Unreserved trust for CAs isn't an intrinsic feature of "public key crypto", or even of SSL more specifically.
My point is that this isn't a design flaw, and that public key cryptography allows an authority to sign whatever it wishes to sign. The concept of a root CA only signing certificates of people who legitimately hold the name/organization/entity those certs are bound to is sortof... wait...
I've never gotten a cert from a CA, do they ever even make a promise or agree in writing that they won't sign any certs that use your names but who aren't you? Deadly serious, because honestly what keeps them from doing this, aside from good manners? Is there anything that keeps them from offering a $10,000 "impersonate anyone" package? It seems that the only thing that would keep them from doing this is it would ruin SSL for credit card transactions, but as long as they were able to keep that part of the business unmolested...
In any case, this problem isn't technological, it's fundamentally a policy issue.
Actually, the banks already have a way to distribute the certs: put them on smart cards. The bank can trust the cert because they issued it. The customer can trust the cert because the bank handed it to them.
An even EASIER solution would just be for them to post the fingerprint for their self-signed certificate on a large sign behind the teller window at all of their branches, essentially staging a signing party -- the area behind the glass is protected by lock and key. They simply tell their customers the option to either use an SSL link with a Verisign-signed cert, or a bank self-signed cert, provided the customer checks the fingerprint and trusts it before continuing. Public certs don't have to be moved out of band, only verified out-of-band. Once the customers can validate the fingerprint they'll know they're talking to the same institution that controls the airspace behind the teller window.
But as it pertains to this problem, it's useless since it's a bank and the gov can just subpoena all of your information anyways.
Putting it further down the stack makes it easier to update/patch etc.
It's worth pointing out that the technique described here isn't a "hack" that can be patched, it's an intrinsic feature of public-key crypto, and specifically a direct consequence of unreservedly trusting the CAs. The CAs are capable, using no tricks or computer hackery, of creating as many "redundant" signed certs for the same qualified name as they wish.
Hi, I work at a studio -- its name starts with an "S" and its parent used to make rice steamers before it moved into electronics and spider-related comic book movies. I have a $10 HDMI cable from Monoprice.
In the sense that Margaret Thatcher said this, which is to say, in snark, I would say there is no such thing as the individual. The Floyd is a part of our collective heritage despite your politics;)
I think this is why Apple did not allow multitasking up to now. Given how slowly single apps load on their flagship 3Gs, true multitasking will bring it down to its knees.
People do jailbreak their phones and use Backgrounder, and they don't generally report any problems running multiple applications at once, no "bring it to its KNEES!" issues anyways. It does make the thing a bit less ergonomic to use, since you suddenly have to deal with a task manager...
From a hardware perspective there doesn't seem to be any problem with performance, and as other point out, the phone does run apps in the background, just not third-party ones. The no-third-party-apps in the background rule is primarily a policy decision, relating to usability and maybe security.
Nah nah, you can read PDFs, Word, Excel and Powerpoint presentations in emails and on the web, as well as the iWorks-format files. It just works. PDFs themselves can be read in any WebView.
Indeed, Roger Christian is most.. um... noted nowadays for having directed Battlefield Earth , a job he got, one suspects, on the basis of his credit as second unit director on TPM. You can see him in a lot of the behind-the-scenes footage, he's the one with the English accent and the long gray hair.
I'd provide a citation but I remember reading that off the back of a Topps Galaxy Star Wars card when I was a kid.
I read the basic outline of this story in Pollock's Skywalking: The Life and Films of George Lucas. The accident clearly had an effect on his life -- he was in the hospital for months with a collapsed lung -- and at the time he was a D student, he was about to fail out of senior year and not get a diploma. He was passed out of high school mainly because his teachers took pity on him after the accident. If you ever watch his American Graffiti the Milner character is based on Lucas at that stage of his life.
From there it goes on that he went to community college, fell in love with avant garde films (people like Brakhage and Jonas Mekas, really oddball stuff for the guy who invented the scifi blockbuster), got his GPA up, and was accepted to USC. (Fight on cinema alums!)
There tends to be a lot of "drift" in terms of what George specifically claims he intended from time to time, though. I'd never heard that he developed the ideas about "the force" while in the hospital, for instance, though GL often tends to align history with the point he's trying to make that day. Skywalking in particular is quite clear from interviews that Lucas wanted to use literal classical music for the score of Star Wars, a la 2001, and John Williams had to talk him out of it, whereas later Lucas denied the whole business. His account of Spielberg's initial response to the Star Wars rough cut also tends to be at variance with how Spielberg remembers things (Spielberg wwas either supportive or skeptical, depending on who you ask), as is the record w/r/t Marcia, his ex-wife's contributions: she edited (and won an Oscar) for Star Wars. A complicated man.
It's important to make the point here, that a third-party agreement with a software author has nothing to do with what an end user does with his phone; it only states what Apple will allow a third party to do with App Store end-user's phones. Third-party devs should be restricted in what they are allowed to execute on phones that are not their property... People who want to run their own code will just jailbreak, or buy an Android.
"Freedom" to some people apparently means that consenting adults should not be allowed to form a contract, if the terms of that contract don't square with the open source movement's politics, and that anyone who would enter into such an agreement is perforce "unfree."
I fail to see how this contract differs significantly with an Xbox or PS3 developer agreement, or a Digidesign Pro Tools plugin developer agreement, or a lot of partnership agreements for that matter. These are the terms that work for Apple, and the people that play by them makes gobs more money than anyone else thus far.
As someone that did a lot of backing up (and maybe restoring if I was lucky) to DDS DATs in the earlier part of the century, I can assure there's a very good reason the drives are so cheap now:) The reliability was atrocious and at $10 a cart DVD-R is quite competitive.
I suppose if you believe everyone on Earth is a moron who does stupid things and never accomplishes anything, than I guess you would naturally be drawn to the conclusion that history is basically pointless. Ford said "History is Bunk" for just this reason.
On the other hand, a lot of people like to go around claiming that FDR ran on a socialist platform -- this is important because if he actually enacted socialist policies, it would imply these were disclosed and popularly accepted by a large part of the population. You need a record of his campaign rhetoric in order to come to this conclusion. You also need the statements and popular attitudes of actual self-identified socialists, and a lot of them hated FDR for being rich corporatist...
I wasn't aware that the British Museum was proposing that the their archive was to become the "primary goal of our culture."
The shopping lists of medieval farmers is very important, particularly to economists who try to build a consistent timeline of income growth and proportional spending. This has a lot of implications on modern policy... after all, if a medieval peasant spent less than 10% of his income on shelter, and a modern American spends over 30%, why is that, and maybe are we doing something wrong? Or is it just a question of density? Probably not, since the western US is far less settled than medieval England -- but then again how was population distributed? How closely did people live to cities?
Without history our decisions wander in a dark hallway.
Why would anybody care about Mary Chestnut or Victor Klemperer's diary? If someone were trying to understand something like the Barack Obama campaign or the Tea Partiers 50 years from now, and all we had were official statements and published news reports, the picture of what was actually going on in the country would be significantly warped. Wherever people gather, there needs to be a chronicle, otherwise some authority in the future is going to make some arbitrary guess about what people believed or wanted.
If you're a life-begins-at-conception prolifer that law is a necessity.
Throwing the doctor in prison for performing an abortion, I can vaguely understand. Investigating a woman for murder because she fell down a flight of stairs is altogether something else -- and the only reason they didn't prosecute is because she was in the wrong trimester for the law to be in effect. Handmaiden's Tale FTW.
This is the same Utah that is about to pass a law stating that a woman who has a miscarriage "recklessly" is liable to a murder charge. The legislature probably relishes the idea of mandatory pregnancy testing in order to properly enforce the law...
but, he does seem to admit in the first page that they are both engaging in "selective or incomplete quotation, misrepresentation of
source material, and even outright fabrication"
That's not what he says:
Unfortunately, it is obvious that Friel has no interest in fair-minded criticism or honest disagreement. Rather, he seems determined to portray me as devious, deceptive, and intellectually dishonest. Ironically, in his zeal to do so, he repeatedly commits the very sins he accuses me of—selective or incomplete quotation, misrepresentation of source material, and even outright fabrication. Rather than engaging with my books on their own terms, he caricatures my work and then attacks it.
Slashdot Mirror
My point is that this isn't a design flaw, and that public key cryptography allows an authority to sign whatever it wishes to sign. The concept of a root CA only signing certificates of people who legitimately hold the name/organization/entity those certs are bound to is sortof... wait...
I've never gotten a cert from a CA, do they ever even make a promise or agree in writing that they won't sign any certs that use your names but who aren't you? Deadly serious, because honestly what keeps them from doing this, aside from good manners? Is there anything that keeps them from offering a $10,000 "impersonate anyone" package? It seems that the only thing that would keep them from doing this is it would ruin SSL for credit card transactions, but as long as they were able to keep that part of the business unmolested...
In any case, this problem isn't technological, it's fundamentally a policy issue.
An even EASIER solution would just be for them to post the fingerprint for their self-signed certificate on a large sign behind the teller window at all of their branches, essentially staging a signing party -- the area behind the glass is protected by lock and key. They simply tell their customers the option to either use an SSL link with a Verisign-signed cert, or a bank self-signed cert, provided the customer checks the fingerprint and trusts it before continuing. Public certs don't have to be moved out of band, only verified out-of-band. Once the customers can validate the fingerprint they'll know they're talking to the same institution that controls the airspace behind the teller window.
But as it pertains to this problem, it's useless since it's a bank and the gov can just subpoena all of your information anyways.
It's worth pointing out that the technique described here isn't a "hack" that can be patched, it's an intrinsic feature of public-key crypto, and specifically a direct consequence of unreservedly trusting the CAs. The CAs are capable, using no tricks or computer hackery, of creating as many "redundant" signed certs for the same qualified name as they wish.
Hi, I work at a studio -- its name starts with an "S" and its parent used to make rice steamers before it moved into electronics and spider-related comic book movies. I have a $10 HDMI cable from Monoprice.
That was the Mars Climate Orbiter, silly goose.
A = A
Oy, there is no such thing as society
In the sense that Margaret Thatcher said this, which is to say, in snark, I would say there is no such thing as the individual. The Floyd is a part of our collective heritage despite your politics ;)
People do jailbreak their phones and use Backgrounder, and they don't generally report any problems running multiple applications at once, no "bring it to its KNEES!" issues anyways. It does make the thing a bit less ergonomic to use, since you suddenly have to deal with a task manager...
From a hardware perspective there doesn't seem to be any problem with performance, and as other point out, the phone does run apps in the background, just not third-party ones. The no-third-party-apps in the background rule is primarily a policy decision, relating to usability and maybe security.
Nah nah, you can read PDFs, Word, Excel and Powerpoint presentations in emails and on the web, as well as the iWorks-format files. It just works. PDFs themselves can be read in any WebView.
What on earth is an EDOC? Maybe you mean ePub?
Indeed, Roger Christian is most .. um... noted nowadays for having directed Battlefield Earth , a job he got, one suspects, on the basis of his credit as second unit director on TPM. You can see him in a lot of the behind-the-scenes footage, he's the one with the English accent and the long gray hair.
I read the basic outline of this story in Pollock's Skywalking: The Life and Films of George Lucas . The accident clearly had an effect on his life -- he was in the hospital for months with a collapsed lung -- and at the time he was a D student, he was about to fail out of senior year and not get a diploma. He was passed out of high school mainly because his teachers took pity on him after the accident. If you ever watch his American Graffiti the Milner character is based on Lucas at that stage of his life.
From there it goes on that he went to community college, fell in love with avant garde films (people like Brakhage and Jonas Mekas, really oddball stuff for the guy who invented the scifi blockbuster), got his GPA up, and was accepted to USC. (Fight on cinema alums!)
There tends to be a lot of "drift" in terms of what George specifically claims he intended from time to time, though. I'd never heard that he developed the ideas about "the force" while in the hospital, for instance, though GL often tends to align history with the point he's trying to make that day. Skywalking in particular is quite clear from interviews that Lucas wanted to use literal classical music for the score of Star Wars, a la 2001, and John Williams had to talk him out of it, whereas later Lucas denied the whole business. His account of Spielberg's initial response to the Star Wars rough cut also tends to be at variance with how Spielberg remembers things (Spielberg wwas either supportive or skeptical, depending on who you ask), as is the record w/r/t Marcia, his ex-wife's contributions: she edited (and won an Oscar) for Star Wars. A complicated man.
It's important to make the point here, that a third-party agreement with a software author has nothing to do with what an end user does with his phone; it only states what Apple will allow a third party to do with App Store end-user's phones. Third-party devs should be restricted in what they are allowed to execute on phones that are not their property... People who want to run their own code will just jailbreak, or buy an Android.
"Freedom" to some people apparently means that consenting adults should not be allowed to form a contract, if the terms of that contract don't square with the open source movement's politics, and that anyone who would enter into such an agreement is perforce "unfree."
I fail to see how this contract differs significantly with an Xbox or PS3 developer agreement, or a Digidesign Pro Tools plugin developer agreement, or a lot of partnership agreements for that matter. These are the terms that work for Apple, and the people that play by them makes gobs more money than anyone else thus far.
There's also OPTAR for that matter.
As someone that did a lot of backing up (and maybe restoring if I was lucky) to DDS DATs in the earlier part of the century, I can assure there's a very good reason the drives are so cheap now :) The reliability was atrocious and at $10 a cart DVD-R is quite competitive.
I suppose if you believe everyone on Earth is a moron who does stupid things and never accomplishes anything, than I guess you would naturally be drawn to the conclusion that history is basically pointless. Ford said "History is Bunk" for just this reason.
On the other hand, a lot of people like to go around claiming that FDR ran on a socialist platform -- this is important because if he actually enacted socialist policies, it would imply these were disclosed and popularly accepted by a large part of the population. You need a record of his campaign rhetoric in order to come to this conclusion. You also need the statements and popular attitudes of actual self-identified socialists, and a lot of them hated FDR for being rich corporatist...
I wasn't aware that the British Museum was proposing that the their archive was to become the "primary goal of our culture."
The shopping lists of medieval farmers is very important, particularly to economists who try to build a consistent timeline of income growth and proportional spending. This has a lot of implications on modern policy... after all, if a medieval peasant spent less than 10% of his income on shelter, and a modern American spends over 30%, why is that, and maybe are we doing something wrong? Or is it just a question of density? Probably not, since the western US is far less settled than medieval England -- but then again how was population distributed? How closely did people live to cities?
Without history our decisions wander in a dark hallway.
Why would anybody care about Mary Chestnut or Victor Klemperer's diary? If someone were trying to understand something like the Barack Obama campaign or the Tea Partiers 50 years from now, and all we had were official statements and published news reports, the picture of what was actually going on in the country would be significantly warped. Wherever people gather, there needs to be a chronicle, otherwise some authority in the future is going to make some arbitrary guess about what people believed or wanted.
If you're a life-begins-at-conception prolifer that law is a necessity.
Throwing the doctor in prison for performing an abortion, I can vaguely understand. Investigating a woman for murder because she fell down a flight of stairs is altogether something else -- and the only reason they didn't prosecute is because she was in the wrong trimester for the law to be in effect. Handmaiden's Tale FTW.
This is the same Utah that is about to pass a law stating that a woman who has a miscarriage "recklessly" is liable to a murder charge. The legislature probably relishes the idea of mandatory pregnancy testing in order to properly enforce the law...
Conspiracy!
That's not what he says:
1950 called, it wants its appropriate response to AGW back.
You'd have done much better to link to Lomborg's response, than going off on your speculative aura.