In most provinces, we have two sales taxes: provincial sales tax (8% in Ontario), and the GST (7%)<arrogant-worms>Screw it!</arrogant-worms>.
When doing mail-order from another province, they always charge the GST. If the company has any business presence in your home province, then they have to charge PST too. However, if they don't, then you get away without paying the PST.
For example, I can order DVDs from http://www.thecnl.com/ or computer parts from http://www.ncix.com/ in BC, and I never pay PST (which almost makes up for the shipping costs). However, if I order clothing or equipment from http://www.mec.ca/, I have to pay the PST, even though MEC is based in BC and everything ships from Vancouver. They have stores in Ontario, so they have to collect the PST for anything sold here.
Of course, some provinces have the HST (harmonized sales tax), which combines their PST and GST into one big tax. I think they always get stuck paying it for anything that they buy.
The best part about the GST is that we have the privilege of paying it on anything ordered from the USA too.
While it doesn't explicitly say so, the report seems to be talking about Linux.
They refer to/tmp in the directory listings. In Un*x,/tmp is can be read/written by all, so files in that directory must have appropriate permissions to be "private".
It looks like most of the time, FireFox sets the permissions correctly (600), but in certain cases, it sets them incorrectly (644) so that other readers can view them.
As well, most of the time it obfuscates the filename, but in those same cases, it leaves the filename untouched. Anyone can get a directory listing of/tmp, even if they can't read the individual files.
With normal public-key crypto, you sign with your actual private key, and you encrypt with the recipients actual public key. This means that if someone gets hold of the recipients private key, then can decrypt the messages, and because your public key is, well, public, they can prove that you wrote the message.
In this system, you generate throw-away keys, and exchange them securely when you start communicating. After you are done communicating, you can just throw away the keys, or you can publish them if you want. They are of no use, really. Someone can decrypt your communication, but they can't prove that it was you that wrote it, and once you publish the key, anyone else can forge messages that look like they were part of the conversation.
During the conversation, you have the security, authentication and non-repudiation that you are looking for - you can be sure that the other party is who they say that they are, that all messages are actually from them, and that only you can read those messages.
As soon as the conversation is over, you give away the keys and all bets are off - there is no longer a way to prove the identity of the person who sent the message since anyone can now forge messages that appear to be part of the conversation.
Cheque cards don't make much sense in Canada. Using a debit card at a store is "free" (costs money to the store, not to the buyer*), and there are really only three major credit cards.
As far as I understand, Cheque cards are practically a requirement in the US because every town/state/street corner has it's own bank, and debit cards don't work as well because either they don't talk to each other or they cost too much.
Cheque cards exist to provide the convenience of credit cards to people with crappy credit. In Canada, debit solves this most of the time.**
* Yes, I know that the cost gets passed along. But the price is the same as the cash price.
Slashdot Mirror
In most provinces, we have two sales taxes: provincial sales tax (8% in Ontario), and the GST (7%)<arrogant-worms>Screw it!</arrogant-worms>.
When doing mail-order from another province, they always charge the GST. If the company has any business presence in your home province, then they have to charge PST too. However, if they don't, then you get away without paying the PST.
For example, I can order DVDs from http://www.thecnl.com/ or computer parts from http://www.ncix.com/ in BC, and I never pay PST (which almost makes up for the shipping costs). However, if I order clothing or equipment from http://www.mec.ca/, I have to pay the PST, even though MEC is based in BC and everything ships from Vancouver. They have stores in Ontario, so they have to collect the PST for anything sold here.
Of course, some provinces have the HST (harmonized sales tax), which combines their PST and GST into one big tax. I think they always get stuck paying it for anything that they buy.
The best part about the GST is that we have the privilege of paying it on anything ordered from the USA too.
They refer to /tmp in the directory listings. In Un*x, /tmp is can be read/written by all, so files in that directory must have appropriate permissions to be "private".
It looks like most of the time, FireFox sets the permissions correctly (600), but in certain cases, it sets them incorrectly (644) so that other readers can view them.
As well, most of the time it obfuscates the filename, but in those same cases, it leaves the filename untouched. Anyone can get a directory listing of /tmp, even if they can't read the individual files.
The key seems to be the "disposable key" part.
With normal public-key crypto, you sign with your actual private key, and you encrypt with the recipients actual public key. This means that if someone gets hold of the recipients private key, then can decrypt the messages, and because your public key is, well, public, they can prove that you wrote the message.
In this system, you generate throw-away keys, and exchange them securely when you start communicating. After you are done communicating, you can just throw away the keys, or you can publish them if you want. They are of no use, really. Someone can decrypt your communication, but they can't prove that it was you that wrote it, and once you publish the key, anyone else can forge messages that look like they were part of the conversation.
During the conversation, you have the security, authentication and non-repudiation that you are looking for - you can be sure that the other party is who they say that they are, that all messages are actually from them, and that only you can read those messages.
As soon as the conversation is over, you give away the keys and all bets are off - there is no longer a way to prove the identity of the person who sent the message since anyone can now forge messages that appear to be part of the conversation.
Cheque cards don't make much sense in Canada. Using a debit card at a store is "free" (costs money to the store, not to the buyer*), and there are really only three major credit cards.
As far as I understand, Cheque cards are practically a requirement in the US because every town/state/street corner has it's own bank, and debit cards don't work as well because either they don't talk to each other or they cost too much.
Cheque cards exist to provide the convenience of credit cards to people with crappy credit. In Canada, debit solves this most of the time.**
* Yes, I know that the cost gets passed along. But the price is the same as the cash price.
** Tim Horton's doesn't take credit cards either.
... for nothing. Now the helicopters just look silly, flying around with their little hooks.