't fully test it in the environment, AND you have limited weight, size, etc. This isn't an easy job and shooting for lasting long enough to get the science done isn't such a dumb idea.
Why are you so critical of NASA? Is there some other space agency that's been wildly sucessful that makes NASA look foolish? Seems to me the britsh Beagle smashed into the surface of Mars and was never heard from again. The Soviet Union has had a large number of unsuccessfull Mars missions as well.
They do. But none of this has to do with whether or not this qualifies as "cold" fusion, which it clearly does.
Other than arguing semantics, I don't understand what you point is. It was my understanding that "cold fusion" means fusion that somehow overcomes the normal coulomb repulsion between charged particles without just slamming particles together. Maybe that understanding of the definition of cold fusion is incorrect, and it merely means fusion without what we normally define as "high temperature" (random particle motion, yadda yadda). I think perhaps what the original poster is trying to convey is that this form of fusion is still the normal old "get past the coulomb repulsion by slamming particles together" fusion.
# You can buy music online from other music stores--Rhapsody, Napster, etc (I don't know all of them, 'cause I don't listen to mainstream music, but they're there).
That's true, but does Apple effectively have a monopoly on the market for digital music? I can't answer that question since I really don't buy digital music. The existance of competition doesn't mean Apple doesn't have a monopoly. Linux is an alternative OS for x86 computers, but that doesn't mean Microsoft doesn't have a monopoly on Windows.
You can play iTMS music on any Mac or Windows computer (I think they've got iTunes running on Linux under Crossover Office, but I'm not sure), as well as on any iPod.
Well, this lawsuit is about the iPod, not playing music on your computer. I don't really see how being able to play iTunes music on your computer is really relevent to the lawsuit.
So I'm assuming that there is no way even in principle this technology could be scaled to yield more power than it uses.
From the sound of what's going on, I think that's correct. The thing about a confined fusion generator is that it works through having the plasma at enormous temperatures. At these high temperatures the particles are slamming into each other at high speed, occasionally so hard they fuse together. This fusion itself produces more heat, so there's a feedback loop that's sustaining the reaction. This device sounds like it works through just accelerating particles with an electric field to high speeds, and then smashes the particles into one another. I don't see any potential for feedback here, so a sustained reaction seems unlikely.
That's exactly what I'm talking about - you may have more right to privacy, but you are totally enslaved by it.
That's kind of a funny attitude. So if I didn't have a right to keep my medical information private, I shouldn't care? I don't feel "enslaved" by keeping information private. I want to continue to keep it private, because I feel I benefit from keeping it private. It's not like I _have_ to keep this information private. I guess I fail to understand how someone can be enslaved by having the choice of privacy.
After reading some posts here, I think the idea is that there's a tight integration of iTunes and the iPod. The only real way to buy music legally online (for the vast majority of music) is through iTunes. IIRC music from iTunes will only play on iPod music players. Sure you can burn it to CD, and then re-rip to mp3, but I think that's really missing the point. The vast majority of consumers just aren't going to go through all that hassle.
This is where the idea of unfair competition comes from, since Apple controls both markets. It's difficult for a competitor to get into the portable music player market because there's no large distribution channel for music in mp3 form.
Some people are comparing this to the tight integration of Xbox-360 games with the Xbox-360. I don't think that's a good comparison. XBox 360 games are all specifically created to play on the specific game platform. That's not at all true for music, which is intended to be played on anything compatible with the format.
So in short, what exactly is the case?
That's exactly what I'm wondering here. The article didn't really address that question, and seemed more intent on this seemingly ridiculous idea that Apple needs to have a monopoly on selling things called the iPod. Huh? All that needs to happen is that Apple needs to be declared a monopoly on digital music players, and they need to have stiffled competition. What does having a monopoly on a single brand have to do with anything?
I really have no idea if Apple has done any of that, and without and evidence to that fact, then they haven't.
However it IS illegal to use your monopoly to extend unfairly into other areas. Hence, if MS earned a monopoly in the OS market that is ok but if they use it to create a monopoly for browsers or office software then *that* is illegal.
It's a little more broad than that, but your example is essentially correct. I believe what's illegal is using your monopoly power to unfairly squash competition. Microsoft could have fairly competed in the browser market and remained within the law. But when they start fighting unfairly, that's another matter. Essentially when you have a monopoly you have to play by a different set of rules.
Spam is often referred to as UCE "Unsolicited Commercial Email", which his emails were not.
Well, from what the people interviewed say it certainly sounds like the emails were unsolicited. I guess they weren't "commercial" though. (Actually I'm pretty sure most people use the term "Unsolicited bulk email). This stuff easily fits that definition, so I think by most peoples definition, this is spam. It may be all nice and legal, but that doesn't excuse this guy from being an asshole.
If you believe that your data over the internet is private, then you have an odd idea of how the internet works.
I know exactly how the internet works, I just think I have an expectation of privacy.
The tools to encrypt your email are publicly available. If you don't use them, you are effectively writing all your emails on postcards.
You'd really need to talk to a lawyer on that one. Expectation of privacy isn't based on interceptability. You need look no further than analog cell phone interception to see that.
I'm not aware of your local customs, but where I live when you leave a job your last employer must provide documentation (for tax purposes) that details your salary earned so far, from this it isn't all that difficult to discern whether you were lying or not in your application - if you care that much. At which point your new employer would be perfectly within his rights to cut your salary. (As I say, you might have a different system).
Wow. Scary. Employers in the US have no such rights to your former salary. That's why we consider it much more private information.
In an open system or a closed system, you will most likely get paid the same - playing the game will really only get you so far.
Oh I disagree. It's always to the advantage of the employer to know what your salary history is, and it's always to your detriment. Of course knowing other peoples salaries is beneficial to employees, but your system doesn't provide for that.
As to FBI agents with breast possession warrants - your problems are bigger than the porn police knowing your secrets. (Hint: police state).
No doubt. But I was only trying to counter the point that we don't have secrets that are reasonable to keep.
Surely "Core" is a generic term?
Therefore sure it should be impossible to have a valid trademark? Remember the reasoning behind "Pentium" rather than "586"?
So what is the "TM" doing on it?
My guess it what they've actually trademarked is "Duo Core" and "Solo Core". Notice how those are strange terms like duo, solo, and not common english expressions like dual core, single core that everyone uses to describe multi-core processors. Even Intel can't think they can trademark the word core and get away with it.
Secondly, why would you trust a third party with your secrets?
Because there's laws on the books about wiretapping and reading peoples communications. I'm pretty sure Google couldn't legally offer a service like "Find out if your spouse is cheating on you! Just pay us $20 per search and we'll give you emails with certain key words in them!". If there aren't such laws, there should be.
It's not reasonable to have an expectation of privacy on the public Internet.
So I don't have an expectation of privacy from the phone company when I call someone? See wiretapping laws.