What gets me about java is that they add fancy new stuff like lambdas while leaving out basics like properties, operator overloading and user defined value types.
The problem is not so much sending encrypted mail. The problem is sending signed mail or receiving encrypted mail. In those cases you need to provide your private key to the mail software.
If the mail software is running on a third party server then that means handing your private key over to them. If the mail software is javascript in a browser then the javascript could be written to keep the private key in the browser but there is a significant risk of the javascript being quietly substituted.
You know what ADK is? A back door. So, either they're encrypting it twice (once with your key, once with the other), or they've poked holes in the encryption and it is complete garbage.
The usual way to do multi-recpiant encryptions is you encyrpt the message with a freshly generated symmetric session key. Then you encrypt the sesssion key multiple times with the recipiants public keys.
but it assumes you have 100% explicit trust in the agent who has the ADK
Indeed it does, in security there is always a balance between keeping prying eyes out and keeping records available to those with legitimate reason to access them.
It didn't but yahoo is a webmail provider and webmail kinda implies that the provider will either be storing the key or at the very least be able to access it by tweaking some javascript a litte.
The reason PGP is difficult for the plebs is that secure encryption requires you to take responsibility for your own key management and ensure to the best of your ability that the key does not leave devices you control (if you are really paranoid you don't even put it on an internet connected machine). If you leave key management up to a third party then your whole security becomes dependent on them.
What games did they test? I've certainly seen games where a SSD made a BIG difference to loading times (roller coaster tycoon 3 springs to mind)
If the game just wants to load a big block of predetermined data from a sequential set of locations in a data file then HDD is fine, the problem comes when due to either lack of optimisation or the open/flexible nature of the game it needs to load lots of small peices in a non-sequential manner than a SSD makes a big difference.
Hardly an official service, just a commerical CA that hands out freebies to some but not all sites that ask for them and puts technical restritions on those freebies which push people to either buy the commercial products or spend more on hosting (do I pay for n extra n IPv4 addresses or do I pay for a wildcard cert).
Or what about DANE [wikipedia.org], which stores TLS certificates in DNSSEC?
Sadly not implemented anywhere near widely enough to be useful.
1: their rules on who can get the free certs seem to be varied and arbitary. I've seen reports of an opensource developer being given a free cert initially but then come renewal time told that merely having a donation button makes their site count as "ecommerce" and therefore ineligable 2: they make the expiry artifically short (the CA industry as a whole does this but startSSLs free certs are epecially bad), 3: they refuse to renew certs until just before they expire and refuse to reissue certs without revoking the old one. 4: each free cert only covers a domain and one hostname under that domain (e.g. bar.com and foo.bar.com). This effectively means you end up needing one IP per hostname you want SSL on (until IE on XP becomes insignificant anyway).
It's nice that there is a free (as in beer) option for some people but it's also clearly got a number of artificial restrictions on it to push people towards their paid options.
Microsoft replaced these super nodes with dedicated servers when they bought skype, in order to lift the bandwidth constraints and increase the call quality for these routed connections.
I suspect the bad PR from "abusing" the bandwidth of those dumb enough to run skype on an open internet connection where it could act as a router node was also an issue.
Coal to gas conversion is pretty easy (though the result won't be as efficient as a combined cycle plant desgined to run on GAS). You just have to add some gas jets and gas piping to the combustion chamber. The design of the boiler and it's operating pressure can stay much the same and any extra physical space requirements are minimal.
That doesn't mean coal to other things will be anywhere near as easy even if the fundamental "boiling water drives steam tubine" bit remains. You have to think of the physical location requirements of the new steam source, the steam pressures it can provide without overheating (AIUI nuclear power plants tend to run at lower temperature/pressure than coal fired ones).
In the case of fusion it is expected that to achive breakeven fusion plants will have to be BIG.
Unfortunately locking out features and charging for unlocking them seems to be the industry standard. I can't think of any scope vendors that DON'T do it.
A scope is really not that useful for many things these days.
I disagree, a scope is the go-to tool for poking around an electronic system that isn't working as you expect checking which signals are doing what you think they should be doing and which are not.
A logic analyser does have advantages over a scope (more channels, more decode capabilities) but it won't tell you that the IO voltage is wrong or that a line is sitting at intermediate levels because of conflicting drive.
Just looked at product page - this is mixed signal 200MHz scope. They don't even put price on it, you have to request a quote.
From some googling it looks like a few grands worth of scope so not totally out of the reach of hobbyists.
not to void warranty of their instruments.
From tek's POV the nasty thing about this hack is that it's quite hard to prove someone used it. AIUI the whole point of using modules (rather than serial number tied unlock codes) is to let you move options between scopes. So even if the scope records what modules have been used in it how do you tell the difference between someone using a cloned module and someone using a borrowed module.
I think in general, people should just start posting reviews of Techtronix saying they're greedy bastards who sell crippled hardware and then charge ransom to unlock it.
Selling crippled test equipment and charging to unlock features seems to be standard operating procedure in the industry. Some use dongles, some use codes that are coupled to the serial number of your instrument but afaict all the major vendors of such equipment do it one way or the other.
Afaict there are no fonts covering all of unicode, partly because it's a moving target, partly because the unicode consortium doesn't release a free reference font leaving it up to third parties to look at the standard and come up with their own versions of the characters (the fonts used in the spec pdfs are propietary).
There are fonts that come reasonablly close to full coverage but they tend to be large and have poor quality coverage of some scripts. Also the only free one i'm aware of is a bitmap font.
That would probablly work reasonablly well for greek and cryllic scripts.
For other scripts have fun dealing with weired rules for mixing LTR and RTL chacters. Characters that join together into something that looks more like squiggly handwriting that what we would recognise as printed text, or a sea of thousands of characters that all look very similar to the western eye.
If a chinaman and a russian swap buisness cards and both have used their own scripts for email addresses are thier thoughts going to be "great" or "how the fuck do I type this?"
My guess is nationalists who don't care about the world beyond their countries borders may adopt this, those who care about being part of the global community (or simply about interoperating with older software) will avoid it like the plauge it is.
Usually with such things it's better to whitelist than blacklist. As you add characters to the whitelist you determine what character they should be equivilent to for conflict-management purposes.
Out of interest does anyone know if people actually use internationalised domain names as their main domains or if they stick to conventional names that work with all software and which everyone can type.
By definition for end to end encryption the encryption software must be located on the senders computer and the decryption software must be located on the recipiants computer. Furthermore if you actually want to be assured that the encryption really is end to end then you and your friends need to take responsibility for key management rather than leaving it up to some "service". If you are really paranoid then you don't even want to do the encryption and decryption on internet connected computers.
The point is that Google is a US company operating in the US under US laws
Google is a US headquarted multinational company operating in many countries under different and most likely conflicting laws. Any country they operate in has the ability to put the hurt on them in an attempt to force them to comply with their orders.
Finding an "incidental collision" (that is a collision that happened in a case other than people deliberately setting out to construct a collision). is most certainly noteworthy. Lets run some ballpark numbers.
There are less than 2^33 people in the world. Most of them probablly don't use google but lets assume that they do. Further lets make a wild ass guess that each one has 2^17 files in googles database (from some googling i'm pretty sure this is an overestimate). That would mean a total of 2^40 files.
Lets further assume that the hash functions are ideal "random oracles".
With 2^40 files there are approximately 2^79 pairs of files. With a 128 bit hash (like md5) then assuming it's ideal the probability of a pair of files having colliding hashes is 1 in 2^128 so with our 2^40 files the probability of a collision anywhere in the set is approximately 1 in 2^49.
For comparison the chance of winning the lottery in the UK is about 1 in 2^24 so 1 in 2^49 is like winning the lottery every week for 2^25 weeks
An incidental collision even in MD5 either means something incrediblly unlikely happened or (far more likely) there is a serious flaw in the uniformity of the hash function's output. That is certainly newsworthy.
In SHA1 and higher any collision even a deliberately constructed one would be noteworthy (the MD5 ones certainy were when they were first found, they are old news now of course).
AIUI the ground is basically slurry. Even if you could back the machine out (which you probablly can't because the tunnel behind the machine is almost certainly smaller than the head of the machine) you'd just be leaving an unprotected face of slurry in front of you.
In the old days if you did something stupid a few of your close friends/aquaintances would likely remember but other than that it would be largely forgotton. If you lived in a small town and it was something especially big the town might remember but you could still likely start afresh by moving to a new area.
Nowadays information about people is being collated and indexed to a massive extent, so it can be much harder to get away from the stupid in your past. Especially if you have an uncommon name.
Even criminal convictions in many countries become "spent" after a certain time because allowing one mistake combined with the general tendancy of hiring processes to allow small but easy to measure things to have a disproportionate impact to screw up someones life forever is not healthy for society.
Having said that I do wonder if the current "right to be forgotten" setup in the EU is a cure worse than the disease.
Slashdot Mirror
What gets me about java is that they add fancy new stuff like lambdas while leaving out basics like properties, operator overloading and user defined value types.
The problem is not so much sending encrypted mail. The problem is sending signed mail or receiving encrypted mail. In those cases you need to provide your private key to the mail software.
If the mail software is running on a third party server then that means handing your private key over to them. If the mail software is javascript in a browser then the javascript could be written to keep the private key in the browser but there is a significant risk of the javascript being quietly substituted.
You know what ADK is? A back door. So, either they're encrypting it twice (once with your key, once with the other), or they've poked holes in the encryption and it is complete garbage.
The usual way to do multi-recpiant encryptions is you encyrpt the message with a freshly generated symmetric session key. Then you encrypt the sesssion key multiple times with the recipiants public keys.
but it assumes you have 100% explicit trust in the agent who has the ADK
Indeed it does, in security there is always a balance between keeping prying eyes out and keeping records available to those with legitimate reason to access them.
It didn't but yahoo is a webmail provider and webmail kinda implies that the provider will either be storing the key or at the very least be able to access it by tweaking some javascript a litte.
The reason PGP is difficult for the plebs is that secure encryption requires you to take responsibility for your own key management and ensure to the best of your ability that the key does not leave devices you control (if you are really paranoid you don't even put it on an internet connected machine). If you leave key management up to a third party then your whole security becomes dependent on them.
What games did they test? I've certainly seen games where a SSD made a BIG difference to loading times (roller coaster tycoon 3 springs to mind)
If the game just wants to load a big block of predetermined data from a sequential set of locations in a data file then HDD is fine, the problem comes when due to either lack of optimisation or the open/flexible nature of the game it needs to load lots of small peices in a non-sequential manner than a SSD makes a big difference.
You mean like StartSSL?
Hardly an official service, just a commerical CA that hands out freebies to some but not all sites that ask for them and puts technical restritions on those freebies which push people to either buy the commercial products or spend more on hosting (do I pay for n extra n IPv4 addresses or do I pay for a wildcard cert).
Or what about DANE [wikipedia.org], which stores TLS certificates in DNSSEC?
Sadly not implemented anywhere near widely enough to be useful.
They do BUT
1: their rules on who can get the free certs seem to be varied and arbitary. I've seen reports of an opensource developer being given a free cert initially but then come renewal time told that merely having a donation button makes their site count as "ecommerce" and therefore ineligable
2: they make the expiry artifically short (the CA industry as a whole does this but startSSLs free certs are epecially bad),
3: they refuse to renew certs until just before they expire and refuse to reissue certs without revoking the old one.
4: each free cert only covers a domain and one hostname under that domain (e.g. bar.com and foo.bar.com). This effectively means you end up needing one IP per hostname you want SSL on (until IE on XP becomes insignificant anyway).
It's nice that there is a free (as in beer) option for some people but it's also clearly got a number of artificial restrictions on it to push people towards their paid options.
We are talking about websites here not end user connections. Unlike with "broadband" ISPs there is plenty of competition in hosting providers.
An incentive to website operators to tell their hosting providers "either you give me IPv6 or I go elsewhere" sounds find to me.
Microsoft replaced these super nodes with dedicated servers when they bought skype, in order to lift the bandwidth constraints and increase the call quality for these routed connections.
I suspect the bad PR from "abusing" the bandwidth of those dumb enough to run skype on an open internet connection where it could act as a router node was also an issue.
Coal to gas conversion is pretty easy (though the result won't be as efficient as a combined cycle plant desgined to run on GAS). You just have to add some gas jets and gas piping to the combustion chamber. The design of the boiler and it's operating pressure can stay much the same and any extra physical space requirements are minimal.
That doesn't mean coal to other things will be anywhere near as easy even if the fundamental "boiling water drives steam tubine" bit remains. You have to think of the physical location requirements of the new steam source, the steam pressures it can provide without overheating (AIUI nuclear power plants tend to run at lower temperature/pressure than coal fired ones).
In the case of fusion it is expected that to achive breakeven fusion plants will have to be BIG.
Unfortunately locking out features and charging for unlocking them seems to be the industry standard. I can't think of any scope vendors that DON'T do it.
A scope is really not that useful for many things these days.
I disagree, a scope is the go-to tool for poking around an electronic system that isn't working as you expect checking which signals are doing what you think they should be doing and which are not.
A logic analyser does have advantages over a scope (more channels, more decode capabilities) but it won't tell you that the IO voltage is wrong or that a line is sitting at intermediate levels because of conflicting drive.
That's one reason. The other reason is to peanalise buyers who buy the game used.
Just looked at product page - this is mixed signal 200MHz scope. They don't even put price on it, you have to request a quote.
From some googling it looks like a few grands worth of scope so not totally out of the reach of hobbyists.
not to void warranty of their instruments.
From tek's POV the nasty thing about this hack is that it's quite hard to prove someone used it. AIUI the whole point of using modules (rather than serial number tied unlock codes) is to let you move options between scopes. So even if the scope records what modules have been used in it how do you tell the difference between someone using a cloned module and someone using a borrowed module.
I think in general, people should just start posting reviews of Techtronix saying they're greedy bastards who sell crippled hardware and then charge ransom to unlock it.
Selling crippled test equipment and charging to unlock features seems to be standard operating procedure in the industry. Some use dongles, some use codes that are coupled to the serial number of your instrument but afaict all the major vendors of such equipment do it one way or the other.
Afaict there are no fonts covering all of unicode, partly because it's a moving target, partly because the unicode consortium doesn't release a free reference font leaving it up to third parties to look at the standard and come up with their own versions of the characters (the fonts used in the spec pdfs are propietary).
There are fonts that come reasonablly close to full coverage but they tend to be large and have poor quality coverage of some scripts. Also the only free one i'm aware of is a bitmap font.
That would probablly work reasonablly well for greek and cryllic scripts.
For other scripts have fun dealing with weired rules for mixing LTR and RTL chacters. Characters that join together into something that looks more like squiggly handwriting that what we would recognise as printed text, or a sea of thousands of characters that all look very similar to the western eye.
If a chinaman and a russian swap buisness cards and both have used their own scripts for email addresses are thier thoughts going to be "great" or "how the fuck do I type this?"
My guess is nationalists who don't care about the world beyond their countries borders may adopt this, those who care about being part of the global community (or simply about interoperating with older software) will avoid it like the plauge it is.
Usually with such things it's better to whitelist than blacklist. As you add characters to the whitelist you determine what character they should be equivilent to for conflict-management purposes.
Out of interest does anyone know if people actually use internationalised domain names as their main domains or if they stick to conventional names that work with all software and which everyone can type.
Your requirements are mutually exclusive.
By definition for end to end encryption the encryption software must be located on the senders computer and the decryption software must be located on the recipiants computer. Furthermore if you actually want to be assured that the encryption really is end to end then you and your friends need to take responsibility for key management rather than leaving it up to some "service". If you are really paranoid then you don't even want to do the encryption and decryption on internet connected computers.
The point is that Google is a US company operating in the US under US laws
Google is a US headquarted multinational company operating in many countries under different and most likely conflicting laws. Any country they operate in has the ability to put the hurt on them in an attempt to force them to comply with their orders.
For comparison the chance of winning the lottery in the UK is about 1 in 2^24 so 1 in 2^49 is like winning the lottery every week for 2^25 weeks
I screwed up, this statement is incorrect.
Finding an "incidental collision" (that is a collision that happened in a case other than people deliberately setting out to construct a collision). is most certainly noteworthy. Lets run some ballpark numbers.
There are less than 2^33 people in the world. Most of them probablly don't use google but lets assume that they do. Further lets make a wild ass guess that each one has 2^17 files in googles database (from some googling i'm pretty sure this is an overestimate). That would mean a total of 2^40 files.
Lets further assume that the hash functions are ideal "random oracles".
With 2^40 files there are approximately 2^79 pairs of files. With a 128 bit hash (like md5) then assuming it's ideal the probability of a pair of files having colliding hashes is 1 in 2^128 so with our 2^40 files the probability of a collision anywhere in the set is approximately 1 in 2^49.
For comparison the chance of winning the lottery in the UK is about 1 in 2^24 so 1 in 2^49 is like winning the lottery every week for 2^25 weeks
An incidental collision even in MD5 either means something incrediblly unlikely happened or (far more likely) there is a serious flaw in the uniformity of the hash function's output. That is certainly newsworthy.
In SHA1 and higher any collision even a deliberately constructed one would be noteworthy (the MD5 ones certainy were when they were first found, they are old news now of course).
AIUI the ground is basically slurry. Even if you could back the machine out (which you probablly can't because the tunnel behind the machine is almost certainly smaller than the head of the machine) you'd just be leaving an unprotected face of slurry in front of you.
In the old days if you did something stupid a few of your close friends/aquaintances would likely remember but other than that it would be largely forgotton. If you lived in a small town and it was something especially big the town might remember but you could still likely start afresh by moving to a new area.
Nowadays information about people is being collated and indexed to a massive extent, so it can be much harder to get away from the stupid in your past. Especially if you have an uncommon name.
Even criminal convictions in many countries become "spent" after a certain time because allowing one mistake combined with the general tendancy of hiring processes to allow small but easy to measure things to have a disproportionate impact to screw up someones life forever is not healthy for society.
Having said that I do wonder if the current "right to be forgotten" setup in the EU is a cure worse than the disease.