The money for student loans comes from private banks, not the government. The government sets up the marketplace for student loans and provides a small amount of subsidies, but the money you owe is owed to a private institution, not the government.
On the subsidized loans the government pays the interest while you are in school or if you have some form of legitimate financial emergency. The government also guarantees the loans, so it will pick up the tab if you fail to pay (since these loans don't get wiped out in bankruptcy this case pretty much only occurs if you die or are delinquent for an extended period of time). The money may go to a private institution, but the government assumes all the risk.
The rate for a 30-year mortgage is around 5%,' Lee said. 'Why should anyone have to pay 8.5%?
Because if you default on the mortgage, they can take your house. Education repossession technology is still in beta. Even when it works it and rarely returns anything of value.
Yes, because clearly paying taxes isn't a return on the government's investment.
Though, I suppose the attacker could try and get me to go through the entire TAN list, faking failures every time. I don't know how many people would go through 200 failures before calling the bank though.
If the cracker has hijacked your computer then once you're logged in they know the balance in your account. It seems to me that they only need to present you with a single convincing page to get you to give them a one-time pad that can be used to drain your account (at least up to your withdrawal limit, if you have one).
Also as I said, do you have a better and practicable idea
I doubt that the example I've given will be rare for long, computer criminals have proven that they are able to adapt to new techniques when they've been shown to work. Personally, I think that two-factor authentication is an improvement and is a good first step, but I believe that "train your users to be smarter" is a practical idea and will work much better in the long run.
Not to nickpick, but it's pretty easy to trick users. For example, let's say the bank website says this when you perform a transaction:
Please enter the transfer amount (123456) into the security token and enter the unique transaction authentication code:
A cracker could easily perform this action during the login process and replace the page the user is expecting with something like this:
Your login failed to process due to an authentication key timeout problem. Please enter the new unique key 123456 into the security token and try again.
Because a 2 factor authentication token like an RSA key changes every 10 or so seconds so by the time Bad Guy #1 has finished parsing that log the 2nd authentication factor is out of date. The far cheaper way of doing this which most banks in Australia have started using is a one time password sent to you via SMS. This password works one time only (hence we call it a one time password, geddit) so if the Bad Guys(TM) get the entire password in real time and are reading their logs in real time then they still cant use it as the password has already been used.
None of this will work with the problems described in the article, if someone has control of your computer then you're screwed no matter what kind of authentication you have. In one of the examples they specifically stated that crackers used the token code and delayed the customer's request:
Johnston's bank requires customers to enter the code from a Vasco security token. But the thieves - armed with malware on the company controller's PC - were able to intercept one of those codes when the controller tried to log in, and then delay the controller from logging in. Indeed, Johnston said the company's computer logs show that the controller logged into the system while the series of thefts was already in progress.
So, instead of the cracker getting blocked the customer would have been blocked because the "malware" made the customer's request come in AFTER the cracker's. If you were really clever you'd program the thing to intercept all the communication before it gets encrypted to go out to the bank and then fake the returned data so the user doesn't know that you're toying with them (yes, you can intercept the crypto library calls - I toyed with this some to get the Red Alert 3 Beta working on Wine). I don't know about you, but I can't think of a solid way around this interception (except having the bank only allow logins from a special custom browser that they load on a Live CD).
If I want to read fiction, I can easily grab a book and read it... where a portable device is *really* handy, however, is being able to carry a large number of books in a small space at once... such as reference material, and it is impractical to carry some 50 to 70 odd pounds of books everywhere.
I completely agree, personally I find one to two book to be "reasonable" to carry around. What I would REALLY like to see is a book reader that:
Looks like a book when closed
Has two reading surfaces inside
Has the option to display on both surfaces or either single surface
That may be the case but in the end we'll more than likely see corporate drama surrounding that effort as well.
I hate to say it but I think a DirectX option is the lesser of three evils.
The WINE and ReactOS projects don't provide MS Office, IE or Media Player. FPGB... doesn't provide GameBoy cartridges. MAME makes you responsible for finding your own ROMs. Et cetera, etc.
Actually, Wine does provide "IE" (in the form of a minimally functioning clone) - but your point is well taken.
What if the BIOS doesn't allow booting at all if there isn't a 1024-bit key whose value depends on the serial numbers of all the components in the netbook?
While I've never heard of anyone doing that, you could re-flash the BIOS with a compatible alternative that doesn't have such a key. Alternatively, you could take the hard drive out, do whatever you want with it to unlock it and then put it back in.
I think you're failing to see that the problem is not that we can't repair the DC jack (we can), but that the torque applied on the jack has resulted in damage to other nearby components.
We tried a few times, if you don't catch and secure them fast enough then the traces inside the board get cracked. Catching them fast enough is impossible if you hand them out to students (the entire purpose of having a whole lab of them).
I had one once! It was the HP TC1100... Sturdy construction...
Not a chance, we've got a lab worth of each of several different HP models and we have had huge problems with the TC1100. The biggest issue we've had is completely unrepairable (outside of replacement). You see, the power connector is connected directly to the motherboard (it's not floating) and is right next to the keyboard and video card controllers. If you bump that power cord at all while it's plugged into the TC1100 then you'll have huge issues. The problems start out small, but once you've damaged it then just normal operation of the tablet will quickly lead to a completely useless computer.
...
The only reason Washington is bitching is because they have a big budget shortfall....
Actually, Washington has been bitching about this for years (when they've had a surplus). Every year they bring it up MS threatens to leave and they back off. Personally, I think they should say "fine, pay us what you owe us and leave - but you'll never be permitted to sell your products in this state again." They've been extorting the state for years and it needs to stop.
You could tweak your driver and improve it's code instead of spending all day chasing to keep up with the latest KBI changes.
I've written a few proprietary kernel modules, and I don't think this problem is as significant as you believe. I found that it was pretty easy to take a stock kernel, build my driver to target it, and then move forward and build a set of version-dependent macros for the different KBI changes as they crop up. It's not like they change the entire KBI every day, and unless you're part of some big company you're not going to be targeting every kernel version in existence (and if you are in that circumstance, you'd have enough people to handle this task).
Topping off? Why do people continue doing that? It's unsafe and it's just plain dumb,
What's so unsafe about it? If the gas is in the tank, it's not vaporising. It's the gasoline vapor that's explosive.
If you suck at topping off (like nearly everyone I've ever seen attempt to do it) then you over-fill and 100% of the gas is no longer in the tank... I was actually at a station once where that happened, and the person manning the desk inside was actually on the ball (imagine that) and told everyone to leave immediately. While leaving we watched him run and get a bucket of gravel, which he subsequently pored on the already vaporising spill (yes, you could smell it even being a good distance away).
No, Wine is designed to run x86 windows applications. It doesn't emulate a different CPU.
There was a build of Wine at one time that used a special version of QEMU to translate instructions. Seems to me like it might be time for someone to try again, as the ability to run Win32 applications on ARM would be a huge boon to the platform. I haven't kept up with things in a while, so it's possible that there's already a stable way to use Wine with ARM.
There's Global Business Services (IBM's massive consulting arm), too, and I know for certain that people working there use whatever their clients want them to use, which is often MS Office.
And now their clients will use whatever IBM tells them to use (that being Lotus Symphony). *queue evil laugh*
Insurance is a gambling game. The company is the dealer, and we, the consumers, are the players. We belly up to the table, place our bets, and the dealer gives us our cards. Of course, they've been allowed to stack the deck with their own cards and change the rules around a little bit, because let's face it, you're playing in their casino, under their rules.
I know this response is "taboo," but why on earth don't we just have government-run accident coverage? That way everyone pays into the pool, everyone gets covered, and no-one gets rejected.
Not to mention that most people growing up in farming areas [...] have usually got at least five years more driving experience...
Almost completely irrelevant. Driving is easy. Driving in traffic, subject to road rules, isn't.
As someone who first learned to drive on a farm I can tell you that "off road" driving is not a walk in the park (though this would obviously depend on the geography of your area). Learning to drive on a farm helps teach you observational skills, which are extremely relevant to driving in traffic.
It seems to have a lot to do with the way they name their Javascripts and stuff. But once I clear cache and cookies, it goes away for a few weeks or a few months. That's probably when MS changes things again. This doesn't happen on most sites... seems most that it happens on ones that are, I am guessing, breaking some sort of rule.
It's probably proxy caching (possibly browser caching). As a large website you're supposed to set the appropriate caching options, or "Cache-Control: no-cache" if you're lazy. That way when you update your pages/resources it actually takes effect. Alternatively, if you weren't forward thinking about such things you can rename the page/resource and that will force your clients to grab the new info.
Not all of the physics computers are Linux (there are some Windows and Mac OS X boxes floating around). The Tablet PCs we pass out to juniors now only run Linux though (we used to dual-boot them, but it became too difficult to image them now that we have five different types). Anyway, this person seems to be concerned about interfacing their personal computer to the network - which works fine, I've been using all of CSM's services on a Linux box for the past six years (VPN, Samba, etc.).
Slashdot Mirror
On the subsidized loans the government pays the interest while you are in school or if you have some form of legitimate financial emergency. The government also guarantees the loans, so it will pick up the tab if you fail to pay (since these loans don't get wiped out in bankruptcy this case pretty much only occurs if you die or are delinquent for an extended period of time). The money may go to a private institution, but the government assumes all the risk.
Yes, because clearly paying taxes isn't a return on the government's investment.
If the cracker has hijacked your computer then once you're logged in they know the balance in your account. It seems to me that they only need to present you with a single convincing page to get you to give them a one-time pad that can be used to drain your account (at least up to your withdrawal limit, if you have one).
I doubt that the example I've given will be rare for long, computer criminals have proven that they are able to adapt to new techniques when they've been shown to work. Personally, I think that two-factor authentication is an improvement and is a good first step, but I believe that "train your users to be smarter" is a practical idea and will work much better in the long run.
A cracker could easily perform this action during the login process and replace the page the user is expecting with something like this:
None of this will work with the problems described in the article, if someone has control of your computer then you're screwed no matter what kind of authentication you have. In one of the examples they specifically stated that crackers used the token code and delayed the customer's request:
So, instead of the cracker getting blocked the customer would have been blocked because the "malware" made the customer's request come in AFTER the cracker's. If you were really clever you'd program the thing to intercept all the communication before it gets encrypted to go out to the bank and then fake the returned data so the user doesn't know that you're toying with them (yes, you can intercept the crypto library calls - I toyed with this some to get the Red Alert 3 Beta working on Wine). I don't know about you, but I can't think of a solid way around this interception (except having the bank only allow logins from a special custom browser that they load on a Live CD).
I completely agree, personally I find one to two book to be "reasonable" to carry around. What I would REALLY like to see is a book reader that:
What's wrong with OpenCL exactly?
Actually, Wine does provide "IE" (in the form of a minimally functioning clone) - but your point is well taken.
While I've never heard of anyone doing that, you could re-flash the BIOS with a compatible alternative that doesn't have such a key. Alternatively, you could take the hard drive out, do whatever you want with it to unlock it and then put it back in.
Then you open it up and pull out the BIOS battery and "poof" - there went all those pesky settings.
I think you're failing to see that the problem is not that we can't repair the DC jack (we can), but that the torque applied on the jack has resulted in damage to other nearby components.
We tried a few times, if you don't catch and secure them fast enough then the traces inside the board get cracked. Catching them fast enough is impossible if you hand them out to students (the entire purpose of having a whole lab of them).
Not a chance, we've got a lab worth of each of several different HP models and we have had huge problems with the TC1100. The biggest issue we've had is completely unrepairable (outside of replacement). You see, the power connector is connected directly to the motherboard (it's not floating) and is right next to the keyboard and video card controllers. If you bump that power cord at all while it's plugged into the TC1100 then you'll have huge issues. The problems start out small, but once you've damaged it then just normal operation of the tablet will quickly lead to a completely useless computer.
Actually, Washington has been bitching about this for years (when they've had a surplus). Every year they bring it up MS threatens to leave and they back off. Personally, I think they should say "fine, pay us what you owe us and leave - but you'll never be permitted to sell your products in this state again." They've been extorting the state for years and it needs to stop.
I've written a few proprietary kernel modules, and I don't think this problem is as significant as you believe. I found that it was pretty easy to take a stock kernel, build my driver to target it, and then move forward and build a set of version-dependent macros for the different KBI changes as they crop up. It's not like they change the entire KBI every day, and unless you're part of some big company you're not going to be targeting every kernel version in existence (and if you are in that circumstance, you'd have enough people to handle this task).
If you suck at topping off (like nearly everyone I've ever seen attempt to do it) then you over-fill and 100% of the gas is no longer in the tank... I was actually at a station once where that happened, and the person manning the desk inside was actually on the ball (imagine that) and told everyone to leave immediately. While leaving we watched him run and get a bucket of gravel, which he subsequently pored on the already vaporising spill (yes, you could smell it even being a good distance away).
There was a build of Wine at one time that used a special version of QEMU to translate instructions. Seems to me like it might be time for someone to try again, as the ability to run Win32 applications on ARM would be a huge boon to the platform. I haven't kept up with things in a while, so it's possible that there's already a stable way to use Wine with ARM.
And now their clients will use whatever IBM tells them to use (that being Lotus Symphony). *queue evil laugh*
I know this response is "taboo," but why on earth don't we just have government-run accident coverage? That way everyone pays into the pool, everyone gets covered, and no-one gets rejected.
As someone who first learned to drive on a farm I can tell you that "off road" driving is not a walk in the park (though this would obviously depend on the geography of your area). Learning to drive on a farm helps teach you observational skills, which are extremely relevant to driving in traffic.
It's probably proxy caching (possibly browser caching). As a large website you're supposed to set the appropriate caching options, or "Cache-Control: no-cache" if you're lazy. That way when you update your pages/resources it actually takes effect. Alternatively, if you weren't forward thinking about such things you can rename the page/resource and that will force your clients to grab the new info.
MSDN is so bad that 100% of the time I'm looking up a Windows API function I go to google and type:
Not all of the physics computers are Linux (there are some Windows and Mac OS X boxes floating around). The Tablet PCs we pass out to juniors now only run Linux though (we used to dual-boot them, but it became too difficult to image them now that we have five different types). Anyway, this person seems to be concerned about interfacing their personal computer to the network - which works fine, I've been using all of CSM's services on a Linux box for the past six years (VPN, Samba, etc.).
Or trying to link those users to some common "informant"...