This already exists, it's a standardised part of TLS called TLS-SRP and TLS-PSK. No browser implements it, because it would make PKI look bad and CAs redundant if implemented.
"The ID WORLD forum heard that such a card required..."
That's an important point there. The ID World forum is the collection of vendors who'd be making money out of this. Lots and lots and lots of money. So he went to the most receptive arena possible and told people, in effect, "Please help lobby for this and you'll make more money than you know what to do with". If I was pitching at the ID World forum I'd be saying the same sort of thing. They'd invite me back, and take me to expensive dinners.
reacting to the unintended consequences of idiotic Administration policies, the US Army and Marines quickly develop the tactic to buy off the Iraqi Sunni insurgency. The DoD ships billions of dollars in cash into the theatre of war
If I was the DoD, I'd be asking for my money back around about now.
The requirements on military items would make your head spin. Making a tiny design change to a part to make it easier and cheaper to manufacture can trigger everything from having three government people sign off on the revised drawing all the way to having to run a live fire test at some proving ground where they strap your whatever it is to a tank and drive it around, attach it to whatever gun it's supposed to work with and fire 1000 rounds, or shoot at it, depending on what it is. All for a really minor change that was never going to affect how it worked in the first place.
I once suggested making a small change to dramatically improve the safety of an item of $Id_have_to_kill_you_afterwards. I was told "we could make the change, but it would require renegotiating international treaties" (this was for real). I can understand wanting checks and balances, but sometimes...
Many companies turn government business away, because the documentation requirements are onerous, the payment terms are ridiculous, and the project may be cancelled halfway through anyway.
I've heard that as a rule of thumb for Navy IT contracts, never bid on one of those (unless you're about to leave for another company and you want to collect the signing bonus as a golden handshake) because they'll drive you insane trying to fulfil it.
But as we've seen proven, the CPU load isn't as big of an issue as is claimed.
Don't worry, NIST is working to correct that by mandating the use of ludicrously excessive key sizes, which will set us back about ten years in effective CPU performance now that servers have just about gotten fast enough to make SSL-everywhere practical.
Shame they dont stick to standards ( Yet Again ), this kicked me in the ass a while back after implementing SNI (Server Name Indication) in apache. Everything looked great in Firefox, Chrome and Safari but oh no IE and XP failed.
It has nothing to do with standards compliance, SNI didn't exist when XP came out so there's no way they could have implemented it. The problem is, as with many other legacy web-based issues, the number of users who refuse to give up IE6.
(but a requirement is that users are not scared with warnings about part of the content being unencrypted).
Those warnings are there for a reason.
Yup, it's to scare victims (site owners) into buying certificates. A protection racket doesn't work unless there's a threat present to intimidate people into paying the racketeers: "Nice web store you've got there. Would be a real shame if people were scared away by certificate warnings...".
Sony do it too in some of their Sony-Ericsson phones, if you don't have Sony's monstrously bloated software sitting at the other end of the USB cable authenticating itself to the phone, it won't charge. This makes USB chargers useless, you need to either use the Sony charger or connect it to a PC with the Sony bloatware on it, and even then in some cases it may not charge properly, e.g. consistently charge to 75% or other odd behaviour. One more reason to loathe Sony.
It's used to send pricing information to LCD price displays attached to shelves via the supermarket lighting (it's done at night when there's no-one around to be affected by it, and in any case since it's at a much higher frequency than the usual 50Hz flicker it wouldn't be noticed anyway). Think of the usual paper price tags in plastic holders attached to shelves, but now they have LCD displays and are updated automatically by modulating the in-store lighting.
Except that there is a bonus _per paper written_ in f.ex. Chinese institutes, so that it becomes very attractive to just swamp the community with papers. And when you write papers, you cite your colleagues.
There's something similar in India where, I think, you're required to publish at least one refereed paper as an undergrad to get your degree. The result is a tsunami of really, really low-quality papers.
You have to judge the quality of the papers and authors by reading them.
Exactly. A million appalling undergraduate-student papers published under duress don't come close to a single piece of quality research. The OP never really seemed to factor this in, it just looked at quantity. Heck, gimme a printing press and SCIgen and I can make Burkina Faso a world leader in science publication, at least until they run out of trees.
German citizens are required to carry their ID card at all times.
The law actually only has an Ausweispflicht (requirement to own an ID) but not a Mitführpflicht (requirement to carry ID at all times). Of course how that plays out in practice is another matter...
Yeah. Ironically, FoxIt is now... getting to the bloat and vulnerability of Adobe. So, it too has been replaced by another slim PDF viewer. I use SumatraPDF, personally. It's quick, small, and doesn't have enough features to be vulnerable.
I dropped Foxit for the same reason. I'm using STDUViewer, which isn't quite as... quirky as Sumatra, which seems to go out of its way to do straightforward things like text selection in as nonstandard a way as possible.
... to add the 300MB of extra functionality to their reader that they've been holding back on for the last few years (scratch-n-sniff PDF support, essential stuff like that). Releasing a major new version like this would be a golden opportunity to add all the much-needed extras that they haven't dared add so far.
Slashdot Mirror
Dammit, the birth-certificate distraction came a week too late.
Don't worry, US Govt.Inc. (a wholly owned subsidiary of MAFIAA, LLC) is working to fix that.
So both Brits and Americans then?
Because that would make CAs and PKI redundant, so no browser vendor will even consider it.
This already exists, it's a standardised part of TLS called TLS-SRP and TLS-PSK. No browser implements it, because it would make PKI look bad and CAs redundant if implemented.
That's an important point there. The ID World forum is the collection of vendors who'd be making money out of this. Lots and lots and lots of money. So he went to the most receptive arena possible and told people, in effect, "Please help lobby for this and you'll make more money than you know what to do with". If I was pitching at the ID World forum I'd be saying the same sort of thing. They'd invite me back, and take me to expensive dinners.
That's not what your ex-GF told me.
If I was the DoD, I'd be asking for my money back around about now.
I once suggested making a small change to dramatically improve the safety of an item of $Id_have_to_kill_you_afterwards. I was told "we could make the change, but it would require renegotiating international treaties" (this was for real). I can understand wanting checks and balances, but sometimes...
I've heard that as a rule of thumb for Navy IT contracts, never bid on one of those (unless you're about to leave for another company and you want to collect the signing bonus as a golden handshake) because they'll drive you insane trying to fulfil it.
As the saying goes, "you can lead a horse's ass to knowledge but you can't make it think".
I'll see your "fire on the Internet" and raise you "fire in a crowded theatre".
But as we've seen proven, the CPU load isn't as big of an issue as is claimed.
Don't worry, NIST is working to correct that by mandating the use of ludicrously excessive key sizes, which will set us back about ten years in effective CPU performance now that servers have just about gotten fast enough to make SSL-everywhere practical.
Shame they dont stick to standards ( Yet Again ), this kicked me in the ass a while back after implementing SNI (Server Name Indication) in apache. Everything looked great in Firefox, Chrome and Safari but oh no IE and XP failed.
It has nothing to do with standards compliance, SNI didn't exist when XP came out so there's no way they could have implemented it. The problem is, as with many other legacy web-based issues, the number of users who refuse to give up IE6.
(but a requirement is that users are not scared with warnings about part of the content being unencrypted).
Those warnings are there for a reason.
Yup, it's to scare victims (site owners) into buying certificates. A protection racket doesn't work unless there's a threat present to intimidate people into paying the racketeers: "Nice web store you've got there. Would be a real shame if people were scared away by certificate warnings...".
Safari meurt, mais il ne se rend pas!
Same thing in Canadia. Nice, comfortable, modern trains, and you spend half your trip waiting in sidings for trains full of lumber to lumber past.
Maybe those particularly violent should be in jail?
As everyone knows Australia is populated entirely by criminals, so clearly we must put them all in jail.
Truly your intellect is astonishing.
Wait til I get started! Now, where was I?
Sony do it too in some of their Sony-Ericsson phones, if you don't have Sony's monstrously bloated software sitting at the other end of the USB cable authenticating itself to the phone, it won't charge. This makes USB chargers useless, you need to either use the Sony charger or connect it to a PC with the Sony bloatware on it, and even then in some cases it may not charge properly, e.g. consistently charge to 75% or other odd behaviour. One more reason to loathe Sony.
It's used to send pricing information to LCD price displays attached to shelves via the supermarket lighting (it's done at night when there's no-one around to be affected by it, and in any case since it's at a much higher frequency than the usual 50Hz flicker it wouldn't be noticed anyway). Think of the usual paper price tags in plastic holders attached to shelves, but now they have LCD displays and are updated automatically by modulating the in-store lighting.
There's something similar in India where, I think, you're required to publish at least one refereed paper as an undergrad to get your degree. The result is a tsunami of really, really low-quality papers.
Exactly. A million appalling undergraduate-student papers published under duress don't come close to a single piece of quality research. The OP never really seemed to factor this in, it just looked at quantity. Heck, gimme a printing press and SCIgen and I can make Burkina Faso a world leader in science publication, at least until they run out of trees.
What, you mean this:
Flash player update is required to load the Viewer.
Please download it by clicking here, then click to continue.
It has a certain spartan minimalism, granted, but I was really expecting a bit more than that.
The law actually only has an Ausweispflicht (requirement to own an ID) but not a Mitführpflicht (requirement to carry ID at all times). Of course how that plays out in practice is another matter...
I dropped Foxit for the same reason. I'm using STDUViewer, which isn't quite as... quirky as Sumatra, which seems to go out of its way to do straightforward things like text selection in as nonstandard a way as possible.
... to add the 300MB of extra functionality to their reader that they've been holding back on for the last few years (scratch-n-sniff PDF support, essential stuff like that). Releasing a major new version like this would be a golden opportunity to add all the much-needed extras that they haven't dared add so far.