Do you really think, based on just TFA, that Vint Cerf of all people would design such a flawed protocol?
Yes, if he can design it under the assumption that all nodes are trusted. As long as there's an appropriate node authorization presented at connection time, then the node can safely queue such data on the authorized party's behalf.
Honestly, while it may not be funny, what's wrong with people bonding over a shared appreciation for a joke/movie/book/what not? You don't like it, skip over the posts.
Don't worry, thats quite common. Its also common for populations to implode upon such revelations - so we tread carefully.
By making ET a big joke or otherwise popularizing it, so the populace would be completely desensitized to the news or laugh at it when it finally does come out!
Right, but the step-down transformers and rectification in computer power supplies, and cheap electronic power supplies are less than 85% efficient. So a great deal of power is being lost end to end.
Well no, the price of electricity will drop until the supply balances out the demand. At a certain point, the price of electricity will be so cheap that it won't make economic sense to mount panels anymore. Basic economics!
Of course, if they can achieve the same end result by a different method, then that's not infringing.
Not sure that makes sense. A drug company that invents a new drug prevents other companies from producing that same or bio-equivalent drug even using different methods. That would seem to fall under your classification of "achieve the same result by a different method".
But software is kinda like writing a book (so it should be copyright), yet it is used to build the internals of an infinitely modifiable machine (so it should be patented).
I don't see the problem. The hardware is patented, the software is copyrighted. Where is the confusion?
I believe his point is that a great many species show very little sign of change, in spite of large-scale changes in the geological record. Evolution has poor "predictive" powers, he would argue.
Indeed, one cannot currently predict how a species may or may not evolve, since we don't really have a good understanding of gene expression. That's due primarily to a lack of understanding, not a flaw in the theory. We can foresee that one day we might be able to predict beneficial mutations given certain environmental conditions, but a great deal of research needs to fill in some gaps first.
his point would be that the ability to select from a known state is not at all the same as creating something entirely new. Selection has insufficient "creative" powers, he would argue.
Selection is not creating anything, mutation is. Selection merely weeds out the bad mutations.
For instance, see this recent announcement of a reproducible random mutation of E. Coli which enabled them to start metabolizing citrate. Once they narrow down the series of generations which led to this mutation, we'll get a clear picture of how random mutations can lead to beneficial traits and possibly speciation. It's a very exciting discovery, and the patience and effort that went into it is mind-boggling. I think this experiment will turn out to be critical to evolution and natural selection.
He states that since many organisms do not change for millions of years there is something wrong with the argument
I'm not sure I see the problem. If the environment does not appreciably change, there is little to no selection pressure, and so little change in a species.
extrapolation to macroevolution or even permanent microevolution is unwarranted
Why are either of those extrapolations invalid? A sequence of microevolutions can lead to speciation.
Creationism can't be proven wrong, which is why it isn't science.
Well, "Intelligent Design" for a given trait can be falsified by demonstrating a natural way for said trait to have evolved. ID is still not scientific though, since it has absolutely no explanatory or predictive power whatsoever.
See The Better String Library. Haven't used it myself, but it's supposedly very portable, high performance, and has good interoperability with normal null terminated C strings.
It's not about the selling of fucking, per se, it's about the conditions which prostitutes are usually subjected to (pimps, madams, etc), and a misguided society trying to protect them from them.
Which is created by making prostitution illegal and driving it to the criminal element.
It doesn't say anything of the security of the actual site. It never has. It tells you something about the *connection*. Why are you confused about this?
I'm not confused. The point is this level of security is insufficient to the point where it's next to useless to most people. Security problems are much broader than secure connections to unknown parties, despite what the CAs claim.
Poor justification for what?
Poor justification for the usefulness and costs of certificate authorities.
You have a problem with what the trusted third partys role in SSL is? Then pray, how are you going to solve the man in the middle-problem?
Secure introduction. You know, an introduction from a party with whom you actually have a meaningful trust relationship.
I don't know about you but I haven't the slightest idea about how to go about inventing new math.
Creating new math isn't that hard. It's just a bunch of made up rules (the axioms), that should be consistent with one another (lead to no contradictions). Creating a useful math is indeed hard, and creating a useful math to solve a particular problem you're interested in is even tougher. Discovering new mathematical techniques in existing math is also just as hard.
Maybe I'm dense, but I don't see how some TCP/IP traffic is any worse than any other. It's all just packets on the wire.
If the directions of the packets are somewhat abnormal of traditional traffic, it's because the ISPs have structured their networks to optimize local client to backbone server traffic patterns. So that assumption no longer holds. Who's fault is that?
The CERT authenticates that you are talking to the site a trusted third party has signed a certificate for.
Trusted by whom? Certainly not me, the user. I think the use of such ambiguous language creates a false sense of security.
It means that an attacker isn't between you and the site.
No, but the attacker may BE the site. In other words, certs are not a means of secure introduction.
Saying that certificate authorities are necessary only because they foil man in the middle attacks is a poor justification. There are a plethora of other significant attacks that CA certs in their current form cannot prevent.
Of course they help, that's the purpose of CAs and certs.
No, they really don't.
Assuming your machine, the web site, and the CA are not compromised
Which is still one more point of failure than the system I desribed.
all you have to do is look at the domain name -- which is what I meant by paying attention.
I know exactly what you meant. And yet, with Unicode URLs becoming standardized, we now have multiple glyphs that look exactly the same but are really different characters. How do you protect yourself then?
Furthermore, your stronger technical background is blinding you to the fact that the information presented in a URL, a cert, and so on, is not as clear to others as it is to you. You're also conventiently forgetting all the things you can't do, like follow links in e-mails purporting to be from your bank. The petname tool approach solves all of these problems.
It's unnecessary to validate it any further.
There is no "further validation". The petname toolbar requires less validation than a CA-based system.
Slashdot Mirror
Do you really think, based on just TFA, that Vint Cerf of all people would design such a flawed protocol?
Yes, if he can design it under the assumption that all nodes are trusted. As long as there's an appropriate node authorization presented at connection time, then the node can safely queue such data on the authorized party's behalf.
Honestly, while it may not be funny, what's wrong with people bonding over a shared appreciation for a joke/movie/book/what not? You don't like it, skip over the posts.
Don't worry, thats quite common. Its also common for populations to implode upon such revelations - so we tread carefully.
By making ET a big joke or otherwise popularizing it, so the populace would be completely desensitized to the news or laugh at it when it finally does come out!
Right, but the step-down transformers and rectification in computer power supplies, and cheap electronic power supplies are less than 85% efficient. So a great deal of power is being lost end to end.
Well no, the price of electricity will drop until the supply balances out the demand. At a certain point, the price of electricity will be so cheap that it won't make economic sense to mount panels anymore. Basic economics!
Of course, if they can achieve the same end result by a different method, then that's not infringing.
Not sure that makes sense. A drug company that invents a new drug prevents other companies from producing that same or bio-equivalent drug even using different methods. That would seem to fall under your classification of "achieve the same result by a different method".
But software is kinda like writing a book (so it should be copyright), yet it is used to build the internals of an infinitely modifiable machine (so it should be patented).
I don't see the problem. The hardware is patented, the software is copyrighted. Where is the confusion?
Cool thing about research: it's not limited to use within one company! Much of the research is published and presented for the world at large to use.
I believe his point is that a great many species show very little sign of change, in spite of large-scale changes in the geological record. Evolution has poor "predictive" powers, he would argue.
Indeed, one cannot currently predict how a species may or may not evolve, since we don't really have a good understanding of gene expression. That's due primarily to a lack of understanding, not a flaw in the theory. We can foresee that one day we might be able to predict beneficial mutations given certain environmental conditions, but a great deal of research needs to fill in some gaps first.
his point would be that the ability to select from a known state is not at all the same as creating something entirely new. Selection has insufficient "creative" powers, he would argue.
Selection is not creating anything, mutation is. Selection merely weeds out the bad mutations.
For instance, see this recent announcement of a reproducible random mutation of E. Coli which enabled them to start metabolizing citrate. Once they narrow down the series of generations which led to this mutation, we'll get a clear picture of how random mutations can lead to beneficial traits and possibly speciation. It's a very exciting discovery, and the patience and effort that went into it is mind-boggling. I think this experiment will turn out to be critical to evolution and natural selection.
He states that since many organisms do not change for millions of years there is something wrong with the argument
I'm not sure I see the problem. If the environment does not appreciably change, there is little to no selection pressure, and so little change in a species.
extrapolation to macroevolution or even permanent microevolution is unwarranted
Why are either of those extrapolations invalid? A sequence of microevolutions can lead to speciation.
ID's claims of irreducible complexity are indeed falsifiable. It's still not scientific though.
Creationism can't be proven wrong, which is why it isn't science.
Well, "Intelligent Design" for a given trait can be falsified by demonstrating a natural way for said trait to have evolved. ID is still not scientific though, since it has absolutely no explanatory or predictive power whatsoever.
Not true! Their DVD movies are pretty cheap sometimes. :-)
The DotGNU project compiles C to the CLR, so that fits the bill.
See The Better String Library. Haven't used it myself, but it's supposedly very portable, high performance, and has good interoperability with normal null terminated C strings.
It's not about the selling of fucking, per se, it's about the conditions which prostitutes are usually subjected to (pimps, madams, etc), and a misguided society trying to protect them from them.
Which is created by making prostitution illegal and driving it to the criminal element.
It doesn't say anything of the security of the actual site. It never has. It tells you something about the *connection*. Why are you confused about this?
I'm not confused. The point is this level of security is insufficient to the point where it's next to useless to most people. Security problems are much broader than secure connections to unknown parties, despite what the CAs claim.
Poor justification for what?
Poor justification for the usefulness and costs of certificate authorities.
You have a problem with what the trusted third partys role in SSL is? Then pray, how are you going to solve the man in the middle-problem?
Secure introduction. You know, an introduction from a party with whom you actually have a meaningful trust relationship.
I don't know about you but I haven't the slightest idea about how to go about inventing new math.
Creating new math isn't that hard. It's just a bunch of made up rules (the axioms), that should be consistent with one another (lead to no contradictions). Creating a useful math is indeed hard, and creating a useful math to solve a particular problem you're interested in is even tougher. Discovering new mathematical techniques in existing math is also just as hard.
Maybe I'm dense, but I don't see how some TCP/IP traffic is any worse than any other. It's all just packets on the wire.
If the directions of the packets are somewhat abnormal of traditional traffic, it's because the ISPs have structured their networks to optimize local client to backbone server traffic patterns. So that assumption no longer holds. Who's fault is that?
Modules are not part of the kernel.
The CERT authenticates that you are talking to the site a trusted third party has signed a certificate for.
Trusted by whom? Certainly not me, the user. I think the use of such ambiguous language creates a false sense of security.
It means that an attacker isn't between you and the site.
No, but the attacker may BE the site. In other words, certs are not a means of secure introduction.
Saying that certificate authorities are necessary only because they foil man in the middle attacks is a poor justification. There are a plethora of other significant attacks that CA certs in their current form cannot prevent.
As you said, he certainly should know why rebooting would be necessary when updating part of the OS.
When dealing with operating systems, the only time you really need to reboot is when replacing part of the kernel. The rest is all dynamically loaded.
Of course they help, that's the purpose of CAs and certs.
No, they really don't.
Assuming your machine, the web site, and the CA are not compromised
Which is still one more point of failure than the system I desribed.
all you have to do is look at the domain name -- which is what I meant by paying attention.
I know exactly what you meant. And yet, with Unicode URLs becoming standardized, we now have multiple glyphs that look exactly the same but are really different characters. How do you protect yourself then?
Furthermore, your stronger technical background is blinding you to the fact that the information presented in a URL, a cert, and so on, is not as clear to others as it is to you. You're also conventiently forgetting all the things you can't do, like follow links in e-mails purporting to be from your bank. The petname tool approach solves all of these problems.
It's unnecessary to validate it any further.
There is no "further validation". The petname toolbar requires less validation than a CA-based system.
Responded to the wrong post. Let's try that again:
If private data is sent to the wrong hostname, how is this not the user's fault?
Is the information presented to the user in a way that is meanginful to them, such that they can then verify the legitimacy of the site?
No, a user requires significant technical knowledge to make this judgment. The system is flawed. I described this elsewhere together with a real solution.
Is the information presented to the user in a way that is meanginful to them, such that they can then verify the legitimacy of the site?
No. I described this elsewhere together with a real solution.