Really? An app is perhaps downloaded 5000 times. It has 100 comments... 20 complain about the permissions. You cannot know how many people did not install it because of the permissions
How many people elected not to install because of permissions is a different question from those who would use tools to limit access if they had the opportunity.
Android is for the masses - so it must be easy. That does not preclude an "advanced settings" page. Entirely optional to use, but that is where the "nerd" will find the fine-grained permissions system. The "sheep" won't need to go there.
So, the nerds will block spyware and possibly ads. The sheep won't, so megacorps gets most of what they want. Win-win for everybody...
I'm constantly encouraged by volume of comments left about apps in app store regarding permissions or demanding to know why x is needed or why y is now needed with a new version of the same app. I think if given tools to properly control access we could be surprised by how much they actually get used by "normal" peeps.
We've already had legitimate tickets opened for Y2038 effecting customers *TODAY*
So, in the same way as nobody seriously gives a damn about ancient 486s, if you're still running 32-bit Linux in 24 years... well, that will be your damned problem.:-P
If the only thing a system uses time_t for is to report the current date and time I would tend to agree with you.
In the real world we don't have 24 years before shit starts hitting the fan.. not anywhere close to it. All the while 32-bit only chips continue to be stamped out en masse.
If this is an issue for you, I suggest you start pondering getting a 64-bit machine... you've got 24 years to do it.
If Microsoft can fix their compiler to make it happen so can Linux. We've been here before with basic file I/O constrained to 2^31 bytes. This was fixed and without breaking backwards compatibility in the ABI.
Comcast is way ahead of you, dude. They're already charging me $3/month per static routed IP address. I'm feeling plenty of "incentive" to move to IPv6, which of course they don't support at all. Well, they have a pilot program in some areas where each customer can get a/128. No shit, a whole/128 all to myself.
I've had IPv6 on Comcast for years with a/64 PD. Not 100% I believe anywhere you can get a/128 you can pull a/64 PD but need a DHCPv6 client to do it.
At very least they are trying to deploy to their entire network. Business customer support is lagging and some areas still lack access. They seem to be genuinely committed to full production quality deployment.
If we're too lazy to switch to ipv6 then they need to just start charging per ip. $1 per ip per year should be sufficient to cause plenty of ip hoarders to return their stock. If that's not enough then increase it to $1 per ip per month. Still small enough that it shouldn't really affect anyone too much. My guess is any computer that can't absorb a $1/month charge is not an actually computer and should have a private 10.0 number anyways.
Meanwhile disaggregation is not free and carries global costs on routing infrastructure not everyone has the resources to bear. Taking back addresses is like air lifting new deck chairs onto the titanic with much heavier solid lead versions to help the boat sink faster.
The *real* legitimate problem with time will occur in 2038, and we've already made the solution to that.
What is the solution for 32-bit Linux? Switch to 64-bit Linux? 32-bit only processors still being churned out en masse today with no available solution and no sign of this changing anytime soon.
To assume number of 32-bit systems in 2038 running Linux will be zero is more foolish than waiting to exhaustion before deploying IPv6.
Too many folks are caught up in the idea that prioritization is bad. There's a difference between between the philosophy of Network Neutrality and the operational reality of packet prioritization.
There is a difference between intra-domain and inter-domain prioritization and the operational futility of the latter.
It saddens me that Slashdot seems to have decided that they need to resort to the same tactics as the National Enquirer
In this case they are warranted. Cisco's statements cannot possibly be applied to the real world without picking winners and losers.
Cisco's comment concerns the prioritization of data depending on its type. I see nothing wrong with that.
Part of our basic jobs working with technology is to fundamentally understand and communicate what is and what is not possible.
When we mark your comment +5 insightful we fail at our jobs assuming Cisco lacks a traffic classification algorithm able to infer intent with superior intelligence to thinking human adversaries unwilling to wait for their slow lane bits to be transmitted over the wire.
We get a kick out of RFC3514 because it is funny. What makes Cisco's idea any less funny?
exactly this, and whole careers have been built by this. It goes by different names, Type of Services, QoS, Traffic Engineering. IPv6 has also provisions for this, so did ATM in its time. MPLS has a HUUUUGE component of this...
By all means prioritize intra-domain traffic within an organization. This makes sense and is widely deployed as you point out.
None of this has ever worked inter-domain on a big "I" Internet of untrustworthy users with competing interests.
Any and all traffic markings will be instantly gamed RFC3514 style reducing to classification based entirely on ownership (shady deals between mega content and mega ISPs) rather than actual need/merit.
Who would have thought Cisco prefers the world attempt to deploy foolish and hopelessly complex inter-domain prioritization schemes requiring $$$$$$ Cisco solutions to implement?
What we can see is that in countries like Australia the gun crime rate dropped dramatically after assault weapons were banned.
So what? I suspect if you were to interview the ghosts of murder victims or their families asking if it matters killing took place with a gun, bat, rock or fist you will find method of murder to be immaterial next to the effect of a dead person.
Simply asserting gun crime rates dropped by itself is wholly meaningless. You can tell fools with an agenda from a mile away when they make such statements without any further consideration for secondary effects.
The only question of import does a policy lead to reduction of overall murder rates or does it not. Also have to establish that a specific policy lead to change rather than aggregate contribution of other factors.
If for example gun crimes go down and knife or beating murders rise to take their place the same number of people are being killed at the hands of others so nobody is any safer.
There is no proof that having guns makes society safer. There is proof that eliminating guns does make society safer. So why do you still want them?
I suspect out of ignorance there is likely to be no salient evidence for either position. Effect on availability of weapons seems to take a back seat to social and political factors. Look at Africa, South America and the Caribbean... weapons availability aint going anywhere near explaining that shit no matter how hard you try.
So please feel free to share your "proof" with the rest of us. If inclined to rely on statistical evidence to establish causation please do first thumb thru statistical databases with the same amount of care and attention as your "proof" for contradictory evidence.
When you look carefully at experiments like Australia in aggregate overlaid with trends having nothing to do with specific policy change the "proof" signal suddenly looks more like noise.
Here in the US homicide rates was halved between 1992 and 2011 without any such constitutional amendment banning firearms. How do you explain that? The short answer is you don't and can't by looking at high level statistical data alone... but this seems to be the only thing those with agendas (both for and against) are willing to do...fool themselves by finding the evidence they want to see.
So your a long since retired double agent KGB goon and "spy friends" are still spoon feeding you sensitive information 16 years after "fleeing Moscow" and subsequently making a living selling information to the west? Sure I can believe that...
Suppose I can also believe CIA had credible information on "yellow cake from Africa", aluminum tubes, Iraq working with Al Qaeda and NSA not "wittingly" collecting call records of everyone in the US.
There seems to be a concerted effort to smear Snowden in absence of any objective credible evidence. News media never pays a price for engaging in propagation of hearsay or propaganda.
Breaking News: Peter King is an FSB agent and a secret friend of the DPRK.
The question is are you better off doing it than not? There are a number of valid arguments for not doing it. Fears of implementation errors and limited utility of reusing same data are valid points.
The cost however of insufficient practical randomness in a system is dire.. only question that matters in my opinion does the cost of doing it outweigh the benefits? The answer seems to be context dependent and far from obvious or simple to resolve.
Emphasis mine. Putting it in the pool is yet another attack vector, and a great way to increase the chance of something going wrong down the line. Either by mistake or by a planned malicious code change in parts of the code that doesn't seem to have anything to do with the private key.
Insufficient entropy also has costs. It is not prudent to look only at one side the ledger and make decisions based on it alone.
The problem with notification legislation it does nothing to address real world privacy violations. Lets look at Windows phone 8 for instance.
When you first set it up and wade thru arrays of privacy notices, license agreements and constantly nagged to allow something to upload all of your data, log your actions and tracking your location.
Even after answering no and everything off the system is configured in such a manner when you turn on "location" to use a local mapping application you also give MS the right to collect your location...so saying yes to using your location information privately also enables a third party to collect it...and if you don't like tough shit.
Huge percentage of Android apps demand your location and for most users tools to say no (ApOps, etc) are unavailable to them. Simply providing a take it or leave it notification in the real world solves nothing. Access demands have universally proven themselves to be worthless and dangerous in the real world.
Legislation route only works if "opting out" is mandated to be non-discriminatory where user is given enough granularity where their privacy will actually be protected. A choice along the lines of the subject is not a choice.
Personally I am opposed to this kind of legislation because it promotes locally optimal solutions... enough people need to refuse to tolerate the torrent of bullshit from mobile device vendors and associated ecosystem which continue to put needs of the user below needs of OS vendors, carriers and app vendors. We need to have enough people ticked off to support alternate solutions which put the user first.
Many years ago I was also dinged for provably impossible amount of roaming data given duration printed on bill while roaming from AT&T within the US.
The roaming network was basically old school GSM data service limited to 14.4k for ~5 minutes (and naturally completely useless) claiming I had used about a dozen MB data... this is physically impossible.. it takes about 5 minutes on a perfect day to transfer half of one MB at 14.4k.
At time suspected something wrong with cutovers between roaming and not...was able to get roaming charges dropped. Little surprised these old-school data pricing structures still exist but not so surprised at all AT&T wouldn't address basic problems within their billing that lead to gross over-charging.
I mean, OpenSSL will use your actual private key as a source of entropy. How messed up is that?
Is it messed up to add sensitive information to an entropy pool? From choice of wording it seems everyone should immediately and without reservation know better this is a stupid thing to do.
Question is this actually a valid position or more knee jerk based on unfounded fear, ignorance of operation of an entropy pool?
When functioning properly you shouldn't be able to extract anything except entropy from pool. It is surely possible to weaken a pool by providing known data. Likewise a pool initialized in a deterministic way with all known data except a low entropy sensitive key is surely disastrous no matter how carefully the pool is constructed.
In a case where sufficient entropy is provided either solely by a sensitive source or mix of usable sources it is not clear at all to me there is a practical exploit or benefit of having more quality entropy in any way outweigh risks of reduction of usable entropy.
Fear is healthy in this space yet by the same token unfounded fear can also yield counterproductive consequences.
What is clear from previous Internet wide key surveys lack of entropy is widespread in the real world and certainly is something we all need to be afraid of.
Of course it would be better if we had real random numbers (based on decay, thermal noise,etc) and dispensed with the hacks yet these things are not yet universally available and seems to be a lack of trust in the likes of RDRAND to exist in an unmolested form so hacks have to remain on the table in some usage contexts.
There, bolded it for you. There is *nothing* measured directly about "dark energy", or even "dark matter". It's all conjecture based on long distance observations.
Isn't everything conjecture based on observation?
There is already bullshit about "inflation" (ie. FTL expansion), but alas, that contradicts the basic laws that nothing travels faster than light... so another conundrum.
Limits on travel which maintain notion cause leads to effect in every reference frame apply only to the **propagation** thru space. They have nothing to say about restrictions to changes to space itself.
We should all feel free to associate inflationary theory with hand waving but lets do it for the right reasons.
We already proved what dark energy is. Dark energy is the force generated from scientists who were not getting their math homework to add up which pulls on additional grants and funding by making things up like dark matter and dark energy.
This is how most advancements in physics have been made no different than leveraging of conservation laws to probe what must be gaps in our knowledge. When energies of particles in a reaction don't add up you know there is something missing you don't understand needing further analysis to resolve. This is how progress is made.
If one planet is traveling at.51c and another planet is traveling the exact opposite direction at.51c then the two planets are separating at faster then the speed of light.
No dice, simple vector addition only provides useful answers for small relative velocities. At relativistic velocities you must include Lorentz transform or your answer will be uselessly wrong.
Oh by the way, did you notice, that she said matter is moving away faster than the speed of light, which is bullshit.
Speed of light only applies to *propagation* thru space. Expansion of space itself or other "superluminal" activity such as waving a laser pointer around in the air are not constrained by the speed of light.
Then while they're moving away faster than the speed of light, we know they're doing it because they're sending light back our direction at the speed of light and it's getting here, which is bullshit.
All the while light is propagating to you space is expanding for all of that time. If it takes light billions of years to reach earth in that time the distance and relative velocities has increased dramatically. This is why we are able to make observations well outside of our hubble sphere.
Okay, space is expanding. All of space. The universe itself. That is, the space-time fabric is expanding. I have no problem with that. But this would mean, not only the space between galaxies, but the space within galaxies as well; and everything within their star systems, and then everything that comprises their stars, planets, asteroids, etc.. Meaning the galaxies themselves are expanding at the same rate the space between them is, isn't it? Everything, large or small, is expanding together as the space-time fabric swells/stretches/grows? Even the space between atoms should be expanding too, because space is space.
Wouldn't that just mean that since everything is expanding together, from a relative viewpoint, nothing is really changing? Aren't we all growing in size along with the rest of the universe right now?
From WMAP observations expansion rate is very low on order of ~60km/s for any given ~3.3 million light year stretch of space. Gravitational forces overwhelm dark energy at scales of galaxies and clusters of galaxies. Result is only observable things that really change is distance between large gravitationally unbound objects.
Not only did the blank space increase, but so did the size of the dots. Relative to the size of the dots/galaxies themselves, the distance between them is still the same relative percentage of what it was before.
Only space between things get bigger not the things themselves however there should be local effects in form of very very subtle loss of relative energies.
So.. how is it that inter-galatic space is expanding, but relative to that, intra-galatic space isn't? Is it due to gravity? Or maybe the proposed dark matter that encircles galaxies?
Yep gravity. Dark matter is also very important as it provides most of the gravity.
who debunked theories that Heartbleed could only be exploited over TCP connections, and after the TLS handshake.
Do we really need a new name for the same vulnerability? None of this should come as surprise or news to any of us.
TLS works over any stream based channel with no dependencies on TCP. Obviously it is not limited to TCP.
Realization clients running OpenSSL stack would be vulnerable to the same problem is not news or novel information not previously well understood. Heartbeats are by construction a bi-directional affair. See also the original OpenSSL security advisory which explicitly stated the obvious:
OpenSSL Security Advisory [07 Apr 2014]
TLS heartbeat read overrun (CVE-2014-0160)
A missing bounds check in the handling of the TLS heartbeat extension can be used to reveal up to 64k of memory to a connected client or server.
You forgot the one where he knowingly and intentionally violated the law.
The US government knowingly and intentionally violated the law when it began to demand records of ALL calls made within the us and then began to LIE about it before congress where Alexander et al redefined the word "collect" and hoped nobody would parse his words carefully enough to notice.
The patriot act DOES NOT even authorize this. Collecting information on EVERYONE cannot possibly be relevant to a specific authorized investigation.
Don't shoot him. Life imprisonment should suffice. Or is there anybody here naive enough to believe that other nations don't do this?
The only thing that matters is the US government broke US law without any repercussion. Surely this is indefensible and any "but mommy johnny did it too" defense is worthless.
The same way the previous administrations "intelligence community" knowingly lied about the veracity of their Iraq WMD cover story prior to invasion of Iraq leading to hundreds of thousands of deaths with no repercussions.
I want to see US government officials go to jail.. hell in the case of Iraq no reason executions should not be on the table. Once that happens lets talk about Snowden's transgressions...
Legitimacy matters. If the state does not follow the law and is not held accountable it is foolish to expect the governed to show respect for law. I personally don't even care that what Snowden did is illegal... Wish I did but I don't.
Slashdot Mirror
Really? An app is perhaps downloaded 5000 times. It has 100 comments... 20 complain about the permissions. You cannot know how many people did not install it because of the permissions
How many people elected not to install because of permissions is a different question from those who would use tools to limit access if they had the opportunity.
Wrong.
Android is for the masses - so it must be easy. That does not preclude an "advanced settings" page. Entirely optional to use, but that is where the "nerd" will find the fine-grained permissions system. The "sheep" won't need to go there.
So, the nerds will block spyware and possibly ads. The sheep won't, so megacorps gets most of what they want. Win-win for everybody...
I'm constantly encouraged by volume of comments left about apps in app store regarding permissions or demanding to know why x is needed or why y is now needed with a new version of the same app. I think if given tools to properly control access we could be surprised by how much they actually get used by "normal" peeps.
Hmmm ... 2038 is in 24 years.
We've already had legitimate tickets opened for Y2038 effecting customers *TODAY*
So, in the same way as nobody seriously gives a damn about ancient 486s, if you're still running 32-bit Linux in 24 years ... well, that will be your damned problem. :-P
If the only thing a system uses time_t for is to report the current date and time I would tend to agree with you.
In the real world we don't have 24 years before shit starts hitting the fan .. not anywhere close to it. All the while 32-bit only chips continue to be stamped out en masse.
If this is an issue for you, I suggest you start pondering getting a 64-bit machine ... you've got 24 years to do it.
If Microsoft can fix their compiler to make it happen so can Linux. We've been here before with basic file I/O constrained to 2^31 bytes. This was fixed and without breaking backwards compatibility in the ABI.
Comcast is way ahead of you, dude. They're already charging me $3/month per static routed IP address. I'm feeling plenty of "incentive" to move to IPv6, which of course they don't support at all. Well, they have a pilot program in some areas where each customer can get a /128. No shit, a whole /128 all to myself.
I've had IPv6 on Comcast for years with a /64 PD. Not 100% I believe anywhere you can get a /128 you can pull a /64 PD but need a DHCPv6 client to do it.
At very least they are trying to deploy to their entire network. Business customer support is lagging and some areas still lack access. They seem to be genuinely committed to full production quality deployment.
If we're too lazy to switch to ipv6 then they need to just start charging per ip.
$1 per ip per year should be sufficient to cause plenty of ip hoarders to return their stock.
If that's not enough then increase it to $1 per ip per month. Still small enough that
it shouldn't really affect anyone too much. My guess is any computer that can't
absorb a $1/month charge is not an actually computer and should have a private
10.0 number anyways.
Meanwhile disaggregation is not free and carries global costs on routing infrastructure not everyone has the resources to bear. Taking back addresses is like air lifting new deck chairs onto the titanic with much heavier solid lead versions to help the boat sink faster.
http://blog.pierky.com/avoid-c...
We are quickly approaching the point where it takes more effort to be "lazy" than it does to deploy ipv6.
The *real* legitimate problem with time will occur in 2038, and we've already made the solution to that.
What is the solution for 32-bit Linux? Switch to 64-bit Linux? 32-bit only processors still being churned out en masse today with no available solution and no sign of this changing anytime soon.
To assume number of 32-bit systems in 2038 running Linux will be zero is more foolish than waiting to exhaustion before deploying IPv6.
Too many folks are caught up in the idea that prioritization is bad. There's a difference between between the philosophy of Network Neutrality and the operational reality of packet prioritization.
There is a difference between intra-domain and inter-domain prioritization and the operational futility of the latter.
It saddens me that Slashdot seems to have decided that they need to resort to the same tactics as the National Enquirer
In this case they are warranted. Cisco's statements cannot possibly be applied to the real world without picking winners and losers.
Cisco's comment concerns the prioritization of data depending on its type. I see nothing wrong with that.
Part of our basic jobs working with technology is to fundamentally understand and communicate what is and what is not possible.
When we mark your comment +5 insightful we fail at our jobs assuming Cisco lacks a traffic classification algorithm able to infer intent with superior intelligence to thinking human adversaries unwilling to wait for their slow lane bits to be transmitted over the wire.
We get a kick out of RFC3514 because it is funny. What makes Cisco's idea any less funny?
The internet had, since IPv4, provisions for
Only small 'i' internets.
exactly this, and whole careers have been built by this. It goes by different names, Type of Services, QoS, Traffic Engineering. IPv6 has also provisions for this, so did ATM in its time. MPLS has a HUUUUGE component of this...
By all means prioritize intra-domain traffic within an organization. This makes sense and is widely deployed as you point out.
None of this has ever worked inter-domain on a big "I" Internet of untrustworthy users with competing interests.
Any and all traffic markings will be instantly gamed RFC3514 style reducing to classification based entirely on ownership (shady deals between mega content and mega ISPs) rather than actual need/merit.
Who would have thought Cisco prefers the world attempt to deploy foolish and hopelessly complex inter-domain prioritization schemes requiring $$$$$$ Cisco solutions to implement?
What we can see is that in countries like Australia the gun crime rate dropped dramatically after assault weapons were banned.
So what? I suspect if you were to interview the ghosts of murder victims or their families asking if it matters killing took place with a gun, bat, rock or fist you will find method of murder to be immaterial next to the effect of a dead person.
Simply asserting gun crime rates dropped by itself is wholly meaningless. You can tell fools with an agenda from a mile away when they make such statements without any further consideration for secondary effects.
The only question of import does a policy lead to reduction of overall murder rates or does it not. Also have to establish that a specific policy lead to change rather than aggregate contribution of other factors.
If for example gun crimes go down and knife or beating murders rise to take their place the same number of people are being killed at the hands of others so nobody is any safer.
There is no proof that having guns makes society safer. There is proof that eliminating guns does make society safer. So why do you still want them?
I suspect out of ignorance there is likely to be no salient evidence for either position. Effect on availability of weapons seems to take a back seat to social and political factors. Look at Africa, South America and the Caribbean... weapons availability aint going anywhere near explaining that shit no matter how hard you try.
So please feel free to share your "proof" with the rest of us. If inclined to rely on statistical evidence to establish causation please do first thumb thru statistical databases with the same amount of care and attention as your "proof" for contradictory evidence.
When you look carefully at experiments like Australia in aggregate overlaid with trends having nothing to do with specific policy change the "proof" signal suddenly looks more like noise.
Here in the US homicide rates was halved between 1992 and 2011 without any such constitutional amendment banning firearms. How do you explain that? The short answer is you don't and can't by looking at high level statistical data alone... but this seems to be the only thing those with agendas (both for and against) are willing to do...fool themselves by finding the evidence they want to see.
So your a long since retired double agent KGB goon and "spy friends" are still spoon feeding you sensitive information 16 years after "fleeing Moscow" and subsequently making a living selling information to the west? Sure I can believe that...
Suppose I can also believe CIA had credible information on "yellow cake from Africa", aluminum tubes, Iraq working with Al Qaeda and NSA not "wittingly" collecting call records of everyone in the US.
There seems to be a concerted effort to smear Snowden in absence of any objective credible evidence. News media never pays a price for engaging in propagation of hearsay or propaganda.
Breaking News: Peter King is an FSB agent and a secret friend of the DPRK.
That everyone seems to be clamoring for data is reason enough to distrust the motives of those engaged in the endeavor.
How is it adding entropy to the pool if you keep using the same private key as one of the inputs?
The entropy estimate is zero when the keys are used.
From evp_pkey.c
The question is are you better off doing it than not? There are a number of valid arguments for not doing it. Fears of implementation errors and limited utility of reusing same data are valid points.
The cost however of insufficient practical randomness in a system is dire.. only question that matters in my opinion does the cost of doing it outweigh the benefits? The answer seems to be context dependent and far from obvious or simple to resolve.
Emphasis mine. Putting it in the pool is yet another attack vector, and a great way to increase the chance of something going wrong down the line. Either by mistake or by a planned malicious code change in parts of the code that doesn't seem to have anything to do with the private key.
Insufficient entropy also has costs. It is not prudent to look only at one side the ledger and make decisions based on it alone.
The problem with notification legislation it does nothing to address real world privacy violations. Lets look at Windows phone 8 for instance.
When you first set it up and wade thru arrays of privacy notices, license agreements and constantly nagged to allow something to upload all of your data, log your actions and tracking your location.
Even after answering no and everything off the system is configured in such a manner when you turn on "location" to use a local mapping application you also give MS the right to collect your location...so saying yes to using your location information privately also enables a third party to collect it...and if you don't like tough shit.
Huge percentage of Android apps demand your location and for most users tools to say no (ApOps, etc) are unavailable to them. Simply providing a take it or leave it notification in the real world solves nothing. Access demands have universally proven themselves to be worthless and dangerous in the real world.
Legislation route only works if "opting out" is mandated to be non-discriminatory where user is given enough granularity where their privacy will actually be protected. A choice along the lines of the subject is not a choice.
Personally I am opposed to this kind of legislation because it promotes locally optimal solutions... enough people need to refuse to tolerate the torrent of bullshit from mobile device vendors and associated ecosystem which continue to put needs of the user below needs of OS vendors, carriers and app vendors. We need to have enough people ticked off to support alternate solutions which put the user first.
Many years ago I was also dinged for provably impossible amount of roaming data given duration printed on bill while roaming from AT&T within the US.
The roaming network was basically old school GSM data service limited to 14.4k for ~5 minutes (and naturally completely useless) claiming I had used about a dozen MB data... this is physically impossible.. it takes about 5 minutes on a perfect day to transfer half of one MB at 14.4k.
At time suspected something wrong with cutovers between roaming and not...was able to get roaming charges dropped. Little surprised these old-school data pricing structures still exist but not so surprised at all AT&T wouldn't address basic problems within their billing that lead to gross over-charging.
I mean, OpenSSL will use your actual private key as a source of entropy. How messed up is that?
Is it messed up to add sensitive information to an entropy pool? From choice of wording it seems everyone should immediately and without reservation know better this is a stupid thing to do.
Question is this actually a valid position or more knee jerk based on unfounded fear, ignorance of operation of an entropy pool?
When functioning properly you shouldn't be able to extract anything except entropy from pool. It is surely possible to weaken a pool by providing known data. Likewise a pool initialized in a deterministic way with all known data except a low entropy sensitive key is surely disastrous no matter how carefully the pool is constructed.
In a case where sufficient entropy is provided either solely by a sensitive source or mix of usable sources it is not clear at all to me there is a practical exploit or benefit of having more quality entropy in any way outweigh risks of reduction of usable entropy.
Fear is healthy in this space yet by the same token unfounded fear can also yield counterproductive consequences.
What is clear from previous Internet wide key surveys lack of entropy is widespread in the real world and certainly is something we all need to be afraid of.
Of course it would be better if we had real random numbers (based on decay, thermal noise,etc) and dispensed with the hacks yet these things are not yet universally available and seems to be a lack of trust in the likes of RDRAND to exist in an unmolested form so hacks have to remain on the table in some usage contexts.
There, bolded it for you. There is *nothing* measured directly about "dark energy", or even "dark matter". It's all conjecture based on long distance observations.
Isn't everything conjecture based on observation?
There is already bullshit about "inflation" (ie. FTL expansion), but alas, that contradicts the basic laws that nothing travels faster than light... so another conundrum.
Limits on travel which maintain notion cause leads to effect in every reference frame apply only to the **propagation** thru space. They have nothing to say about restrictions to changes to space itself.
We should all feel free to associate inflationary theory with hand waving but lets do it for the right reasons.
We already proved what dark energy is. Dark energy is the force generated from scientists who were not getting their math homework to add up which pulls on additional grants and funding by making things up like dark matter and dark energy.
This is how most advancements in physics have been made no different than leveraging of conservation laws to probe what must be gaps in our knowledge. When energies of particles in a reaction don't add up you know there is something missing you don't understand needing further analysis to resolve. This is how progress is made.
If one planet is traveling at .51c and another planet is traveling the exact opposite direction at .51c then the two planets are separating at faster then the speed of light.
No dice, simple vector addition only provides useful answers for small relative velocities. At relativistic velocities you must include Lorentz transform or your answer will be uselessly wrong.
Oh by the way, did you notice, that she said matter is moving away faster than the speed of light, which is bullshit.
Speed of light only applies to *propagation* thru space. Expansion of space itself or other "superluminal" activity such as waving a laser pointer around in the air are not constrained by the speed of light.
Then while they're moving away faster than the speed of light, we know they're doing it because they're sending light back our direction at the speed of light and it's getting here, which is bullshit.
All the while light is propagating to you space is expanding for all of that time. If it takes light billions of years to reach earth in that time the distance and relative velocities has increased dramatically. This is why we are able to make observations well outside of our hubble sphere.
Okay, space is expanding. All of space. The universe itself. That is, the space-time fabric is expanding. I have no problem with that. But this would mean, not only the space between galaxies, but the space within galaxies as well; and everything within their star systems, and then everything that comprises their stars, planets, asteroids, etc.. Meaning the galaxies themselves are expanding at the same rate the space between them is, isn't it? Everything, large or small, is expanding together as the space-time fabric swells/stretches/grows? Even the space between atoms should be expanding too, because space is space.
Wouldn't that just mean that since everything is expanding together, from a relative viewpoint, nothing is really changing? Aren't we all growing in size along with the rest of the universe right now?
From WMAP observations expansion rate is very low on order of ~60km/s for any given ~3.3 million light year stretch of space. Gravitational forces overwhelm dark energy at scales of galaxies and clusters of galaxies. Result is only observable things that really change is distance between large gravitationally unbound objects.
Not only did the blank space increase, but so did the size of the dots. Relative to the size of the dots/galaxies themselves, the distance between them is still the same relative percentage of what it was before.
Only space between things get bigger not the things themselves however there should be local effects in form of very very subtle loss of relative energies.
So.. how is it that inter-galatic space is expanding, but relative to that, intra-galatic space isn't? Is it due to gravity? Or maybe the proposed dark matter that encircles galaxies?
Yep gravity. Dark matter is also very important as it provides most of the gravity.
who debunked theories that Heartbleed could only be exploited over TCP connections, and after the TLS handshake.
Do we really need a new name for the same vulnerability? None of this should come as surprise or news to any of us.
TLS works over any stream based channel with no dependencies on TCP. Obviously it is not limited to TCP.
Realization clients running OpenSSL stack would be vulnerable to the same problem is not news or novel information not previously well understood. Heartbeats are by construction a bi-directional affair. See also the original OpenSSL security advisory which explicitly stated the obvious:
You forgot the one where he knowingly and intentionally violated the law.
The US government knowingly and intentionally violated the law when it began to demand records of ALL calls made within the us and then began to LIE about it before congress where Alexander et al redefined the word "collect" and hoped nobody would parse his words carefully enough to notice.
The patriot act DOES NOT even authorize this. Collecting information on EVERYONE cannot possibly be relevant to a specific authorized investigation.
Don't shoot him. Life imprisonment should suffice. Or is there anybody here naive enough to believe that other nations don't do this?
The only thing that matters is the US government broke US law without any repercussion. Surely this is indefensible and any "but mommy johnny did it too" defense is worthless.
The same way the previous administrations "intelligence community" knowingly lied about the veracity of their Iraq WMD cover story prior to invasion of Iraq leading to hundreds of thousands of deaths with no repercussions.
I want to see US government officials go to jail.. hell in the case of Iraq no reason executions should not be on the table. Once that happens lets talk about Snowden's transgressions...
Legitimacy matters. If the state does not follow the law and is not held accountable it is foolish to expect the governed to show respect for law. I personally don't even care that what Snowden did is illegal... Wish I did but I don't.