I figured this was important enough to warrant a front page story. Both to inform a lot of users that wouldn't read the posts to some random security article, and to get enough publicity to spur the banks into action. The banks obviously know about this problem, so only a sufficient number of complaints would be likely to get them to fix it. Also, at the time, my posts weren't modded up as much as they are now. I wanted to get the issue well above the noise floor. As far as this being a link to a two year old blog entry, I'd say it's about time they fixed the problem.
An important feature of such a security device in order to make it truly secure, is a display. You can't trust anything that shows up on a normal computer screen. Your screen can say the money is going to amazon.com and it could really be going anywhere. The display needs to show how much the transaction is AND who it's going to. It should probably also say what is being bought or ordered in order to prevent bait and switch by online shops but that's probably not too important.
In addition, the device needs buttons to signal the authorization and to enter a pin. It doesn't necessarily need a full keypad. Four buttons might be enough. You can't trust people's computer's not to capture their pins if they type it in at their keyboards. If there's no authorization button then a trojan can make unrestricted transactions whenever the device is plugged in.
Personal computers will probably never be very secure because they are made to do too many things. A small purpose built security device could have simple enough software that it may be able to achieve strong security.
A small keychain size device with maybe a two line display and four buttons would be reasonably convenient and would probably only cost about $10 in large quantity. They would probably need to be shareable between banks though because you're probably not going to want to carry very many if they're not thin like credit cards. Although there's a new credit card coming out with a display. A flexible display I guess. I see now reason they couldn't put some thin buttons on them.
Actually, American Express Canada does log you in securely. When you click that login button, it executes a script, which then submits the form to an https address.
That's great to prevent password sniffing, but it doesn't stop a man in the middle attack. The man in the middle can just rewrite the login page before sending it to you with the encryption disabled. You wouldn't know. Microsoft's Internet Explorer programmers have told the banks about this but they do it anyway. See the Microsoft Developer Network website.
How about this: the browser could highlight the domain in the URL. If you were browsing a page at www.amazon.com.evildomain.com, then evildomain.com would be highlighted. That would hopefully make it obvious that you're not at amazon.com.
Great idea. It wouldn't solve all the problems but it would help a little and it seems like it would be easy to program.
I was trying to tell my dad how to recognize what domain he was at, but I couldn't think of how to describe it while taking into account all the variations a phisher might use. Then I saw a regular expression designed to extract the domain name from a URL. It basically said to take the part just before the third slash. That seems pretty good to me and easy enough to explain to my dad. Can a scammer fake that? Another way in Firefox at least is that Firefox shows the domain on the status bar at the lower right.
Another problem I've run into lately is that a couple of institutions that I deal with have stopped using SSL encryption for the entire login page. They use regular http for most of the page and just have the username and password form submitted with https. The problem is that you see no padlock and there is no way to know that the page is really from the domain you see in the address bar. A man in the middle could have intercepted the page between you and the bank and removed the encryption from the login form and redirected your password to a bad guy. The entire page and everything on it needs to be encrypted with https or the page is insecure. Even Microsoft's Internet Explorer programmers say this is bad and tell the banks not to do it but the banks do it anyway. Read more about it at Microsoft's website.
This is not just a possibility but it seems to me like a realistic attack.
On most wired networks you don't have to worry too much about ISP employees doing a man in the middle attack on you, but if you're using wireless at a coffee shop you'd better watch out for the https in your address bar. A hacker might use something like airpwn
to do a man in the middle attack and to intercept your password. It looks like it would be pretty easy.
I read an easy way you can get an entirely encrypted login page even if they don't have one available. You start your login by giving a bogus username and password. The bank will usually come back with an entirely encrypted login page that says you entered the wrong password. Just check the domain and check for the s in https and then go ahead and enter the correct username and password.
I think the advantage of faxes is that they've been around long enough and they're simple enough that a significant number of people have learned to use them who still don't know how to do a scan and attach it to an email. I think there is also legal precedent for limited recognition of faxed contracts that may not apply to email attachments.
Re:Old news -- reprofusion injury (really old news
on
Treating the Dead
·
· Score: 1
So maybe the reprofusion stress is what causes that tingly pain that happens when you restore circulation to a leg or whatever that has fallen asleep and gotten numb.
I heard that in the US there is a law against encrypted phones that can't be tapped by the government. I'm not sure how software like cryptophone gets around it, but I guess it's because it's not an actual phone but just software on a computer. This rules out OpenMoko being sold with voice encryption installed, but it may be possible to install it after purchase.
Of course the government could probably hack your phone any time they want, but on an open source phone they would probably have to use a great deal of discretion to prevent their entry methods from being detected by intrusion detection systems and consequently getting their holes plugged. That means they probably couldn't tap a lot of phones for a lot of time.
It's quite common these days for the authorities to hack peoples phones and turn them into bugging devices to eavesdrop on non phone conversations. Your phone may appear to be turned off but in fact it can be transmitting everything in the room to the cops or to criminals like industrial spies. Executives are told to remove the batteries from their phones when they are discussing sensitive issues. Of course that only works reliably if everyone else in the room also removes the battery from their phone. It's kind of weird to think that the cops have readily accessible bugging devices in everybody's pocket these days.
Phone encryption is so rarely used today that if you use it you may draw attention to yourself. If a really good hacker or a government targets you specifically then your security stands a large chance of being breached. Maybe if a lot of people start using it then it will become less suspicious. But governments are already talking about requiring key escrow so they can get into everything. If a lot of people start using phone encryption then they will surely clamp down on it.
Someone please mod the parent down from +5 because it's perpetuating an important misunderstanding of public key encryption. Public key cryptography relies on both sides having some way to confirm that they are using the correct public keys or else they ARE vulnerable to a man in the middle attack.
The usual method of verifying the public keys is with a certificate authority like Verisign, who each party contacts to verify the key is the correct one for the party they're communicating with. Even then you have to know that you are really communicating with the real Verisign, which is done by relying on the key for Verisign that came installed with your web browser or encryption software. Other systems like Pretty Good Privacy email encryption, use key servers that perform about the same function as Verisign. For systems like ssh(secure shell) that don't usually use key servers, you just have to verify the key by some other method like having it given to you on paper or told to you over the phone, or if you can, like when both ends are your own computers, you just write it down when you install the key. Actually you usually compare the relatively shorter key fingerprint rather than the actual big long key.
Another issue to factor into the numbers of coal plant vs CFL mercury emissions is that probably the vast majority of CFLs will never get broken, and thus will not leak any mercury into the environment. Of course that doesn't help if one breaks on the carpet in your child's room. Maybe we should use LEDs in kids rooms. Parents can just refrain from licking and sniffing their floors.
They say the CO2 can be stored underground till we run out of space after a while. Then they say maybe entire mountain ranges of magnesium silicates can be converted to magnesium carbonates, because over the millenia that's what would happen to them naturally anyway. But Wikipedia says preparing the rock may be expensive. Another suggestion is to put the CO2 in the oceans where at depths below 10,000ft (3000m) the pressure keeps the CO2 liquid, and it's denser than water so it pools on the bottom. The CO2 might also be dissolved in worthless salty underground water deposits. It can be pumped into coal fields that aren't economical where it sticks to the coal and displaces methane which can then be used. It can be pumped into oil and gas fields. It can be dissolved in the ocean at shallower depths like 1000m or so, but it would make the water acidic and some would eventually re-enter the atmosphere.
Of course Wikipedia has more
http://en.wikipedia.org/wiki/Carbon_capture_and_st orage
Liquid sodium hydroxide turns to sodium carbonate as it absorbs CO2. Then you percolate it over solid calcium hydroxide and the calcium captures the carbon. Then you heat the calcium carbonate to 900 deg Celsius to get it to release the CO2.
They claim to have developed a new sorbent that isn't as nasty as sodium hydroxide, but none of the articles seem to say what it is.
>you have to have several years of documented work under someone else's license [to get a license]
Although the excuse is safety, the real reason for these license requirements is to reduce competition for the current professionals, and provide a cheap labor pool to exploit. These license requirements get passed for the same reason "forever copyright" laws get passed: the people who give contributions to legislators to pass them have a great deal of interest in them, but the voters in general are rarely even aware of the issue.
There's no excuse for basing the decision regarding a person's competency on an excessively long term of servitude to a self-interested party. If the license candidates aren't qualified after their training is complete, then their training is deficient. Whatever safety issues they're learning on the job should be taught during training. Whatever they must know, should be on a test. It's dangerous to rely on employers to fill the educational gaps that professional educators failed to address.
I was thinking of putting an electronic lock on my door. One of the problems is that if there is someone near that you don't completely trust they may see you entering the combination. My cousin shoulder surfed my password once so I'm a little paranoid about this sort of thing. You can move to block them from seeing you enter it but that can be insulting to your guest. That's a significant issue for someone like my grandmother who may be entering her combo in front of customers she doesn't want to offend.
So I'm thinking that the way to do it is to have a keypad facing down so that you curl your fingers up to push the buttons so the person near you doesn't see. I figure having only four buttons would make it easier to enter the combo without looking. Buttons on the bottom would also have the advantage of keeping water out of your buttons.
One of the reasons I wanted a combo was I figured it would also be a lot faster than pulling the key out of my pocket every time. In fact I think a quick combo lock would be so quick that it wouldn't be too much trouble to just leave the door locked all the time.
Some other good features for the lock would be different combinations for everyone in the house. And some one time use combos and guest combos.
By the way if you are hiding a key outside your house make sure you put it around the corner or something so if someone is with you then you won't have to reveal your hiding place.
I did a sort of Joe job on my own domain. I set up an alias under my domain for my dad that forwarded everything to his hotmail account. The problem was that spam which came into the alias was redirected along with everything else to his hotmail account. Now I can't send email to hotmail addresses from my domain even if I'm on the recipient's whitelist. My mail doesn't even get to the recipient's junk mail folder. I've even set up an SPF record for my domain and it doesn't help. I guess when hotmail got all that spam forwarded from my domain they concluded I was a spammer.
I now recognize the importance of an email provider that accepts ALL email addressed to you if you can't afford to lose messages. Use your own spam filtering so at least you can check your own junk mail folder if you're missing something important that you're expecting. And if you need your messages to go out reliably then you need to send by a method that won't be rejected by the major email providers.
>If morons carried guns everywhere, we'd have many more than 31 killed in spontaneous acts of stupidity every day.
That's a common sense view of the likely consequences of legal concealed carry. But it turns out that it just doesn't happen. In Vermont and Alaska, law abiding citizens can carry concealed weapons without even getting a permit. Vermont's murder rate is one of the lowest in the country. Alaska's is lower than average. In many states the law requires permits be given to law abiding citizens, usually after getting a little training. To spite hundreds of thousands of people carrying concealed, murder rates went DOWN when concealed carry was legalized (though some claim that it went down slightly more in states where concealed carry remained illegal). It's proven that you don't need to worry about idiots getting concealed carry permits and carrying guns. It's just not a problem. On the other hand it's unfair to people who want to defend themselves to deny them a carry permit for no good reason.
Also, statistics have shown that citizens are less likely to shoot the wrong person than the police are. Probably because they usually know the situation better and usually only shoot at someone who shoots at them first. Most of the time citizens don't even have to shoot in order to save lives. Just showing the gun scares off the criminals.
>even if terrorists got their hands on weapons of mass destruction, every year there die more people of car accidents alone than a terrorist strike could kill.
Last I heard there were about 40,000 deaths in car accidents each year in the US. A single nuke in a dense group of skyscrapers could kill millions. That's decades of car accidents. Also it's not as if the number of deaths in car accidents is trivial. Riding in a car is dangerous. Even if terrorists just matched the number of car accidents, that would be a big deal. And if they can get one nuke they might well get several. There's also the devastation to the economy caused by us having to abandon the cities and spread out our population. And if the American economy is devastated it will hurt the rest of the world as well and result in numerous deaths as a result of worsening worldwide poverty.
None of this justifies the government taking excessive surveillance or police powers. Too much government power could be far more dangerous than any terrorists.
>it is very arrogant for somebody to think that BoA's security team did not think of this problem themselves.
That's what you'd think, but incompetent security never ceases to amaze. I know of a web site by one of the worlds largest financial companies that has an obvious MITM vulnerability. By what's said on the site they already know about it and either can't understand the very simple issue(for someone who understands the basics of cryptography) or they're ignoring it for some incomprehensible reason. Virtually every other secure site already does it right and the cost to fix it would only be a tiny link and not more than a few extra cpu cycles for the encryption.
>...so many more get killed in traffic each day than terrorists attacks each year (in western countries).
You missed the main point. It's not about how many have been killed in terrorists attacks each year, it's about how many will be killed. Without heightened security the terrorists might bring in nukes or make successful biological or chemical attacks. Then traffic accidents might pale in comparison.
I'm not saying the government doesn't take advantage of scare tactics but I think your odds are a little off.
Hackers Odds 1:10,000
Hacking has exploded along with the explosion of the internet. Virtually every computer user I know has been affected by viruses and trojans and such. Furthermore the costs of hacking are paid primarily by customers. Even if they didn't hack my account I still pay. Also, many hacks are covered up by the company that was the victim in order to avoid embarrassment.
terrorists odds 1:1,000,000
After the first World Trade Center bombing people were still thinking like you. But after 911 most people realized what you still haven't: The threat is real and it can get MUCH WORSE. One suitcase can drastically change those one-in-a-million odds. The probability of being the victim of a terrorist in the future isn't calculated by dividing the number of victims in the past by the population.
drug dealers 1:2 "The potential harm for most people is minor."
"Most" people sure, but that leaves a lot of room for misery and death in the other 49% or 10% or whatever percent of the population.
child molesters 1:100,000
Wikipedia refers to studies estimating molestation rates starting at 3%
communists 0:1 "Communism is an idea."
The danger of communism is that it's an idea that can be used to trick poor people into supporting the rise of a crooked totalitarian government. The tempting nature of the idea itself IS responsible for millions of deaths and much ongoing misery.
>One of the central tenets of supply-side theory is that tax cuts actually increase overall tax collections. There is something faintly foolish about this assertion...
If taxes are too low it's bad for everyone rich and poor because the government doesn't have enough money for needed services. If the tax rate is too high it's bad for everyone rich and poor because it destroys too much of the motivation to work. Somewhere in between there is an optimum tax rate. If taxes are way too high then cutting taxes WILL actually increase overall tax collections. The problem is that the ideal tax rate is different depending on whether you're optimizing for the benefit of the rich or the poor. The poor are probably better off with a higher overall tax rate and the rich are probably better off with a lower overall tax rate.
>[the friction] can be made insignificantly small by using a smooth surface.
Actually it turns out that a large portion of aerodynamic drag is caused by the sticky air in contact with the surface of your vehicle. You can think of air as kind of like a thin syrup. It's stickier than it seems. Even an object such as a very thin sheet slicing straight through the air has significant drag, no matter how polished it is. In fact the viscous drag can even be the majority of drag in an aircraft.
The BSD and GPL licenses have a sort of strange self contradictory quality. With the GPL you loose your freedom to take away freedom. BSD protects your freedom to take away freedom. Which is the license of freedom? Maybe both in a different way.
This kind of reminds me of when people object to the US imposing our values of freedom and democracy on other countries. By imposing freedom we're taking away the freedom to take away freedom. By imposing democracy we're forcing the country to run the government the way the country wants to run the government (under the theory that the only way to know how the country wants to run the government is to have votes)
Peak solar power at the equator at noon on a clear day is about 1000 Watts per square meter. According to Wikipedia the average power in North America including day and night and cloudy days is from 125 to 375 Watts per square meter. Current solar panels output about 15% of that.
drinkypoo wrote:
>Oracle is one of the great anti-freedom evils of our time simply because they backed the national ID database.
I don't think it's quite fair to condemn Oracle for supporting national ID cards. There are some privacy/anonymity violations that I think are serious problems, but the national ID card doesn't seem to me to be much of a problem. The GPS tracking devices required in everyones phone for the obviously bogus emergency call excuse, cameras being installed everywhere to track peoples movements, RFID tags in car tires with readers on overpasses, and treacherous control platform chips and remote control firmware being built into nearly all new computers are all serious problems. But national ID isn't significantly more invasive than the current state ID card system.
I was actually kind of disappointed when I found out they weren't going to be putting digital signature chips in the new cards because that would have been the only thing that would have made them hard to forge. With a digital signature from the feds the cards would probably be impossible to forge. The only way to create a fake ID would be to hack into the key server at headquarters. Cards could still be copied but it would be hard because the forgers would have to hack into the chip to get at the private key. Of course criminals might still be able to get real cards by bribing DMV employees. Without the chip and the benefits it would bring to anti forgery and therefore crime control then what's the point?
Of course an unforgeable ID card does transfer a significant extra chunk of power away from the people and to the government. Maybe it's bad for that reason.
I used to wonder how they could have enough bandwidth to serve wireless Internet from satellite to the whole country and likewise how they could provide local channels to so many different cities. I found out that the satellites can make separate broadcasts on the same frequencies to different parts of the country. I guess the parabolic antenna on the satellite has multiple feed points near each other near the focus of the antenna arranged in such a way that each one only broadcasts or receives for each major area. For a portable system like this you might have to get special service so it would work across the country if you were traveling.
Slashdot Mirror
I figured this was important enough to warrant a front page story. Both to inform a lot of users that wouldn't read the posts to some random security article, and to get enough publicity to spur the banks into action. The banks obviously know about this problem, so only a sufficient number of complaints would be likely to get them to fix it. Also, at the time, my posts weren't modded up as much as they are now. I wanted to get the issue well above the noise floor. As far as this being a link to a two year old blog entry, I'd say it's about time they fixed the problem.
In addition, the device needs buttons to signal the authorization and to enter a pin. It doesn't necessarily need a full keypad. Four buttons might be enough. You can't trust people's computer's not to capture their pins if they type it in at their keyboards. If there's no authorization button then a trojan can make unrestricted transactions whenever the device is plugged in.
Personal computers will probably never be very secure because they are made to do too many things. A small purpose built security device could have simple enough software that it may be able to achieve strong security.
A small keychain size device with maybe a two line display and four buttons would be reasonably convenient and would probably only cost about $10 in large quantity. They would probably need to be shareable between banks though because you're probably not going to want to carry very many if they're not thin like credit cards. Although there's a new credit card coming out with a display. A flexible display I guess. I see now reason they couldn't put some thin buttons on them.
http://blogs.msdn.com/ie/archive/2005/04/20/410240 .aspx
And for a method to do the man in the middle to a wireless user see airpwn
http://www.informit.com/guides/content.asp?g=secur ity&seqNum=158&rl=1
Better go with the bad username/password trick to get a full https page.
I was trying to tell my dad how to recognize what domain he was at, but I couldn't think of how to describe it while taking into account all the variations a phisher might use. Then I saw a regular expression designed to extract the domain name from a URL. It basically said to take the part just before the third slash. That seems pretty good to me and easy enough to explain to my dad. Can a scammer fake that? Another way in Firefox at least is that Firefox shows the domain on the status bar at the lower right.
Another problem I've run into lately is that a couple of institutions that I deal with have stopped using SSL encryption for the entire login page. They use regular http for most of the page and just have the username and password form submitted with https. The problem is that you see no padlock and there is no way to know that the page is really from the domain you see in the address bar. A man in the middle could have intercepted the page between you and the bank and removed the encryption from the login form and redirected your password to a bad guy. The entire page and everything on it needs to be encrypted with https or the page is insecure. Even Microsoft's Internet Explorer programmers say this is bad and tell the banks not to do it but the banks do it anyway. Read more about it at Microsoft's website.
http://blogs.msdn.com/ie/archive/2005/04/20/410240 .aspx
This is not just a possibility but it seems to me like a realistic attack. On most wired networks you don't have to worry too much about ISP employees doing a man in the middle attack on you, but if you're using wireless at a coffee shop you'd better watch out for the https in your address bar. A hacker might use something like airpwn
http://www.informit.com/guides/content.asp?g=secur ity&seqNum=158&rl=1
to do a man in the middle attack and to intercept your password. It looks like it would be pretty easy.
I read an easy way you can get an entirely encrypted login page even if they don't have one available. You start your login by giving a bogus username and password. The bank will usually come back with an entirely encrypted login page that says you entered the wrong password. Just check the domain and check for the s in https and then go ahead and enter the correct username and password.
I think the advantage of faxes is that they've been around long enough and they're simple enough that a significant number of people have learned to use them who still don't know how to do a scan and attach it to an email. I think there is also legal precedent for limited recognition of faxed contracts that may not apply to email attachments.
So maybe the reprofusion stress is what causes that tingly pain that happens when you restore circulation to a leg or whatever that has fallen asleep and gotten numb.
Of course the government could probably hack your phone any time they want, but on an open source phone they would probably have to use a great deal of discretion to prevent their entry methods from being detected by intrusion detection systems and consequently getting their holes plugged. That means they probably couldn't tap a lot of phones for a lot of time.
It's quite common these days for the authorities to hack peoples phones and turn them into bugging devices to eavesdrop on non phone conversations. Your phone may appear to be turned off but in fact it can be transmitting everything in the room to the cops or to criminals like industrial spies. Executives are told to remove the batteries from their phones when they are discussing sensitive issues. Of course that only works reliably if everyone else in the room also removes the battery from their phone. It's kind of weird to think that the cops have readily accessible bugging devices in everybody's pocket these days.
Phone encryption is so rarely used today that if you use it you may draw attention to yourself. If a really good hacker or a government targets you specifically then your security stands a large chance of being breached. Maybe if a lot of people start using it then it will become less suspicious. But governments are already talking about requiring key escrow so they can get into everything. If a lot of people start using phone encryption then they will surely clamp down on it.
The usual method of verifying the public keys is with a certificate authority like Verisign, who each party contacts to verify the key is the correct one for the party they're communicating with. Even then you have to know that you are really communicating with the real Verisign, which is done by relying on the key for Verisign that came installed with your web browser or encryption software. Other systems like Pretty Good Privacy email encryption, use key servers that perform about the same function as Verisign. For systems like ssh(secure shell) that don't usually use key servers, you just have to verify the key by some other method like having it given to you on paper or told to you over the phone, or if you can, like when both ends are your own computers, you just write it down when you install the key. Actually you usually compare the relatively shorter key fingerprint rather than the actual big long key.
Another issue to factor into the numbers of coal plant vs CFL mercury emissions is that probably the vast majority of CFLs will never get broken, and thus will not leak any mercury into the environment. Of course that doesn't help if one breaks on the carpet in your child's room. Maybe we should use LEDs in kids rooms. Parents can just refrain from licking and sniffing their floors.
They say the CO2 can be stored underground till we run out of space after a while. Then they say maybe entire mountain ranges of magnesium silicates can be converted to magnesium carbonates, because over the millenia that's what would happen to them naturally anyway. But Wikipedia says preparing the rock may be expensive. Another suggestion is to put the CO2 in the oceans where at depths below 10,000ft (3000m) the pressure keeps the CO2 liquid, and it's denser than water so it pools on the bottom. The CO2 might also be dissolved in worthless salty underground water deposits. It can be pumped into coal fields that aren't economical where it sticks to the coal and displaces methane which can then be used. It can be pumped into oil and gas fields. It can be dissolved in the ocean at shallower depths like 1000m or so, but it would make the water acidic and some would eventually re-enter the atmosphere. Of course Wikipedia has more http://en.wikipedia.org/wiki/Carbon_capture_and_st orage
The article doesn't say how it works. They link to a Discover Magazine article that describes one of their methods.r chterm=heading%20toward%20twice%20the%20CO2
http://discovermagazine.com/2005/oct/climate/?sea
Liquid sodium hydroxide turns to sodium carbonate as it absorbs CO2. Then you percolate it over solid calcium hydroxide and the calcium captures the carbon. Then you heat the calcium carbonate to 900 deg Celsius to get it to release the CO2.
They claim to have developed a new sorbent that isn't as nasty as sodium hydroxide, but none of the articles seem to say what it is.
Although the excuse is safety, the real reason for these license requirements is to reduce competition for the current professionals, and provide a cheap labor pool to exploit. These license requirements get passed for the same reason "forever copyright" laws get passed: the people who give contributions to legislators to pass them have a great deal of interest in them, but the voters in general are rarely even aware of the issue.
There's no excuse for basing the decision regarding a person's competency on an excessively long term of servitude to a self-interested party. If the license candidates aren't qualified after their training is complete, then their training is deficient. Whatever safety issues they're learning on the job should be taught during training. Whatever they must know, should be on a test. It's dangerous to rely on employers to fill the educational gaps that professional educators failed to address.
So I'm thinking that the way to do it is to have a keypad facing down so that you curl your fingers up to push the buttons so the person near you doesn't see. I figure having only four buttons would make it easier to enter the combo without looking. Buttons on the bottom would also have the advantage of keeping water out of your buttons.
One of the reasons I wanted a combo was I figured it would also be a lot faster than pulling the key out of my pocket every time. In fact I think a quick combo lock would be so quick that it wouldn't be too much trouble to just leave the door locked all the time.
Some other good features for the lock would be different combinations for everyone in the house. And some one time use combos and guest combos.
By the way if you are hiding a key outside your house make sure you put it around the corner or something so if someone is with you then you won't have to reveal your hiding place.
I now recognize the importance of an email provider that accepts ALL email addressed to you if you can't afford to lose messages. Use your own spam filtering so at least you can check your own junk mail folder if you're missing something important that you're expecting. And if you need your messages to go out reliably then you need to send by a method that won't be rejected by the major email providers.
That's a common sense view of the likely consequences of legal concealed carry. But it turns out that it just doesn't happen. In Vermont and Alaska, law abiding citizens can carry concealed weapons without even getting a permit. Vermont's murder rate is one of the lowest in the country. Alaska's is lower than average. In many states the law requires permits be given to law abiding citizens, usually after getting a little training. To spite hundreds of thousands of people carrying concealed, murder rates went DOWN when concealed carry was legalized (though some claim that it went down slightly more in states where concealed carry remained illegal). It's proven that you don't need to worry about idiots getting concealed carry permits and carrying guns. It's just not a problem. On the other hand it's unfair to people who want to defend themselves to deny them a carry permit for no good reason.
Also, statistics have shown that citizens are less likely to shoot the wrong person than the police are. Probably because they usually know the situation better and usually only shoot at someone who shoots at them first. Most of the time citizens don't even have to shoot in order to save lives. Just showing the gun scares off the criminals.
Last I heard there were about 40,000 deaths in car accidents each year in the US. A single nuke in a dense group of skyscrapers could kill millions. That's decades of car accidents. Also it's not as if the number of deaths in car accidents is trivial. Riding in a car is dangerous. Even if terrorists just matched the number of car accidents, that would be a big deal. And if they can get one nuke they might well get several. There's also the devastation to the economy caused by us having to abandon the cities and spread out our population. And if the American economy is devastated it will hurt the rest of the world as well and result in numerous deaths as a result of worsening worldwide poverty.
None of this justifies the government taking excessive surveillance or police powers. Too much government power could be far more dangerous than any terrorists.
That's what you'd think, but incompetent security never ceases to amaze. I know of a web site by one of the worlds largest financial companies that has an obvious MITM vulnerability. By what's said on the site they already know about it and either can't understand the very simple issue(for someone who understands the basics of cryptography) or they're ignoring it for some incomprehensible reason. Virtually every other secure site already does it right and the cost to fix it would only be a tiny link and not more than a few extra cpu cycles for the encryption.
You missed the main point. It's not about how many have been killed in terrorists attacks each year, it's about how many will be killed. Without heightened security the terrorists might bring in nukes or make successful biological or chemical attacks. Then traffic accidents might pale in comparison.
Hacking has exploded along with the explosion of the internet. Virtually every computer user I know has been affected by viruses and trojans and such. Furthermore the costs of hacking are paid primarily by customers. Even if they didn't hack my account I still pay. Also, many hacks are covered up by the company that was the victim in order to avoid embarrassment.
After the first World Trade Center bombing people were still thinking like you. But after 911 most people realized what you still haven't: The threat is real and it can get MUCH WORSE. One suitcase can drastically change those one-in-a-million odds. The probability of being the victim of a terrorist in the future isn't calculated by dividing the number of victims in the past by the population.
"Most" people sure, but that leaves a lot of room for misery and death in the other 49% or 10% or whatever percent of the population.
Wikipedia refers to studies estimating molestation rates starting at 3%
The danger of communism is that it's an idea that can be used to trick poor people into supporting the rise of a crooked totalitarian government. The tempting nature of the idea itself IS responsible for millions of deaths and much ongoing misery.
If taxes are too low it's bad for everyone rich and poor because the government doesn't have enough money for needed services. If the tax rate is too high it's bad for everyone rich and poor because it destroys too much of the motivation to work. Somewhere in between there is an optimum tax rate. If taxes are way too high then cutting taxes WILL actually increase overall tax collections. The problem is that the ideal tax rate is different depending on whether you're optimizing for the benefit of the rich or the poor. The poor are probably better off with a higher overall tax rate and the rich are probably better off with a lower overall tax rate.
>[the friction] can be made insignificantly small by using a smooth surface.
Actually it turns out that a large portion of aerodynamic drag is caused by the sticky air in contact with the surface of your vehicle. You can think of air as kind of like a thin syrup. It's stickier than it seems. Even an object such as a very thin sheet slicing straight through the air has significant drag, no matter how polished it is. In fact the viscous drag can even be the majority of drag in an aircraft.
This kind of reminds me of when people object to the US imposing our values of freedom and democracy on other countries. By imposing freedom we're taking away the freedom to take away freedom. By imposing democracy we're forcing the country to run the government the way the country wants to run the government (under the theory that the only way to know how the country wants to run the government is to have votes)
Peak solar power at the equator at noon on a clear day is about 1000 Watts per square meter. According to Wikipedia the average power in North America including day and night and cloudy days is from 125 to 375 Watts per square meter. Current solar panels output about 15% of that.
I don't think it's quite fair to condemn Oracle for supporting national ID cards. There are some privacy/anonymity violations that I think are serious problems, but the national ID card doesn't seem to me to be much of a problem. The GPS tracking devices required in everyones phone for the obviously bogus emergency call excuse, cameras being installed everywhere to track peoples movements, RFID tags in car tires with readers on overpasses, and treacherous control platform chips and remote control firmware being built into nearly all new computers are all serious problems. But national ID isn't significantly more invasive than the current state ID card system.
I was actually kind of disappointed when I found out they weren't going to be putting digital signature chips in the new cards because that would have been the only thing that would have made them hard to forge. With a digital signature from the feds the cards would probably be impossible to forge. The only way to create a fake ID would be to hack into the key server at headquarters. Cards could still be copied but it would be hard because the forgers would have to hack into the chip to get at the private key. Of course criminals might still be able to get real cards by bribing DMV employees. Without the chip and the benefits it would bring to anti forgery and therefore crime control then what's the point?
Of course an unforgeable ID card does transfer a significant extra chunk of power away from the people and to the government. Maybe it's bad for that reason.
I used to wonder how they could have enough bandwidth to serve wireless Internet from satellite to the whole country and likewise how they could provide local channels to so many different cities. I found out that the satellites can make separate broadcasts on the same frequencies to different parts of the country. I guess the parabolic antenna on the satellite has multiple feed points near each other near the focus of the antenna arranged in such a way that each one only broadcasts or receives for each major area. For a portable system like this you might have to get special service so it would work across the country if you were traveling.