How can we ever expect to get any use out of this stuff if we're constantly training the users to ignore everything the security software is trying to tell them?
We can't, and we shouldn't. When users regularly see warning messages that are abacadabra to many of those users, the effect is predictable (and well understood): user won't read warnings anymore, and just do whatever is most likely to make the warning disappear.
At that point, you're just wasting user's time, making sure that genuine serious events dive below the radar, and waste system resources / application code (warning dialog boxes, etc) that doesn't get you any real-world gain. Which means that overall, you're doing worse than if you had just silently ignored those warnings.
If you want secure: make it work, solid, and easy to use. If that's too much to ask, better forget about it - a half-baked feeling of security is worse than being aware of its absence.
So an obvious better solution would be to handle invalid/broken security tokens for what they are (non-secure), and don't bother users with it other than small (visible) clues that could be checked by users who care and/or know what they're doing. Eg. expired SSL cert in a browser session -> no warning dialog, show URL like regular URLs in address bar (vs. special markup used for secure connections), and open/no lock icon in status bar.
There are too many now, adding even more just dilutes things further and makes it harder for the consumer.
On the contrary: essentially the domain part of URL's is just a namespace, a 'random' string of Unicode characters. With the TLD part of that namespace having just a 'few' fixed values, that is: using just a small part of all possible codes.
More TLD's means that on average, that namespace is better utilized. So that on average, shorter domain names can be used to select a specific domain (the extreme being to do away with the concept of TLD's, and allow registration of any domain name). And.xxx would (in general) make it easier to predict the nature of a site's contents, before actually hitting it. Technical limitations aside, that's a win-win from user's point of view.
No, AES has been independently vetted and attacked by multiple security organizations. The only flaws that have been discovered in the algorithm are minor and inconsequential.
That only matters if the implementation used doesn't have any important flaws. And a password wasn't stored anywhere by accident or 'overlooked mechanism' (caches etc). And the chosen keylength was enough to make brute-force attack unfeasible. And nobody else has/leaks password.
They don't have to crack a tried & tested algorithm, they only have to find the weakest link. Surely there's many links, most of those weaker than the algorithm itself.
It's always funny when those who try to wrap themselves in the veils of freedom and democracy are generally the first ones who don't want others to know what they're up to.
Perhaps that's because people who need the sort of freedoms & protections that are taken for granted in most democracies, are often the people on the receiving end of the stick where these are missing?
Guess where airlines and the airplane industry would be if we didn't have tourists. The first fee paying space tourist was a far more important experiment than most of the experiments done on the ISS.
Great... so when in say, 40 years, it would finally be possible to book your 2-week trip to the moon, you get there, and... shit: built all full with ugly tourist hotels, no place to find anymore where no-one left his/her footprint. Is that what you gave an arm & a leg for? Zero-grav resort in low earth orbit would have been soooo much cheaper...
(..) when I try to play some "advanced" game I find that just learning the rules and controls takes more time than I meant to spend playing the game, so I give up and go back to a simpler game I already know.
Replace "game" with "application", "operating system", "user interface" or any (non-software) "tool", and IMHO that claim still holds. I hope that software developers realize this; if casual users are to use/enjoy your product, then it:
Should preferably not need a manual. Optimal is when everything works so intuitively that there's no point in providing one.
Should require zero configuration to perform its basic function. But most importantly:
Should have well chosen default settings, set optimal for exactly those casual users. They don't have time to fiddle with settings to get something to work (so will just go off & use something else). 'Hard-core' users will have time to change those defaults into what they want. The other way round doesn't work.
This is exactly what makes eg. Ubuntu into such a popular Linux distro: throw it on a machine, and most of the time everything works out of the box, and default settings & looks are useable / bearable / easy to understand (or a few important settings are easy to find using the GUI). Linux distro's where this isn't the case can still be good, but because of this not for casual or newbie users. Which cuts potential user group right there.
It's a rather weird suggestion as the internet was designed by a government agency.
Well then perhaps a re-design would be in order since role of the internet has changed dramatically since then.
Of course that would be impossible in practice - but some new protocols should be possible. Personally I'd wish to see something that integrates (anonymous) P2P-style file sharing with www-style browsing, secure connections between peers, strong authentication, and ease of use. Why? Because that would do away with a lot of ad-hoc solutions like BT, Tor, Freenet, anonymizing proxies, etc, etc, that we have today. None of which are 'perfect' or as easy to use as http protocol.
Imagine having some source named "XYZ" on the internet, nobody knowing where "XYZ" is located or who it is. You start your browser, and go to 'home page' of XYZ. Then that file is fetched, but not from server somewhere, but from nearest peer (=ordinary user) that also has copy of said file(s). There's some big download on that home page, and when you save it, it gets fetched in BT-style swarming download. All the while using strong authentication that assures you the files you're getting are really from "XYZ" (whomever that may be), and not modified in transit somewhere. With secure connections between peers so that 3rd parties can't see who's getting what, from where.
With http protocol, someone who produces popular contents is 'punished' for that deed when their hosting server gets pounded. Funding popular sites with advertising has kept the internet mostly free (as in beer). Web hosting companies & mirroring services distribute the load across many websites, P2P programs help with distribution of huge files. But each of those is centralised to some degree, vulnerable to attack, and the fundamental issues remain.
Sure there would be some problems with such a protocol like database-generated pages, how to determine what's latest version, or how to send data back to original source. But it would be nice to have an integrated fix for above problems that's as easy & transparent to users as ordinary web surfing. Sites like WikiLeaks wouldn't have to worry about funding, torrent sites wouldn't have to move countries to avoid legal attacks, and government blocking wouldn't work. Sure it would make some illegal activities easier, but I think it would still be a net (no pun intended) positive, in the greater scheme of things. And ordinary website owners wouldn't have to worry about costs / diskspace / bandwidth requirements anymore (apart from uploading 1st copy of files).
Such fanatics watching over their darling phrases, means that revert wars would be won by the folks that 'want it the most', or have the most resources / patience to throw at it. Like in a real-life war... at which point the resulting article may not reflect best / optimal / most correct / neutral point of view.
That's exactly why (IMHO) a 'benevolent dictator' model may work better (at least for some articles), if such benevolent dictator has support from enough experts / peers / visitors. And can be removed from his/her position when that power is abused. Okay - I guess I'm advocating some sort of democratic process here, to elect 'officials' that have the power to control some articles. With clear limits to that power.
As long as the people going to such clinics are willing volunteers, and understand the risks and/or unknowns, what's the problem? That they might speedup research by going ahead with human trials, before a lengthy approval process is passed? As long as those volunteers carry the biggest risk themselves, I don't care.
Any treatment should be judged on its merits IMHO, and support/funding based on real-life results, not on what politicians or critics think of it. If anything, 'serious countries' should send some researchers over to those clinics to check those results. And be happy if they're good. Because whatever you think of treatments like this, if it's new/never tried before on humans, it's relevant to see whatever happens.
My hope is that software patents will be made irrelevant one way or the other... by those countries that don't implement them.
In effect, it's trying to force a (IMHO: ridiculous) concept onto the rest of the world. Some countries may go along with that, and patent holders (& lawyers!) will profit. But other countries may not, and will be able to do things that would require lots of red tape elsewhere. And thus: be more competitive by ignoring software patents.
Any type of 'intellectual property' is only a profitable starter if you can get others to go along. But the more you push things into the realm of ridiculous, the fewer people/countries actually will. And when that happens, you have the red tape slowing you down, they don't.
Copyrights may have a place, patents may have their place (I'm not so sure about either), but patents on pure software constructs are totally uncalled for. The sooner they're abandoned, the better.
Hardly. Of course as an employee it would be safer not to use workplace machines for private affairs at all... but:
It's perfectly reasonable a company should have control over how employees use the employer's equipment. But that should be limited to "work-time spent doing other things", "making sure company gear isn't used for illegal activity", "making sure company network isn't cluttered because company machines are (ab)used for P2P downloads", "blocking access to risky sites, or allowing access only to sites that won't cause malware infections", etc. etc. Summarized: operational issues.
That's something entirely different from "allowing employer to spy on everything an employee does". There's no reasonable grounds for that, period. If the law says otherwise than that law is wrong.
It means brand new, not yesterday, just found today.
I think you may be confusing 'found' with 'published'. Until a vulnerability (or an exploit using that vulnerability) is published, there's no way to know for sure it isn't being exploited. The only way to be sure, is if you are doing the exploiting, or you see yourself being exploited. Lacking that, you won't know if a vulnerability exists, and maybe it's being exploited somewhere below the radar. "Zero day" just means that 'being exploited' and 'published' have an overlap in the same 24-hour timeframe.
Using HTML5 to replace plugins like Flash will in itself do nothing to improve security: right now, those plugins are optional, and if you don't have them installed you have a 'simpler', mature, HTML4-capable browser left. When HTML5 becomes mainstream, that core part of browsers will be even more complex (HTML5 >> HTML4), with fewer optional parts. Or do you think browsers will have a 'disable HTML5 support' somewhere buried in their preferences? (for the sake of simplicity, I'm ignoring whatever HTML5 support may have been built into browsers already).
Which means (other variables unchanged) that the common, core part of popular browsers will be an even larger attack surface. How this would improve security, is beyond me. Of course the fact that 99% have plugins like Flash installed, and that HTML5 core part of browsers will likely be much better maintained & secured than some of those plugins, will help. But again: in itself it means nothing. And don't forget that adding HTML5 support to browsers, means a lot of new code in the first place. Which all needs to be debugged, tested & fixed over time.
So the only thing that really helps, is improving the quality of code that goes out the door in the 1st place. And reduce the amount of code that's needed for an average set of functionality. If HTML5 support in browsers helps us do that, I'm all for it. But don't mistake HTML5 for some kind of silver bullet.
Buzzword or not, "zero day" means a vulnerability that is already being exploited by the time it's published. If vulnerability is published but no exploit exists -> no zero day.
Regardless of what you think of reasons for using that "zero day" label, this is very relevant to end-users: zero day -> you're at risk, NOW. No zero day -> you're probably safe (for the time being, that is).
If things do suddenly head sideways, people distracted by laptops and iPods are much less likely to react accordingly and survive.
Not important... the point is this: if your plane crashes and rescue workers are sorting through the debris & body parts, would you want to be found with an airplane seat stuck in your skull, or with an iPad stuck in your skull?
Keeping in mind that the reality distortion field surrounding an Apple product makes anyone look cooler, the choice is clear: you'll look better with a iPad stuck in your skull. That $10 premium looks like a small price to pay for the privilige, doesn't it? (Apple fanboy or not). On top of that: no worries on compensating the full iPad's price in case it gets damaged in such a crash - you just can't go wrong here!
It is great that people who create content might get paid for doing so (*genuinely). The real issue here is the publishers who's 1980s business models cannot adapt to the 2000s with high speed internet in every home and multiple mobile devices per person. In the long term these publishers will go out of business but not without dragging their feet ruining it for everyone else in the mean time.
No the real issue here is that publishers have enough power to corrupt our political system. To the point where ridicilous/draconian laws are passed in a so-called 'democratic' society. Creating an enormous gap between those laws, and what an average person feels is reasonable.
In a proper democratic society, movie studios' deep pockets & their lobbyists should make exactly 0 difference, copyright/patent/trademark issues should be decided on hard economic evidence and/or scientific merit, and optimal length for those calculated (and lacking hard evidence, be abandoned). Outdated business models would simply die in the free market. None of which is happening. It's okay for anyone (including music business & movies studios) to have an influence on our political systems, but that influence should be limited to arguments, and the number of people working in those businesses (as part of the total population), not how much money they spend on lobbyists, or throwing all-paid private parties for 'friendly' politicians.
What's to stop anyone getting access to this list?
I'd be more worried about what's recorded in that list - I don't read anything in the article that says person-identifying data is hidden / kept in a separate, inaccessible list until a court orders such data be handed over.
If all details are free for checking by 3rd parties, that would mean they could get private and/or identity data without any involvement of a court. Basically sidestepping any legal checks & balances. That is bad for many reasons. And of course once they have such data, they have it, period.
IMHO, ISP's should only turn over private/identity data on direct order of police/intelligence authorities in acute, life-threatening cases (terrorism, kidnappings, that kind of thing). For non-lifethreatening cases, anyone fingered should be able to defend themselves, and a court deciding, before the other party gets private details. Anything else should be regarded as careless handling of customer data on the part of the ISP. And I wouldn't want to be a customer of an ISP that handles private data (mine or anyone else's) carelessly.
I doubt it's meant to prevent a government from breaking into a specific connection, or things like that. If your government wanted to do that, they might also break into your computer remotely & install a keylogger. Governments have resources to pull that kind of crap.
It's more likely meant to prevent large scale snooping on Google traffic, for marketing or other (political?) purposes. And for that purpose, any encryption is strong enough when it makes breaking into connections expensive enough (as in: not worth the effort). I'd guess the bright folks over at Google have determined RC4 128-bit good enough for that purpose.
Message to corporations: if you mess with our privacy, we will parade your rotting corpse down Wall Street and toss it in the Hudson River.
Sounds good, except that it could only work with publicly traded companies. Not with a company that has a few wealthy backers, not with a 2-employee bookstore around the corner or a small mom-and-pop webshop. While those may have the same opportunity to mess with your private data.
And when we decide who we want to share data with, we dont want the company just deciding since it's Tuesday they can change their policy and go ahead and share^H^H^H sell our info anyways.
Perhaps a simple rule could be that users/customers would have to agree explicitly with any changes that would violate previous policy a user said "yes" to. And make it a criminal offence (as in: go to jail) if you ignore that rule - especially for large numbers of users.
For example, if a user previously agreed to a privacy policy that says "company will not share personal facts X/Y/Z with 3rd parties", then any policy change that would share personal facts X/Y/Z with 3rd parties (read: less restrictive in terms of sharing) should require additional, explicit approval from that user. No user approval for the changed policy -> no use of the less restrictive policy (at least for that user). Use of the less restrictive policy without explicit user approval -> criminal offense. With penalties etc. to be applied to the companies CEO's, not the techies implementing those changes. Same thing for new features that share data beyond what the user previously agreed to.
Why? Many sites have this "check back regularly on our privacy policy page" disclaimer, which is BULLSHIT. You have private data kept by many, many companies, and it is just unreasonable to expect people to re-visit privacy policies (or privacy-related user settings) on all those companies, let alone on a regular basis - and detect policy changes. If you change policies, ask users if they're okay with that. While waiting for a "yes", assume they're not. Ignore that -> face severe penalties.
DUDE: Robot, grab me a beer.
iROBOT: I'm sorry, Steve says those are bad for you.
DUDE: Robot, sudo grab me a beer.
iROBOT: One beer coming up, master.
Looks like those fine capitalist companies don't like the competition part of capitalism either. They want protected profits too and screw the free market if that's what it takes.
Perhaps (sometimes) a company may not so much want 'their share of the pie', but rather a more predictable, constant production flow. Keep initial estimates modest & design a hit product, and your production can't keep up (=you're missing profit opportunities). Scale up too early, and you have big / expensive / unused production capacity. It's probably a fine art to walk that line, and I can't help to feel at least some sympathy if a company X tries to smooth out those fluctuations.
Competition increases the risk factor here, and price fixing could be seen as a way to spread that risk over all the competitors in a market. Which isn't that bad by itself, IMHO. It's just that it hurts consumers long-term by enabling weaker competitors to survive, slow innovation (because the incentive to be first-to-market is reduced), and artificially raising prices.
The free market is good for a lot of things, but providing a constant operating environment for the businesses in it, isn't one of them.
Anyone consider the possibility of a device that not only produces energy from the body, but also uses up glucose? A device that conceivably could both help eat up Glucose and POWER a MONITOR to help see how the diabetic is doing??
Forget monitor, just a bio-fueled sensor that beams readings to an external display device (like your BlueTooth-enabled cellphone?). But: I think you need a good reason to implant any foreign object into the body. I can appreciate the urge if you're a diabetic that would benefit from regular blood-sugar monitoring. But if you're going to implant a sensor for that, why not a sensor that measures a much larger set of interesting blood levels? And at that point, it could be interesting for anyone that wants to know how his/her own body is doing, cold-hard-measurements wise.
Imagine a sort of miniturized chemistry-lab-on-a-chip (I'm guessing there are already some suitable examples in existence) that's inserted in a strategic location. To signal you things like: "now would be a good time to eat a potassium-rich food item", "you're just within the legal limit on your blood alcohol", etc. etc. etc. besides watch your glucose level. If application for diabetics drives this forward: good for you.
Slashdot Mirror
How can we ever expect to get any use out of this stuff if we're constantly training the users to ignore everything the security software is trying to tell them?
We can't, and we shouldn't. When users regularly see warning messages that are abacadabra to many of those users, the effect is predictable (and well understood): user won't read warnings anymore, and just do whatever is most likely to make the warning disappear.
At that point, you're just wasting user's time, making sure that genuine serious events dive below the radar, and waste system resources / application code (warning dialog boxes, etc) that doesn't get you any real-world gain. Which means that overall, you're doing worse than if you had just silently ignored those warnings.
If you want secure: make it work, solid, and easy to use. If that's too much to ask, better forget about it - a half-baked feeling of security is worse than being aware of its absence.
So an obvious better solution would be to handle invalid/broken security tokens for what they are (non-secure), and don't bother users with it other than small (visible) clues that could be checked by users who care and/or know what they're doing. Eg. expired SSL cert in a browser session -> no warning dialog, show URL like regular URLs in address bar (vs. special markup used for secure connections), and open/no lock icon in status bar.
There are too many now, adding even more just dilutes things further and makes it harder for the consumer.
On the contrary: essentially the domain part of URL's is just a namespace, a 'random' string of Unicode characters. With the TLD part of that namespace having just a 'few' fixed values, that is: using just a small part of all possible codes.
More TLD's means that on average, that namespace is better utilized. So that on average, shorter domain names can be used to select a specific domain (the extreme being to do away with the concept of TLD's, and allow registration of any domain name). And .xxx would (in general) make it easier to predict the nature of a site's contents, before actually hitting it. Technical limitations aside, that's a win-win from user's point of view.
No, AES has been independently vetted and attacked by multiple security organizations. The only flaws that have been discovered in the algorithm are minor and inconsequential.
That only matters if the implementation used doesn't have any important flaws. And a password wasn't stored anywhere by accident or 'overlooked mechanism' (caches etc). And the chosen keylength was enough to make brute-force attack unfeasible. And nobody else has/leaks password.
They don't have to crack a tried & tested algorithm, they only have to find the weakest link. Surely there's many links, most of those weaker than the algorithm itself.
It's always funny when those who try to wrap themselves in the veils of freedom and democracy are generally the first ones who don't want others to know what they're up to.
Perhaps that's because people who need the sort of freedoms & protections that are taken for granted in most democracies, are often the people on the receiving end of the stick where these are missing?
Guess where airlines and the airplane industry would be if we didn't have tourists. The first fee paying space tourist was a far more important experiment than most of the experiments done on the ISS.
Great... so when in say, 40 years, it would finally be possible to book your 2-week trip to the moon, you get there, and... shit: built all full with ugly tourist hotels, no place to find anymore where no-one left his/her footprint. Is that what you gave an arm & a leg for? Zero-grav resort in low earth orbit would have been soooo much cheaper...
(..) when I try to play some "advanced" game I find that just learning the rules and controls takes more time than I meant to spend playing the game, so I give up and go back to a simpler game I already know.
Replace "game" with "application", "operating system", "user interface" or any (non-software) "tool", and IMHO that claim still holds. I hope that software developers realize this; if casual users are to use/enjoy your product, then it:
This is exactly what makes eg. Ubuntu into such a popular Linux distro: throw it on a machine, and most of the time everything works out of the box, and default settings & looks are useable / bearable / easy to understand (or a few important settings are easy to find using the GUI). Linux distro's where this isn't the case can still be good, but because of this not for casual or newbie users. Which cuts potential user group right there.
It's a rather weird suggestion as the internet was designed by a government agency.
Well then perhaps a re-design would be in order since role of the internet has changed dramatically since then.
Of course that would be impossible in practice - but some new protocols should be possible. Personally I'd wish to see something that integrates (anonymous) P2P-style file sharing with www-style browsing, secure connections between peers, strong authentication, and ease of use. Why? Because that would do away with a lot of ad-hoc solutions like BT, Tor, Freenet, anonymizing proxies, etc, etc, that we have today. None of which are 'perfect' or as easy to use as http protocol.
Imagine having some source named "XYZ" on the internet, nobody knowing where "XYZ" is located or who it is. You start your browser, and go to 'home page' of XYZ. Then that file is fetched, but not from server somewhere, but from nearest peer (=ordinary user) that also has copy of said file(s). There's some big download on that home page, and when you save it, it gets fetched in BT-style swarming download. All the while using strong authentication that assures you the files you're getting are really from "XYZ" (whomever that may be), and not modified in transit somewhere. With secure connections between peers so that 3rd parties can't see who's getting what, from where.
With http protocol, someone who produces popular contents is 'punished' for that deed when their hosting server gets pounded. Funding popular sites with advertising has kept the internet mostly free (as in beer). Web hosting companies & mirroring services distribute the load across many websites, P2P programs help with distribution of huge files. But each of those is centralised to some degree, vulnerable to attack, and the fundamental issues remain.
Sure there would be some problems with such a protocol like database-generated pages, how to determine what's latest version, or how to send data back to original source. But it would be nice to have an integrated fix for above problems that's as easy & transparent to users as ordinary web surfing. Sites like WikiLeaks wouldn't have to worry about funding, torrent sites wouldn't have to move countries to avoid legal attacks, and government blocking wouldn't work. Sure it would make some illegal activities easier, but I think it would still be a net (no pun intended) positive, in the greater scheme of things. And ordinary website owners wouldn't have to worry about costs / diskspace / bandwidth requirements anymore (apart from uploading 1st copy of files).
Such fanatics watching over their darling phrases, means that revert wars would be won by the folks that 'want it the most', or have the most resources / patience to throw at it. Like in a real-life war... at which point the resulting article may not reflect best / optimal / most correct / neutral point of view.
That's exactly why (IMHO) a 'benevolent dictator' model may work better (at least for some articles), if such benevolent dictator has support from enough experts / peers / visitors. And can be removed from his/her position when that power is abused. Okay - I guess I'm advocating some sort of democratic process here, to elect 'officials' that have the power to control some articles. With clear limits to that power.
Why? You mean that making babies costs lots of energy?
...oh wait, it does.
On a more serious note: nice overview of the energy <-> population issue here (by none other than our beloved mr. Gates).
'creepy sites' ? Perhaps, but what if it works?
As long as the people going to such clinics are willing volunteers, and understand the risks and/or unknowns, what's the problem? That they might speedup research by going ahead with human trials, before a lengthy approval process is passed? As long as those volunteers carry the biggest risk themselves, I don't care.
Any treatment should be judged on its merits IMHO, and support/funding based on real-life results, not on what politicians or critics think of it. If anything, 'serious countries' should send some researchers over to those clinics to check those results. And be happy if they're good. Because whatever you think of treatments like this, if it's new/never tried before on humans, it's relevant to see whatever happens.
My hope is that software patents will be made irrelevant one way or the other... by those countries that don't implement them.
In effect, it's trying to force a (IMHO: ridiculous) concept onto the rest of the world. Some countries may go along with that, and patent holders (& lawyers!) will profit. But other countries may not, and will be able to do things that would require lots of red tape elsewhere. And thus: be more competitive by ignoring software patents.
Any type of 'intellectual property' is only a profitable starter if you can get others to go along. But the more you push things into the realm of ridiculous, the fewer people/countries actually will. And when that happens, you have the red tape slowing you down, they don't.
Copyrights may have a place, patents may have their place (I'm not so sure about either), but patents on pure software constructs are totally uncalled for. The sooner they're abandoned, the better.
Hardly. Of course as an employee it would be safer not to use workplace machines for private affairs at all... but:
It's perfectly reasonable a company should have control over how employees use the employer's equipment. But that should be limited to "work-time spent doing other things", "making sure company gear isn't used for illegal activity", "making sure company network isn't cluttered because company machines are (ab)used for P2P downloads", "blocking access to risky sites, or allowing access only to sites that won't cause malware infections", etc. etc. Summarized: operational issues.
That's something entirely different from "allowing employer to spy on everything an employee does". There's no reasonable grounds for that, period. If the law says otherwise than that law is wrong.
It means brand new, not yesterday, just found today.
I think you may be confusing 'found' with 'published'. Until a vulnerability (or an exploit using that vulnerability) is published, there's no way to know for sure it isn't being exploited. The only way to be sure, is if you are doing the exploiting, or you see yourself being exploited. Lacking that, you won't know if a vulnerability exists, and maybe it's being exploited somewhere below the radar. "Zero day" just means that 'being exploited' and 'published' have an overlap in the same 24-hour timeframe.
Using HTML5 to replace plugins like Flash will in itself do nothing to improve security: right now, those plugins are optional, and if you don't have them installed you have a 'simpler', mature, HTML4-capable browser left. When HTML5 becomes mainstream, that core part of browsers will be even more complex (HTML5 >> HTML4), with fewer optional parts. Or do you think browsers will have a 'disable HTML5 support' somewhere buried in their preferences? (for the sake of simplicity, I'm ignoring whatever HTML5 support may have been built into browsers already).
Which means (other variables unchanged) that the common, core part of popular browsers will be an even larger attack surface. How this would improve security, is beyond me. Of course the fact that 99% have plugins like Flash installed, and that HTML5 core part of browsers will likely be much better maintained & secured than some of those plugins, will help. But again: in itself it means nothing. And don't forget that adding HTML5 support to browsers, means a lot of new code in the first place. Which all needs to be debugged, tested & fixed over time.
So the only thing that really helps, is improving the quality of code that goes out the door in the 1st place. And reduce the amount of code that's needed for an average set of functionality. If HTML5 support in browsers helps us do that, I'm all for it. But don't mistake HTML5 for some kind of silver bullet.
Buzzword or not, "zero day" means a vulnerability that is already being exploited by the time it's published. If vulnerability is published but no exploit exists -> no zero day.
Regardless of what you think of reasons for using that "zero day" label, this is very relevant to end-users: zero day -> you're at risk, NOW. No zero day -> you're probably safe (for the time being, that is).
If things do suddenly head sideways, people distracted by laptops and iPods are much less likely to react accordingly and survive.
Not important... the point is this: if your plane crashes and rescue workers are sorting through the debris & body parts, would you want to be found with an airplane seat stuck in your skull, or with an iPad stuck in your skull?
Keeping in mind that the reality distortion field surrounding an Apple product makes anyone look cooler, the choice is clear: you'll look better with a iPad stuck in your skull. That $10 premium looks like a small price to pay for the privilige, doesn't it? (Apple fanboy or not). On top of that: no worries on compensating the full iPad's price in case it gets damaged in such a crash - you just can't go wrong here!
It is great that people who create content might get paid for doing so (*genuinely). The real issue here is the publishers who's 1980s business models cannot adapt to the 2000s with high speed internet in every home and multiple mobile devices per person. In the long term these publishers will go out of business but not without dragging their feet ruining it for everyone else in the mean time.
No the real issue here is that publishers have enough power to corrupt our political system. To the point where ridicilous/draconian laws are passed in a so-called 'democratic' society. Creating an enormous gap between those laws, and what an average person feels is reasonable.
In a proper democratic society, movie studios' deep pockets & their lobbyists should make exactly 0 difference, copyright/patent/trademark issues should be decided on hard economic evidence and/or scientific merit, and optimal length for those calculated (and lacking hard evidence, be abandoned). Outdated business models would simply die in the free market. None of which is happening. It's okay for anyone (including music business & movies studios) to have an influence on our political systems, but that influence should be limited to arguments, and the number of people working in those businesses (as part of the total population), not how much money they spend on lobbyists, or throwing all-paid private parties for 'friendly' politicians.
What's to stop anyone getting access to this list?
I'd be more worried about what's recorded in that list - I don't read anything in the article that says person-identifying data is hidden / kept in a separate, inaccessible list until a court orders such data be handed over.
If all details are free for checking by 3rd parties, that would mean they could get private and/or identity data without any involvement of a court. Basically sidestepping any legal checks & balances. That is bad for many reasons. And of course once they have such data, they have it, period.
IMHO, ISP's should only turn over private/identity data on direct order of police/intelligence authorities in acute, life-threatening cases (terrorism, kidnappings, that kind of thing). For non-lifethreatening cases, anyone fingered should be able to defend themselves, and a court deciding, before the other party gets private details. Anything else should be regarded as careless handling of customer data on the part of the ISP. And I wouldn't want to be a customer of an ISP that handles private data (mine or anyone else's) carelessly.
I doubt it's meant to prevent a government from breaking into a specific connection, or things like that. If your government wanted to do that, they might also break into your computer remotely & install a keylogger. Governments have resources to pull that kind of crap.
It's more likely meant to prevent large scale snooping on Google traffic, for marketing or other (political?) purposes. And for that purpose, any encryption is strong enough when it makes breaking into connections expensive enough (as in: not worth the effort). I'd guess the bright folks over at Google have determined RC4 128-bit good enough for that purpose.
Message to corporations: if you mess with our privacy, we will parade your rotting corpse down Wall Street and toss it in the Hudson River.
Sounds good, except that it could only work with publicly traded companies. Not with a company that has a few wealthy backers, not with a 2-employee bookstore around the corner or a small mom-and-pop webshop. While those may have the same opportunity to mess with your private data.
And when we decide who we want to share data with, we dont want the company just deciding since it's Tuesday they can change their policy and go ahead and share^H^H^H sell our info anyways.
Perhaps a simple rule could be that users/customers would have to agree explicitly with any changes that would violate previous policy a user said "yes" to. And make it a criminal offence (as in: go to jail) if you ignore that rule - especially for large numbers of users.
For example, if a user previously agreed to a privacy policy that says "company will not share personal facts X/Y/Z with 3rd parties", then any policy change that would share personal facts X/Y/Z with 3rd parties (read: less restrictive in terms of sharing) should require additional, explicit approval from that user. No user approval for the changed policy -> no use of the less restrictive policy (at least for that user). Use of the less restrictive policy without explicit user approval -> criminal offense. With penalties etc. to be applied to the companies CEO's, not the techies implementing those changes. Same thing for new features that share data beyond what the user previously agreed to.
Why? Many sites have this "check back regularly on our privacy policy page" disclaimer, which is BULLSHIT. You have private data kept by many, many companies, and it is just unreasonable to expect people to re-visit privacy policies (or privacy-related user settings) on all those companies, let alone on a regular basis - and detect policy changes. If you change policies, ask users if they're okay with that. While waiting for a "yes", assume they're not. Ignore that -> face severe penalties.
You're doing it wrong:
DUDE: Robot, grab me a beer.
iROBOT: I'm sorry, Steve says those are bad for you.
DUDE: Robot, sudo grab me a beer.
iROBOT: One beer coming up, master.
Then I wonder if cows and their food can live in space.
They already do. What you mean is "how much smaller can you make a spaceship in which cows & their food are living".
Looks like those fine capitalist companies don't like the competition part of capitalism either. They want protected profits too and screw the free market if that's what it takes.
Perhaps (sometimes) a company may not so much want 'their share of the pie', but rather a more predictable, constant production flow. Keep initial estimates modest & design a hit product, and your production can't keep up (=you're missing profit opportunities). Scale up too early, and you have big / expensive / unused production capacity. It's probably a fine art to walk that line, and I can't help to feel at least some sympathy if a company X tries to smooth out those fluctuations.
Competition increases the risk factor here, and price fixing could be seen as a way to spread that risk over all the competitors in a market. Which isn't that bad by itself, IMHO. It's just that it hurts consumers long-term by enabling weaker competitors to survive, slow innovation (because the incentive to be first-to-market is reduced), and artificially raising prices.
The free market is good for a lot of things, but providing a constant operating environment for the businesses in it, isn't one of them.
Anyone consider the possibility of a device that not only produces energy from the body, but also uses up glucose? A device that conceivably could both help eat up Glucose and POWER a MONITOR to help see how the diabetic is doing??
Forget monitor, just a bio-fueled sensor that beams readings to an external display device (like your BlueTooth-enabled cellphone?). But: I think you need a good reason to implant any foreign object into the body. I can appreciate the urge if you're a diabetic that would benefit from regular blood-sugar monitoring. But if you're going to implant a sensor for that, why not a sensor that measures a much larger set of interesting blood levels? And at that point, it could be interesting for anyone that wants to know how his/her own body is doing, cold-hard-measurements wise.
Imagine a sort of miniturized chemistry-lab-on-a-chip (I'm guessing there are already some suitable examples in existence) that's inserted in a strategic location. To signal you things like: "now would be a good time to eat a potassium-rich food item", "you're just within the legal limit on your blood alcohol", etc. etc. etc. besides watch your glucose level. If application for diabetics drives this forward: good for you.