I purchased some bathroom renovation supplies at HomeDepot in Toronto a few weeks ago. When I was complete, I brought back the parts that I had not used. When I returned them to the customer service desk, the lady scanned the barcode at the bottom of the receipt, and then tossed the valves into the "restock" bins. When I attempted to hand her my credit card to refund the transaction, she looked at me and said "We don't need that..."
I looked at her, and asked how she had my credit card information, and how it was going to be credited to my account. She stated that they store all transaction information specifically so they can speed up the refund process.
I asked to speak to the manager to complain about this, but after waiting for 10 minutes for him to show up, my wife got the better of me, and we had to go...
Gut feeling says this should be against industry best practice, and potentially against Canadian banking and privacy laws, but IANAL.
If you have enought cycles to factor the 2048 bit challenge any time in the near future one would assume that you could easily factor the lesser numbers as well.
This issue that I see is not that there is a technology issue at stake here. PKI, and Trusted Third Parties are only 20% technology. The other 80% (IMHO) is Process, Policy, Procedure etc.
What happened is the process broke down. Someone was able to impersonate Microsoft, and Verisign fell for it. What do you think the chances are that if the Verisign dude who issued the certificates followed the Certificate Policies, and Ceritificate Practice Statements (CP / CPS) that Verisign has spent mucho $$$ on, this would have happened?
I think pretty slim. Had the process been followed, no matter how good the impersonator was, someone would have caught it. Here is an extract from Verisign's CPS:
"Validation of Class 3 certificate applications for organizations includes review by the applicable Class 3 IA of authorization records provided by the applicant or third-party business databases, and independent call-backs ("out-of-band" communications) to the organization"
Obvisously this didn't happen, and thus we have untrusted certs roaming around.
I do a lot of work internationally. I do specialized security work (PKI primarily) and the rates that I get in different countries is as follows:
All rates in USD for ease of comparison:
Canada: 160/hr
US (oakland, SanFran): 250/hr
UK: 300/hr
Norway: 250/hr
So you can see, it really depends on the company. Plus the rate is slightly higher for Private sector work versus Public Sector (gov't).
In the consulting business, the rate that you charge is really what the client is willing to pay. A general rule of thumb: If the client says "Yes" to your first offer, you left money on the table. If they say "Ouch" you give them the "We really want your business, and will discount it X percent" until they say OK.
The moral: companies differ in what they are willing to pay, and the pay scale is different depending on where you are working.
My boss and I share an office, work side by side regularly, and troubleshoot some of the most complex problems together.
What I think it comes down to is mutual respect. He respects that I am the bit biting techy, while I respect that he is business minded part of the equation.
I think we have a pretty open work relationship, and thus I don't feel that he is the enemy when I have a problem. We simply talk about it, and decide what has to be done to resolve it. If it is a technical problem, he ensures that I have all the tools that I need. If it is a business problem, I make sure to try and give him all the raw data that he needs to prove the issue.
All and all a pretty healthly working relationship.
I have all of my preferences set to "NO" on eBay. If I get this email today (like a few other people that I talk to have) I will be suspending my account as well...
I wouldn't say that it would be easy, but if you limit the number of pipes available, and have monitoring software at each, you have pretty much blocked what the ruling party fears to be "contrary" to the party beliefs.
PS: Doesn't Carnivore and Echelon do just this? But instead of blocking just does a "cat incoming.mail |/opt/echelon"
The Supreme court has just overturned this ruling. Based on the Little Sisters bookstore from Vancouver having all their merchandise siezed about 12 years ago. CCRA can no longer stop these types of things at the border. They must be proven to be offensive, and then can be siezed. It is no longer the other way around (ie this "might" be offensive, therefore we will hold it).
A great victory for fredom of expression of you ask me!
Adding a third and fourth party allows the minority candidates to raise many issues that the main two paries do not/will not raise as their primary platform.
An excellent example of this. In canada, the NDP party will NEVER get elected. They are way too socialist. BUT, with them keeping the Liberals and (formerly) Conservatives in check. They raise the issues of social reform, socialist healthcare etc etc, and although the Liberals do not uses this as their primary platform, they do make concessions and integrate some of the NDP platform ideas.
Where do you think our health care system came from?
It's becoming that. There was an article on CNN a few months back about what would happen if Canada were to be annexed by the US (after a successful Quebec separation). It was pretty interesting. Saying things like "The US has already designed the flag to represent 51 states... with canada being the 51st".
Pretty scarry.
Canada is very similar to the US (I travel back and forth from Ottawa regularly) However, there are some subtle differences. Personally, I feel these differences make if very worth while. For example:
SSN (we call it SIN) is protected by LAW.
Privacy is protected by LAW.
Lower tax rates have just been implemented (George W. is just talking about doing this now..)
No unreasonalbe search and seizure.
etc etc.
I was in the Sony store in downtown SF a few weeks ago. I got to play with the carcass of an AIBO (aparently some swift employee that that the AIBO could jump 4 feet off the counter top and live).
Anyway, the point was that the sales lady said that the rumour was the Sony stores would have the AIBOs for sale by Xmas. Could she have meant the new AIBOs cousin???
Wow. This is big. Corel was his baby. Although, if we look at his history, he left mitel when it was in the dumps to start Corel. Corel soared. Now that Corel is in the dumps, he has jumped ship. Do you think the same will happen to the "Linux" company that he starts/joins?
I would argue that it would be a "start" as he does not seem to like inheriting other peoples problems/companies!
After making my "pilgramage" the the Crypto museum, I was fascinated to discover the amount of work that the NSA has done with silicon and custom chips. My question then is this: Does the Special Processing Laboratory have set schedule for the release of new silicon technologies, or is it on a "as needed" basis. ie - We all know that Intel shoots to have a new chip on the market every 8ish months. Does the SPL do the same? And if so, what is the average time from algorithm inception by one of your cryptanalysts/cryptographers to final product in silicon?
My company is a Microsoft Regional Director. We got a handful of these six months ago. They have been passed around the office a few times.
Some folks have their action figures hanging from their necks, others just have them staring blankly from the top of the monitors.
Personally, however, mine "fell forward" into a "RedHat Inside" sticker that I got in my RedHat distro. His chest is now a RedHat fedora. The "MCP" logo on their backpacks also scratches off nicely. A little black marker covers up where it used to be.
He is now a "RedHat" action figure. and sits perched atop my desk scouring @ any M$ apps.
Older browser versions would then still trust the Thawte root (and by extension Entrust.net's root), but the new ones would not.
This is true. I think the point that you are missing is that you have to dowload the intermediate cert to your server to enable the chain of trust to be completed.
Verisign could remove this intermediate cert (as it is now theirs.) and thus one could not complete the installation of an Entrust.net issued cert into their servers.
I agree entirely that older browswers will still trust the Thawte root. Verisign cannot take this away. But at the rate that things are changed in the browser market, newer versions are being released almost every couple of months. It will only take two months for people to stop trusting the Thawte root.
Entrust.net is another certificate provider on the net. They are trying to go head to head with Verisign in the web server market. (They own the enterprise in Canada, and are one of two in the US Gov't PKI architecture)
They did not want to pay the gazillions that it cost to have their CA cert embedded in the browsers, so they got THAWTE to cross cert with them.
This now means that the Entrust.net intermediate cert is OWNED and could be YANKED by Versign. And Verisign could be the only major player.
If this does not happen, then at least we will still have more than ONE choice for server certs.
Slashdot Mirror
I purchased some bathroom renovation supplies at HomeDepot in Toronto a few weeks ago. When I was complete, I brought back the parts that I had not used. When I returned them to the customer service desk, the lady scanned the barcode at the bottom of the receipt, and then tossed the valves into the "restock" bins. When I attempted to hand her my credit card to refund the transaction, she looked at me and said "We don't need that..."
I looked at her, and asked how she had my credit card information, and how it was going to be credited to my account. She stated that they store all transaction information specifically so they can speed up the refund process.
I asked to speak to the manager to complain about this, but after waiting for 10 minutes for him to show up, my wife got the better of me, and we had to go...
Gut feeling says this should be against industry best practice, and potentially against Canadian banking and privacy laws, but IANAL.
The 'telco' that is carrying the VoIP traffic is a national carrier. It is Allstream - Canada's 3rd largest telco, owned by MTS
The traffic will be carried over their national fibre network - has nothing to do with a 'local' telco...
An interview on CNet radio yesterday with the chief research guy @ RSA said that RSA expects to pay the first sum ($10,000) within a year.
If you have enought cycles to factor the 2048 bit challenge any time in the near future one would assume that you could easily factor the lesser numbers as well.
This issue that I see is not that there is a technology issue at stake here. PKI, and Trusted Third Parties are only 20% technology. The other 80% (IMHO) is Process, Policy, Procedure etc.
What happened is the process broke down. Someone was able to impersonate Microsoft, and Verisign fell for it. What do you think the chances are that if the Verisign dude who issued the certificates followed the Certificate Policies, and Ceritificate Practice Statements (CP / CPS) that Verisign has spent mucho $$$ on, this would have happened?
I think pretty slim. Had the process been followed, no matter how good the impersonator was, someone would have caught it. Here is an extract from Verisign's CPS:
"Validation of Class 3 certificate applications for organizations includes review by the applicable Class 3 IA of authorization records provided by the applicant or third-party business databases, and independent call-backs ("out-of-band" communications) to the organization"
Obvisously this didn't happen, and thus we have untrusted certs roaming around.
I do a lot of work internationally. I do specialized security work (PKI primarily) and the rates that I get in different countries is as follows:
All rates in USD for ease of comparison:
Canada: 160/hr
US (oakland, SanFran): 250/hr
UK: 300/hr
Norway: 250/hr
So you can see, it really depends on the company. Plus the rate is slightly higher for Private sector work versus Public Sector (gov't).
In the consulting business, the rate that you charge is really what the client is willing to pay. A general rule of thumb: If the client says "Yes" to your first offer, you left money on the table. If they say "Ouch" you give them the "We really want your business, and will discount it X percent" until they say OK.
The moral: companies differ in what they are willing to pay, and the pay scale is different depending on where you are working.
Hope this sheds some light on the subject!
My boss and I share an office, work side by side regularly, and troubleshoot some of the most complex problems together.
What I think it comes down to is mutual respect. He respects that I am the bit biting techy, while I respect that he is business minded part of the equation.
I think we have a pretty open work relationship, and thus I don't feel that he is the enemy when I have a problem. We simply talk about it, and decide what has to be done to resolve it. If it is a technical problem, he ensures that I have all the tools that I need. If it is a business problem, I make sure to try and give him all the raw data that he needs to prove the issue.
All and all a pretty healthly working relationship.
I have all of my preferences set to "NO" on eBay. If I get this email today (like a few other people that I talk to have) I will be suspending my account as well...
I wouldn't say that it would be easy, but if you limit the number of pipes available, and have monitoring software at each, you have pretty much blocked what the ruling party fears to be "contrary" to the party beliefs.
PS: Doesn't Carnivore and Echelon do just this? But instead of blocking just does a "cat incoming.mail |
The Supreme court has just overturned this ruling. Based on the Little Sisters bookstore from Vancouver having all their merchandise siezed about 12 years ago. CCRA can no longer stop these types of things at the border. They must be proven to be offensive, and then can be siezed. It is no longer the other way around (ie this "might" be offensive, therefore we will hold it).
A great victory for fredom of expression of you ask me!
I disagree.
Adding a third and fourth party allows the minority candidates to raise many issues that the main two paries do not/will not raise as their primary platform.
An excellent example of this. In canada, the NDP party will NEVER get elected. They are way too socialist. BUT, with them keeping the Liberals and (formerly) Conservatives in check. They raise the issues of social reform, socialist healthcare etc etc, and although the Liberals do not uses this as their primary platform, they do make concessions and integrate some of the NDP platform ideas.
Where do you think our health care system came from?
It's becoming that. There was an article on CNN a few months back about what would happen if Canada were to be annexed by the US (after a successful Quebec separation). It was pretty interesting. Saying things like "The US has already designed the flag to represent 51 states... with canada being the 51st".
Pretty scarry.
Canada is very similar to the US (I travel back and forth from Ottawa regularly) However, there are some subtle differences. Personally, I feel these differences make if very worth while. For example:
SSN (we call it SIN) is protected by LAW.
Privacy is protected by LAW.
Lower tax rates have just been implemented (George W. is just talking about doing this now..)
No unreasonalbe search and seizure.
etc etc.
Sign me up!
The question is tho, can you make more money than it costs to purchase the hdd space?
Or do you just do it for sheer fun of it?
I was in the Sony store in downtown SF a few weeks ago. I got to play with the carcass of an AIBO (aparently some swift employee that that the AIBO could jump 4 feet off the counter top and live).
Anyway, the point was that the sales lady said that the rumour was the Sony stores would have the AIBOs for sale by Xmas. Could she have meant the new AIBOs cousin???
So the rumour goes....
I just dumped all of my Corel stock today. Coincidence? I think not!
Wow. This is big. Corel was his baby. Although, if we look at his history, he left mitel when it was in the dumps to start Corel. Corel soared. Now that Corel is in the dumps, he has jumped ship. Do you think the same will happen to the "Linux" company that he starts/joins?
I would argue that it would be a "start" as he does not seem to like inheriting other peoples problems/companies!
After making my "pilgramage" the the Crypto museum, I was fascinated to discover the amount of work that the NSA has done with silicon and custom chips. My question then is this: Does the Special Processing Laboratory have set schedule for the release of new silicon technologies, or is it on a "as needed" basis. ie - We all know that Intel shoots to have a new chip on the market every 8ish months. Does the SPL do the same? And if so, what is the average time from algorithm inception by one of your cryptanalysts/cryptographers to final product in silicon?
I have one of these. I purchased it from futureshop.ca over X-mas. It was also available with their doorcrasher sale on boxing day.
Interesting!
I will have to try and play my MP3s when I get home. Cause if this is the case, then it is pretty sweet.
My company is a Microsoft Regional Director. We got a handful of these six months ago. They have been passed around the office a few times.
Some folks have their action figures hanging from their necks, others just have them staring blankly from the top of the monitors.
Personally, however, mine "fell forward" into a "RedHat Inside" sticker that I got in my RedHat distro. His chest is now a RedHat fedora. The "MCP" logo on their backpacks also scratches off nicely. A little black marker covers up where it used to be.
He is now a "RedHat" action figure. and sits perched atop my desk scouring @ any M$ apps.
Older browser versions would then still trust the Thawte root (and by extension Entrust.net's root), but the new ones would not.
This is true. I think the point that you are missing is that you have to dowload the intermediate cert to your server to enable the chain of trust to be completed.
Verisign could remove this intermediate cert (as it is now theirs.) and thus one could not complete the installation of an Entrust.net issued cert into their servers.
I agree entirely that older browswers will still trust the Thawte root. Verisign cannot take this away. But at the rate that things are changed in the browser market, newer versions are being released almost every couple of months. It will only take two months for people to stop trusting the Thawte root.
Entrust.net is another certificate provider on the net. They are trying to go head to head with Verisign in the web server market. (They own the enterprise in Canada, and are one of two in the US Gov't PKI architecture)
They did not want to pay the gazillions that it cost to have their CA cert embedded in the browsers, so they got THAWTE to cross cert with them.
This now means that the Entrust.net intermediate cert is OWNED and could be YANKED by Versign. And Verisign could be the only major player.
If this does not happen, then at least we will still have more than ONE choice for server certs.
Just my $0.04 Euro.