It's probably because SSL is like the 800lb gorilla... There are many components of the process: exchanging credentials, establishing the session, parsing the ASN.1 certificates, verifying the authority chain, etc. There was an article posted to Slashdot a month or two ago where someone that had a cryptographical background analyzed a handful of open-source tunneling apps and declared that they really stunk from a security standpoing. One of his conclusions was that developers seemed to have come upon the huge complexity of SSL/TLS and thouht to themselves, "I don't need all that garbage, I'll just roll my own with only the relevent parts." However, his conclusion was that all that cruft and complexity of SSL was why it was secure and that with few exceptions the best choice would have been to simply use existing SSL libs, even if they were large and cumbersome. To do otherwise made certain compromises, making certain attacks more feasible.
There are still alternatives. You could buy the book used instead of new, in which case the publisher would not record a new sale and so to them it's just as if you hadn't bought anything. Or you could choose to just skip the book. Of course this doesn't work in every situation, but there are certainly some instances where a book isn't absolutely necessary for the class. So some people choose to skip it, or perhaps buy one copy and share between several classmates.
They teach you this in econ101, it's called price discrimination. If you can judge exactly what each person is willing to pay and then set that as the price, you will maximize your profit. You can easily show this using some "area under the graph" explanation. The classic example is the movie theater ticket prices. The operators know that there are some people out there that would like to see the movie, but not for the full admission price. So they offer senior citizens a $2 discount, for example. They have realized that senior citizens, as a group are willing to pay less for things, and because it's easy to categorize people by age, it's easy to set prices that take advantage of this. The ultimate goal of discriminatory pricing is to be able to set each price for each ticket individually, based on some omniscient knowledge of what that person is willing to pay.
Anyway, this applies to the textbook industry as well. The publishers have realized that they have two sets of customers that are easily segregated, and so they can set different prices for these different groups of people. They've discovered that Americans are willing to pay a lot more for books, perhaps because as a group the American college students tend to have a lot of money to throw around. (Note that I'm not saying that college kids are all rich, just that if you're going to college you likely have enough money to support the many thousands in tuition, or you have loans and financial aid... either way you are spending a lot of money on education.)
Anyway, they've determined that as a group Americans are willing to pay more than people in those other countries, and therefore it makes perfect sense to charge more. Part of this I'm sure is due to different standards of living, and all the other stuff they use to justify it. But in the end it just boils down to the simple fact that if you can divide your customers into groups based on what they're willing to pay and then set prices accordingly, you will maximize your profits.
Here's a copy of the original lawsuit which was filed by the world's most incompetant lawer, Mark Felstein who was hired by a bunch of Boca Raton chickenboner spammer scumbags, under the auspices of this "emarketersamerica" front. A summary of the charges is here. You can also read the defendant's item-by-item reply to the original complaint. It's quite funny, actually, and reminds me of IBM's response to SCO's bullshit where they basically state that every allegation is false to fact, other than the obvious, such as "IBM sells computers".
Except in this case, the spammer plaintifs were so incompetant that they couldn't even formulate a single complaint that had any basis in law. They also tried to file a temporary restraining order against spamhaus, which the Florida judge basically laughed at. The suit was really just a big case of harassment, and a ploy to somehow reveal the identity of the anonymous party[1] behind SPEWS -- which is not Steve Linford or Spamhaus, as a lot of these slashdot stories seem to imply. Spamhaus was just one of about 13 various mirrors that distributed the SPEWS DNS blocklist.
Yeah right, so that's why there are web pages dedicated to listing all the security flaws that are still unpatched months after being discovered. Gates is applying some form of whacked out selective logic, where apparently the only flaws that exist are those that make it up the chain to upper management -- those are patched pretty quick. But the dozens of others that MS replies to with "nah, we don't think this is serious at all" just cause the person who discovered it to write an exploit and wait his 30 days or whatever after notification before divulging the exploit... Only THEN does MS even begin to take note.
If I had a dime for every message posted to BugTraq that followed this pattern, I'd be rich: "Discover bug. Notify MS. Be ignored. Write exploit. Post exploit. Patch arrives, several months after initial notification."
My, how many people rushed to provide a link to the Distributed Proofreading site. Next time, could you all try maybe reading the comments first? There must be at least 10 posts cheerfully urging one to try out the site, as if no one else had mentioned it yet. That's great and all, but how about we just mod up whoever was first and mod down the rest. This is truly what the "Redundant" moderation option is for.
To help ensure credibility, when you submit information about a particular individual or organization they will be contacted, allowing them to confirm or deny the information you submitted. Much like an FBI file, the information remains whether or not it turned out to be true.
So, if something outrageous is posted, there are several possibilities: It's true but denied by the agency, true and confirmed by the agency, or false and refuted by the agency. I would venture that most items of interest would fall into the second category. I.e., the value of the site will be to collect into one place a collection of many such observations. In other words, there are probably all sorts of questionable things going on (none of which are individually denied by any agency involved), but they're happening in small bites here and there and so easy to ignore unless they are all collected into one place.
Suddenly I just had a flashback of trying lower and lower values for S11 (or whatever it was that controlled the duration of the dialing tones) so that I could keep redialing as fast as possible that really popular BBS that was always busy. There was some threshold where the phone company's system just wouldn't recognise the number anymore, but it was really fast at that point.:-)
Actually, I read somewhere that a lot of thoise Point-of-Sale ATM/credit card terminals use 2400 baud modems, even today. The reasoning behind this was that the handshaking time to establish a 2400 baud connection is pretty quick, compared to the amount of negotiation, ranging, noise characterization, echo cancellation, etc. that goes on with a modern v.90 connection. Anyone that was around as modems progressed from the early days to the modern standards knows the old joke about how f'cking long the handshake has gotten compared to the old days. And for those little CC terminals that don't have a dedicated phone line, it's great to be able to quickly call up, connect, exchange a small amount of data, and hang up.
These changes do correct the major security weaknesses of the original protocol: the inclusion of the LAN Manager hash function and the use of the same OFB encryption key multiple times. However, many security problems are still unaddressed: e.g., how the client protects itself, the fact that the encryption key has the same entropy as the user's password, and the fact that enough data is passed on the wire to allow attackers to mount crypt-and-compare attacks.
Just remember that the most common reason for using PPTP is to interface with a Microsoft product... And MS's PPTP is ripe for the attacker and calling it secure is pretty laughable.
It's not unique to.museum. A lot of the country-code top level domains do this, such as.tk,.us, and.nu. The outrage is that Versign did it for the entire.com/.net which is significantly more domains than all the country-code domains combined. And, they are not in a position of "owning" those domains, we just give them stewardship of them. In other words it shouldn't have been their decision to make. If the King of Tongo (or whoever controlls.to) wants all wildcards to go to a domain-for-sale page, then fine.
The Bugatti Veyron 16/4 has got both of those beat for acceleration, and it's a steal at 750,000 Euros. (It's estimated to hit 0-60 in 3.0 seconds or less.)
It keeps track of songs that you listen to, yes. It does this so as to decide who is deserving of the credits, not to restrict what you can or can't do. You're confusing cause and effect here. The player keeps track of who you're listing to so that that person can get their fair share, not the other way around. You are not limited in any way on what you're allowed to listen to. The recording is so that at the end of the month or whatever you can easily see who you listened to and donate to them proportionally.
And if you'd read the article you'd know that this was simply the default behavior. Under his plan the end user has complete control over who they give the credits to, with the default of them going in proportion to the artists you listen to.
Put yet another way, you don't "spend the credits to download music", you download as much music as you want from whomever and whereever you choose, and donate your credits to whomever you want -- which by default, is the artists that you've listened to the most. You could turn off the logging and donate all of your credits to the same band every month, if you wanted to.
Except that the entire success and corpus of this website is from the "contributors", the thousands of people that dig up stories and post all these comments. Nobody comes to slashdot to read Malda's typos, bad grammar, and utter lack of editorial skill. Don't you think it's in poor taste to completely ignore that and proclaim "the website is where it is today because of Taco, and you get no say because you had nothing to do with it"?
Oh, and BTW, slashdot has nowhere close to 3/4 million members. Just because the user ID ticker is in the 700-thousands doesn't mean there are anywhere near that many members. They've said before that the vast majority of those are unused, lost passwords, temp accounts, multiple-troll-personalities, etc.
You're not understanding. Listening does not require credits. You can listen to as much as you want, from whomever you want, in any quantity, without any restriction of any kind. That's the whole point of this. In return, you give your credits to whoever you thinks deserves them. BY DEFAULT that would be the artist that you listened to the most, but it doesn't have to be. You could give each and every credit to the John Denver Foundation even if you only listen to Black Metal, if that's what you wanted to. You could even give them back to yourself. The point is most people WANT a way to reward the artists they like, and this gives them that way to be honest but without imposing any restrictions.
jesus christ, that's about the most piddleshit gayest thing I've ever seen. Let me know when you want to actually get anything DONE with your computer. What a waste of time.
C'mon, this is crap. You're assuming that this "acceleration" exists in an inertial reference frame, i.e. a flat horizontal frictionless surface. You can't just apply some acceleration to get to a velocity and then maintain a constant velocity the whole way up until you want to decelerate. The whole time that you are going up this elevator you are resisting the force of gravity, just like a normal Earth-bound elevator. You say "we'll accelerate the thing at 1/10g" but to do that you need to overcome gravity by that amount, which means you need a force equivalent of "11/10*g*m" which is not small at all. This thing will be lucky to have enough force to overcome gravity, let alone exceed it. In other words it will be moving at a more or less constant and slow rate the whole way up.
This whole deal is the equivalent of shooting something straight up into the air, only instead of having to give it the entire push at the start, you can slowly climb upwards. Put it another way, the Shuttle and all other launch vehicles have to spend an enormous amount of energy to get into orbit -- propelling thousands of tons to 14,000 mph is hard. This is no different, it requires the same amount of energy. Except, you can supply that energy with electricity and you can spend it at a much slower rate. Think "kid climbing up a rope in gym class" verses "kid trying to jump to top of gymnasium in one leap." In both cases it takes "m*g*h" Joules of energy to get to a given height (and that's a very big number) but in the case of the rope climb you can expend that energy slowly but surely.
The problem here is that "joe the open-source patent debunker" is not a patent lawyer. The patents are written and targeted very specifically, and prior art must be shown precisely satisfy each and every claim to a 'tee' or else it does not invalidate anything.
In other words, I don't think the issue is lack of people with the desire or motivation, I think it's more a lack of enough people with the suitable background and training in patent law. Surely there are some patent lawyers out there that would be interested in reforming their field, but I must admit they are most likely in the minority, and that's a problem. "Why rock the boat?" and all.
Agreed. This whole "downforce" bullshit is pure fiction at anything below 100-120 mph. People that add wings or spoilers are doing it because they look good, not because it does anything -- i.e. pure rice. I personally cannot understand why anyone would want to do that as I think they just look like you want to be a poseur. But yet go cruize around on any popular street on the weekends and I'm sure you'll find a handful of ricers with some cheap plastic contraption held on to their hood with pressure-sensitive tape.
If you really gave a shit about weight balance, you'd do something like relocate the battery to the trunk.
And don't even get me started on those huge rims that weight significantly more than stock, or cut springs that cause the camber to be visiablly off (and the ride to be incredibly harsh.) Why do people do things that are supposed to make a car look faster that actually make it slower and handle worse? The mind boggles.
Slashdot Mirror
It's probably because SSL is like the 800lb gorilla... There are many components of the process: exchanging credentials, establishing the session, parsing the ASN.1 certificates, verifying the authority chain, etc. There was an article posted to Slashdot a month or two ago where someone that had a cryptographical background analyzed a handful of open-source tunneling apps and declared that they really stunk from a security standpoing. One of his conclusions was that developers seemed to have come upon the huge complexity of SSL/TLS and thouht to themselves, "I don't need all that garbage, I'll just roll my own with only the relevent parts." However, his conclusion was that all that cruft and complexity of SSL was why it was secure and that with few exceptions the best choice would have been to simply use existing SSL libs, even if they were large and cumbersome. To do otherwise made certain compromises, making certain attacks more feasible.
It's good that he's retiring. He hasn't been looking so good recently.
There are still alternatives. You could buy the book used instead of new, in which case the publisher would not record a new sale and so to them it's just as if you hadn't bought anything. Or you could choose to just skip the book. Of course this doesn't work in every situation, but there are certainly some instances where a book isn't absolutely necessary for the class. So some people choose to skip it, or perhaps buy one copy and share between several classmates.
They teach you this in econ101, it's called price discrimination. If you can judge exactly what each person is willing to pay and then set that as the price, you will maximize your profit. You can easily show this using some "area under the graph" explanation. The classic example is the movie theater ticket prices. The operators know that there are some people out there that would like to see the movie, but not for the full admission price. So they offer senior citizens a $2 discount, for example. They have realized that senior citizens, as a group are willing to pay less for things, and because it's easy to categorize people by age, it's easy to set prices that take advantage of this. The ultimate goal of discriminatory pricing is to be able to set each price for each ticket individually, based on some omniscient knowledge of what that person is willing to pay.
Anyway, this applies to the textbook industry as well. The publishers have realized that they have two sets of customers that are easily segregated, and so they can set different prices for these different groups of people. They've discovered that Americans are willing to pay a lot more for books, perhaps because as a group the American college students tend to have a lot of money to throw around. (Note that I'm not saying that college kids are all rich, just that if you're going to college you likely have enough money to support the many thousands in tuition, or you have loans and financial aid... either way you are spending a lot of money on education.)
Anyway, they've determined that as a group Americans are willing to pay more than people in those other countries, and therefore it makes perfect sense to charge more. Part of this I'm sure is due to different standards of living, and all the other stuff they use to justify it. But in the end it just boils down to the simple fact that if you can divide your customers into groups based on what they're willing to pay and then set prices accordingly, you will maximize your profits.
The size of a big spruce tree? Huh? I'm a slashdotter, do you think I have -any- idea how big trees are? Like I'd actually ever go outdoors...
I'm afraid I'm going to need that converted to Volkswagon-beetles, the universally accepted mass media unit of size.
Here's a copy of the original lawsuit which was filed by the world's most incompetant lawer, Mark Felstein who was hired by a bunch of Boca Raton chickenboner spammer scumbags, under the auspices of this "emarketersamerica" front. A summary of the charges is here. You can also read the defendant's item-by-item reply to the original complaint. It's quite funny, actually, and reminds me of IBM's response to SCO's bullshit where they basically state that every allegation is false to fact, other than the obvious, such as "IBM sells computers".
Except in this case, the spammer plaintifs were so incompetant that they couldn't even formulate a single complaint that had any basis in law. They also tried to file a temporary restraining order against spamhaus, which the Florida judge basically laughed at. The suit was really just a big case of harassment, and a ploy to somehow reveal the identity of the anonymous party[1] behind SPEWS -- which is not Steve Linford or Spamhaus, as a lot of these slashdot stories seem to imply. Spamhaus was just one of about 13 various mirrors that distributed the SPEWS DNS blocklist.
You can find more details here.
[1]<cough>Terry H. Gilsenan aka "Posopis Menaga" (pidgin for "postmaster")
Yeah right, so that's why there are web pages dedicated to listing all the security flaws that are still unpatched months after being discovered. Gates is applying some form of whacked out selective logic, where apparently the only flaws that exist are those that make it up the chain to upper management -- those are patched pretty quick. But the dozens of others that MS replies to with "nah, we don't think this is serious at all" just cause the person who discovered it to write an exploit and wait his 30 days or whatever after notification before divulging the exploit... Only THEN does MS even begin to take note.
If I had a dime for every message posted to BugTraq that followed this pattern, I'd be rich: "Discover bug. Notify MS. Be ignored. Write exploit. Post exploit. Patch arrives, several months after initial notification."
My, how many people rushed to provide a link to the Distributed Proofreading site. Next time, could you all try maybe reading the comments first? There must be at least 10 posts cheerfully urging one to try out the site, as if no one else had mentioned it yet. That's great and all, but how about we just mod up whoever was first and mod down the rest. This is truly what the "Redundant" moderation option is for.
So, if something outrageous is posted, there are several possibilities: It's true but denied by the agency, true and confirmed by the agency, or false and refuted by the agency. I would venture that most items of interest would fall into the second category. I.e., the value of the site will be to collect into one place a collection of many such observations. In other words, there are probably all sorts of questionable things going on (none of which are individually denied by any agency involved), but they're happening in small bites here and there and so easy to ignore unless they are all collected into one place.
Suddenly I just had a flashback of trying lower and lower values for S11 (or whatever it was that controlled the duration of the dialing tones) so that I could keep redialing as fast as possible that really popular BBS that was always busy. There was some threshold where the phone company's system just wouldn't recognise the number anymore, but it was really fast at that point. :-)
Actually, I read somewhere that a lot of thoise Point-of-Sale ATM/credit card terminals use 2400 baud modems, even today. The reasoning behind this was that the handshaking time to establish a 2400 baud connection is pretty quick, compared to the amount of negotiation, ranging, noise characterization, echo cancellation, etc. that goes on with a modern v.90 connection. Anyone that was around as modems progressed from the early days to the modern standards knows the old joke about how f'cking long the handshake has gotten compared to the old days. And for those little CC terminals that don't have a dedicated phone line, it's great to be able to quickly call up, connect, exchange a small amount of data, and hang up.
Timeshare, eh? So did you opt for the free boat or the mystery box?
Nah, still too many syllables. How about we coin the unit "megasquirt"? Oh, wait, that's already taken.
Just remember that the most common reason for using PPTP is to interface with a Microsoft product... And MS's PPTP is ripe for the attacker and calling it secure is pretty laughable.
It's not unique to .museum. A lot of the country-code top level domains do this, such as .tk, .us, and .nu. The outrage is that Versign did it for the entire .com/.net which is significantly more domains than all the country-code domains combined. And, they are not in a position of "owning" those domains, we just give them stewardship of them. In other words it shouldn't have been their decision to make. If the King of Tongo (or whoever controlls .to) wants all wildcards to go to a domain-for-sale page, then fine.
The Bugatti Veyron 16/4 has got both of those beat for acceleration, and it's a steal at 750,000 Euros. (It's estimated to hit 0-60 in 3.0 seconds or less.)
It keeps track of songs that you listen to, yes. It does this so as to decide who is deserving of the credits, not to restrict what you can or can't do. You're confusing cause and effect here. The player keeps track of who you're listing to so that that person can get their fair share, not the other way around. You are not limited in any way on what you're allowed to listen to. The recording is so that at the end of the month or whatever you can easily see who you listened to and donate to them proportionally.
And if you'd read the article you'd know that this was simply the default behavior. Under his plan the end user has complete control over who they give the credits to, with the default of them going in proportion to the artists you listen to.
Put yet another way, you don't "spend the credits to download music", you download as much music as you want from whomever and whereever you choose, and donate your credits to whomever you want -- which by default, is the artists that you've listened to the most. You could turn off the logging and donate all of your credits to the same band every month, if you wanted to.
Except that the entire success and corpus of this website is from the "contributors", the thousands of people that dig up stories and post all these comments. Nobody comes to slashdot to read Malda's typos, bad grammar, and utter lack of editorial skill. Don't you think it's in poor taste to completely ignore that and proclaim "the website is where it is today because of Taco, and you get no say because you had nothing to do with it"?
Oh, and BTW, slashdot has nowhere close to 3/4 million members. Just because the user ID ticker is in the 700-thousands doesn't mean there are anywhere near that many members. They've said before that the vast majority of those are unused, lost passwords, temp accounts, multiple-troll-personalities, etc.
yeah, because that "0.5% per blank CDR" tax is really "everything you have", that's just going to totally make you homeless and pennyless.
You're not understanding. Listening does not require credits. You can listen to as much as you want, from whomever you want, in any quantity, without any restriction of any kind. That's the whole point of this. In return, you give your credits to whoever you thinks deserves them. BY DEFAULT that would be the artist that you listened to the most, but it doesn't have to be. You could give each and every credit to the John Denver Foundation even if you only listen to Black Metal, if that's what you wanted to. You could even give them back to yourself. The point is most people WANT a way to reward the artists they like, and this gives them that way to be honest but without imposing any restrictions.
jesus christ, that's about the most piddleshit gayest thing I've ever seen. Let me know when you want to actually get anything DONE with your computer. What a waste of time.
C'mon, this is crap. You're assuming that this "acceleration" exists in an inertial reference frame, i.e. a flat horizontal frictionless surface. You can't just apply some acceleration to get to a velocity and then maintain a constant velocity the whole way up until you want to decelerate. The whole time that you are going up this elevator you are resisting the force of gravity, just like a normal Earth-bound elevator. You say "we'll accelerate the thing at 1/10g" but to do that you need to overcome gravity by that amount, which means you need a force equivalent of "11/10*g*m" which is not small at all. This thing will be lucky to have enough force to overcome gravity, let alone exceed it. In other words it will be moving at a more or less constant and slow rate the whole way up.
This whole deal is the equivalent of shooting something straight up into the air, only instead of having to give it the entire push at the start, you can slowly climb upwards. Put it another way, the Shuttle and all other launch vehicles have to spend an enormous amount of energy to get into orbit -- propelling thousands of tons to 14,000 mph is hard. This is no different, it requires the same amount of energy. Except, you can supply that energy with electricity and you can spend it at a much slower rate. Think "kid climbing up a rope in gym class" verses "kid trying to jump to top of gymnasium in one leap." In both cases it takes "m*g*h" Joules of energy to get to a given height (and that's a very big number) but in the case of the rope climb you can expend that energy slowly but surely.
The problem here is that "joe the open-source patent debunker" is not a patent lawyer. The patents are written and targeted very specifically, and prior art must be shown precisely satisfy each and every claim to a 'tee' or else it does not invalidate anything.
In other words, I don't think the issue is lack of people with the desire or motivation, I think it's more a lack of enough people with the suitable background and training in patent law. Surely there are some patent lawyers out there that would be interested in reforming their field, but I must admit they are most likely in the minority, and that's a problem. "Why rock the boat?" and all.
Agreed. This whole "downforce" bullshit is pure fiction at anything below 100-120 mph. People that add wings or spoilers are doing it because they look good, not because it does anything -- i.e. pure rice. I personally cannot understand why anyone would want to do that as I think they just look like you want to be a poseur. But yet go cruize around on any popular street on the weekends and I'm sure you'll find a handful of ricers with some cheap plastic contraption held on to their hood with pressure-sensitive tape.
If you really gave a shit about weight balance, you'd do something like relocate the battery to the trunk.
And don't even get me started on those huge rims that weight significantly more than stock, or cut springs that cause the camber to be visiablly off (and the ride to be incredibly harsh.) Why do people do things that are supposed to make a car look faster that actually make it slower and handle worse? The mind boggles.