When you add decision points about issues the average user has no practical basis for making an informed determination you just make matters worse by adding confusion and uncertainty able to be leveraged by adversaries.
Now instead of secure and not secure.. ideally working and not working... we are hurling FUD and technobabble at users whose day job is NOT technology.
Who am I trying to kid...f@#uck...it...ya'll just need more reassuring padlock.gifs to adorn your secure sites.
It should start at the certificate authorities. They should've been planning for sha-1 to be unsupported by x date, and not issuing certificates valid past that date.
Certificate authorities roots also use SHA1 and typically carry validity periods of decades.
Tell that to my 10 megaBYTE per second downstream that still has trouble with YouTube sometimes. 4Mbps would be unusably slow on the modern internet, unless you turned off all media, and adblocked everything. Hell, 10Mbps would still feel like drowning in quicksand to me, even for basic web browsing...and I doubt I'm alone.
I can see consumers thinking to themselves hey my 10mbit connection is slow.. websites take a long time to load and shit is always buffering. If only I upgrade to 100mbit it will be faster.. 10x faster...even!!
Perhaps some of the same consumers with Satellite TV service are lining up at bestbuy for their new 4k TVs.. 4x more pixels 4x less macro blocking!!!!!1!!!
If your an ISP filing FCC form 477 broadband **CURRENTLY** means the following:
Broadband Connection: A wired line or wireless channel that terminates at an end-user location and enables the end user to receive information from and/or send information to the Internet at information transfer rates exceeding 200 kbps in at least one direction.
While I don't have much of an opinion about definitions... 4Mbps vs 10Mbps there needs to be consistency throughout. The FCC should not get to pick and chose what broadband means based on where in law/rules the term is used.
Freakouts over minor incidents necessitating changing course. Apparently common sense has been brutally slaughtered by terrorists and bureaucratic CYA.
Seeing a profit in pissing off or otherwise making your customers as uncomfortable as possible. How much does it cost per plane to rearrange all those seats again when one of the airlines starts running ads comparing legroom?
Personally, I think XMPP has the problem solved well enough. Their general architecture is superior to email in terms of verifying that you really know where a message came from, so if you receive spam from user@example.com,
XMPP is embarrassingly similar to email it only seems less spammy because nobody uses it.
...and because each server knows the contact list of its users, it has a good clue about whether that message is spam even before doing any content analysis
Reputation analysis by more voodoo algorithms which assume server is big enough to develop any meaningful clue and not misinterpret results. I'm sick of algorithms... email at the very least used to be reliable...now it is anyone's guess whether a message will be silently dropped for no human understandable reason.
because there's no culture of "spam is an unavoidable problem" in XMPP, nor is there even a culture of "bulk messaging must be allowed" and so no one can even claim ignorance about what their users are doing.
More like a culture of denial. XMPP does NOT meaningfully address spam in any way that matters.
but for now it seems the spammers don't even care about XMPP, probably because email isn't just low-hanging fruit, it's fruit that has fallen from the tree and has been rotting on the ground for years.
Keep on dreamin... they don't care cuz no ones home.
The advantage of SCTP is that it is not a retarded implementation of go back N.
SCTP has all the same limitations as TCP at the SCTP stream level.
Which means it can operate efficiently at high speeds on unreliable networks. Also the channels could be easily and automatically used with HTTP to replace the inefficient pipelining. With TCP something like SPDY had to reimplement channels on a higher level.
This is semantically identical to opening multiple TCP sessions - one for each stream. If you were to lower round trip cost of subsequent session setup in TCP to zero (e.g. fast open extensions) then you essentially have the useful advantage of SCTP without SCTP.
The only benefit SCTP has is multipath failover baked in and you can't even use the extra paths concurrently it only exists as a contingency.
Your statement as shown can be applied to the internal combustion engine, or any other technology. Rejecting any change out of hand without consideration is incredibly sad
There are only so many hours in a day... ignoring/rejecting silliness out of ignorance is often a practical necessity.
Yes it's important to take everything with a grain of salt, but everything should be at least considered.
"Everything"...sort of...includes magic unicorns and assorted demon things observed while trip-pin' on mushr00ms...
See also trusted Internets, motor/generator free energy machines and application of ternary logic to prevent IPv4 exhaustion.
It only takes one successful change to have a dramatic impact and improve the lives of many.
Well paying out that $25k to play is sure to improve the life of someone.
Whenever someone says "4G" half the time all I hear is "orgy". Is it just me or are other people having this same problem? This all started with the T-Mobile 4G chick and proceeded downhill from there.
Had to pause and rewind the commercials... all I kept hearing was "my touch orgy".. when I knew consciously she must be saying "my touch 4G"... I'm clearly going to hell.. and clearly high speed cellular networks are sinful.
Translation, you'd spend more time and effort figuring out how to manager your internet connection that you could have spent earning money by doing productive work. Arbitrary bandwidth limits are a clear-cut drag on productivity.
In the real world we must all deal with arbitrary bandwidth/resource limits there is no escaping it ever.
Every situation must stand on its own merit. It is possible under specific conditions for laziness in the form of insufficient effort to reduce resource utilization end up costing more in productivity and that what you think is freeing you from having to care is actually propagating a sub-optimal working environment.
Deciding to transmit bulk geographic data in XML because we can or implementing RFC3252 with a straight face is just plain wasteful.
Our modern 30-100 Mbit pipes as impressive as they are after you factor in analytic URLs, endless javascript libraries complete with senseless abuse of xmlhttprequest, ad networks, market intelligence and god knows what is in the several dozen calls to other sites when loading a single page from a single site these days and look web sites don't load any faster then they did 10 years ago despite significant investment and improvement in systems and networks over that time.
You're a poster child for Dunning-Kruger: some random on the Internet who thinks he's smarter than the folks who designed a Mars rover that lasted over 10 years past its 90-day expected life.
Not too often but occasionally the stupid get lucky and in some perverted way lack of knowledge and consideration of detail can lead to better outcomes.
After awhile one has to admit having to be careful when you transmit for fears it would even be possible for commands to be misinterpreted or designing something which knowingly continually writes to flash memory using DOS era FAT filesystems is not a winning play no matter how much you throw the reliability arguments at the wall and expect them to stick.
And all those commenting about what they instinctively noticed with their ignorant eyes as curiosity's chintzy wheels turning out to in fact be objective reality.
The engineers might be smarter than us fools and idiots yet it does not automatically follow they were actually correct to make a particular tradeoff or the fools and idiots don't have a point.
Usually best to stick to the facts and make arguments from merit vs accusing people of staying at a holiday inn express last night.
I am a software developer and consultant. I download entire system images (4-8GB), client log files (gigabytes), daily system updates for a number of systems (more gigabytes). I download multi-terabytes per month. If I didn't have an unlimited business plan, I would be out of business. Just getting the headers for my system repositories is multi-megabytes per day per system - 3 Linux and 2 Apple, plus updates for 2 phones.
If you didn't have a fat pipe you would still be in business only difference you would be smarter about how you use the limited resources you could afford.
I'm sorry. I have ZERO confidence that V2V will not have a back door for abuse by authorities, never mind the hacker/crook people.
It might not be all bad... the viral propagation of a V2V worm across the country could end up being quite amusing...especially if infected vehicles began issuing zombie warnings when encountering other infected vehicles.
Propose renaming "Intersection stop line violation" bit in BSM Part II vehicle safety extension element to "Zombies"
In terms of safety impacts, the agency estimates annually that just two of many possible V2V safety applications, IMA and LTA, would on an annual basis potentially prevent 25,000 to 592,000 crashes, save 49 to 1,083 lives, avoid 11,000 to 270,000 MAIS 1-5 injuries, and reduce 31,000 to 728,000 property-damage-only crashes by the time V2V technology had spread through the entire fleet.
These figures are quite amusing... how can the range of estimates vary by several orders of magnitude while concurrently expecting anyone to take anything you have to say seriously?
It's not harmless stringing them along like that. What you're really doing is giving them invaluable experience and training in responding to people who might simply be on the cusp of getting taken.
Acting like an idiot who types slow and has a LOT of questions is not only amusing but wastes time cutting into profits and capacity to contact new victims. As a bonus the experience may help advance your acting career. Ultimately on the job training arguments don't appear to me to carry sufficient heft to outweigh competing arguments. When you hang up and they talk to an honest to god sucker this also counts as on-the-job training.
Remember kids your computer is off, you have to walk slowly down creeking stairs into the basement to turn it on.. and once there it is very old... it takes *FOREVER* to boot. Be sure to express your displeasure with the performance of your computer.
According to the Federal Communications Commission, smartphone thefts now account for 30 to 40 percent of robberies in many major cities across the country. Many of these robberies often turn violent with some resulting in the loss of life.
Consumer Reports projects that 1.6 million Americans were victimized for their smartphones in 2012.
In order to be effective, antitheft technological solutions need to be ubiquitous, as thieves cannot distinguish between those smartphones that have the solutions enabled and those that do not.
Is there something wrong with the water in California? Did zombies, head crabs and giant bugs with straws feast upon brains of lawmakers?
It seems either California is going to single handedly put an end to cell phone theft OR they are going to single handedly further endanger the lives of billions of cell phone users around the world. Which is more likely?
The technological solution shall be reversible, so that if an authorized user obtains possession of the smartphone after the essential features of the smartphone have been rendered inoperable, the operation of those essential features can be restored by an authorized user
...
An authorized user of a smartphone may affirmatively elect to disable or opt-out of enabling the technological solution at any time.
Apparently in order to combat problem of theft of smartphones this law forces thieves to coerce the VICTIM of theft into disabling technological solution prior to walking off with the device making an already dangerous encounter more perilous and traumatic.
The right to free speech does not mean a university has to provide the publishing infrastructure to make that speech.
No shit university can do whatever it wants.. as a result they can expect to be held accountable for propagating indefensible policies. Fact this university is state funded means they have to answer to more than just students.
By logical extension of your standards universities must also provide spray cans so that students can spray paint their thoughts onto the campus buildings.
Slashdot Mirror
Root cert sigs are meaningless, they're self-signatures. They could be zeroed out and most trustdbs probably wouldn't care.
Yes this is true but it doesn't matter.
Cross signing / alternate certification paths can lead to one mans root becoming another's intermediary.
Intermediaries have the same problem with 10+ year validity periods.
When you add decision points about issues the average user has no practical basis for making an informed determination you just make matters worse by adding confusion and uncertainty able to be leveraged by adversaries.
Now instead of secure and not secure.. ideally working and not working... we are hurling FUD and technobabble at users whose day job is NOT technology.
Who am I trying to kid.. .f@#uck...it...ya'll just need more reassuring padlock .gifs to adorn your secure sites.
It should start at the certificate authorities. They should've been planning for sha-1 to be unsupported by x date, and not issuing certificates valid past that date.
Certificate authorities roots also use SHA1 and typically carry validity periods of decades.
Amazing www.google.com and every single link in its trust chain is using SHA-1 signature algorithm.
Tell that to my 10 megaBYTE per second downstream that still has trouble with YouTube sometimes. 4Mbps would be unusably slow on the modern internet, unless you turned off all media, and adblocked everything. Hell, 10Mbps would still feel like drowning in quicksand to me, even for basic web browsing...and I doubt I'm alone.
I can see consumers thinking to themselves hey my 10mbit connection is slow.. websites take a long time to load and shit is always buffering. If only I upgrade to 100mbit it will be faster.. 10x faster...even!!
Perhaps some of the same consumers with Satellite TV service are lining up at bestbuy for their new 4k TVs .. 4x more pixels 4x less macro blocking!!!!!1!!!
If your an ISP filing FCC form 477 broadband **CURRENTLY** means the following:
Broadband Connection: A wired line or wireless channel that terminates at an end-user location
and enables the end user to receive information from and/or send information to the Internet at
information transfer rates exceeding 200 kbps in at least one direction.
While I don't have much of an opinion about definitions... 4Mbps vs 10Mbps there needs to be consistency throughout. The FCC should not get to pick and chose what broadband means based on where in law/rules the term is used.
Which of these is worse?
Freakouts over minor incidents necessitating changing course. Apparently common sense has been brutally slaughtered by terrorists and bureaucratic CYA.
Seeing a profit in pissing off or otherwise making your customers as uncomfortable as possible. How much does it cost per plane to rearrange all those seats again when one of the airlines starts running ads comparing legroom?
*waves magic wand*
Well that didn't work...
TLS/SCTP is the application that no one knows that they need.
Fast open is already shipping in current Linux kernels and you can do the same thing with TLS see RFC5077.
Personally, I think XMPP has the problem solved well enough. Their general architecture is superior to email in terms of verifying that you really know where a message came from, so if you receive spam from user@example.com,
XMPP is embarrassingly similar to email it only seems less spammy because nobody uses it.
...and because each server knows the contact list of its users, it has a good clue about whether that message is spam even before doing any content analysis
Reputation analysis by more voodoo algorithms which assume server is big enough to develop any meaningful clue and not misinterpret results. I'm sick of algorithms... email at the very least used to be reliable...now it is anyone's guess whether a message will be silently dropped for no human understandable reason.
because there's no culture of "spam is an unavoidable problem" in XMPP, nor is there even a culture of "bulk messaging must be allowed" and so no one can even claim ignorance about what their users are doing.
More like a culture of denial. XMPP does NOT meaningfully address spam in any way that matters.
but for now it seems the spammers don't even care about XMPP, probably because email isn't just low-hanging fruit, it's fruit that has fallen from the tree and has been rotting on the ground for years.
Keep on dreamin... they don't care cuz no ones home.
The advantage of SCTP is that it is not a retarded implementation of go back N.
SCTP has all the same limitations as TCP at the SCTP stream level.
Which means it can operate efficiently at high speeds on unreliable networks. Also the channels could be easily and automatically used with HTTP to replace the inefficient pipelining. With TCP something like SPDY had to reimplement channels on a higher level.
This is semantically identical to opening multiple TCP sessions - one for each stream. If you were to lower round trip cost of subsequent session setup in TCP to zero (e.g. fast open extensions) then you essentially have the useful advantage of SCTP without SCTP.
The only benefit SCTP has is multipath failover baked in and you can't even use the extra paths concurrently it only exists as a contingency.
Your statement as shown can be applied to the internal combustion engine, or any other technology. Rejecting any change out of hand without consideration is incredibly sad
There are only so many hours in a day... ignoring/rejecting silliness out of ignorance is often a practical necessity.
Yes it's important to take everything with a grain of salt, but everything should be at least considered.
"Everything" ...sort of...includes magic unicorns and assorted demon things observed while trip-pin' on mushr00ms...
See also trusted Internets, motor/generator free energy machines and application of ternary logic to prevent IPv4 exhaustion.
It only takes one successful change to have a dramatic impact and improve the lives of many.
Well paying out that $25k to play is sure to improve the life of someone.
Whenever someone says "4G" half the time all I hear is "orgy". Is it just me or are other people having this same problem? This all started with the T-Mobile 4G chick and proceeded downhill from there.
Had to pause and rewind the commercials... all I kept hearing was "my touch orgy" .. when I knew consciously she must be saying "my touch 4G" ... I'm clearly going to hell.. and clearly high speed cellular networks are sinful.
Translation, you'd spend more time and effort figuring out how to manager your internet connection that you could have spent earning money by doing productive work. Arbitrary bandwidth limits are a clear-cut drag on productivity.
In the real world we must all deal with arbitrary bandwidth/resource limits there is no escaping it ever.
Every situation must stand on its own merit. It is possible under specific conditions for laziness in the form of insufficient effort to reduce resource utilization end up costing more in productivity and that what you think is freeing you from having to care is actually propagating a sub-optimal working environment.
Deciding to transmit bulk geographic data in XML because we can or implementing RFC3252 with a straight face is just plain wasteful.
Our modern 30-100 Mbit pipes as impressive as they are after you factor in analytic URLs, endless javascript libraries complete with senseless abuse of xmlhttprequest, ad networks, market intelligence and god knows what is in the several dozen calls to other sites when loading a single page from a single site these days and look web sites don't load any faster then they did 10 years ago despite significant investment and improvement in systems and networks over that time.
You're a poster child for Dunning-Kruger: some random on the Internet who thinks he's smarter than the folks who designed a Mars rover that lasted over 10 years past its 90-day expected life.
Not too often but occasionally the stupid get lucky and in some perverted way lack of knowledge and consideration of detail can lead to better outcomes.
After awhile one has to admit having to be careful when you transmit for fears it would even be possible for commands to be misinterpreted or designing something which knowingly continually writes to flash memory using DOS era FAT filesystems is not a winning play no matter how much you throw the reliability arguments at the wall and expect them to stick.
And all those commenting about what they instinctively noticed with their ignorant eyes as curiosity's chintzy wheels turning out to in fact be objective reality.
The engineers might be smarter than us fools and idiots yet it does not automatically follow they were actually correct to make a particular tradeoff or the fools and idiots don't have a point.
Usually best to stick to the facts and make arguments from merit vs accusing people of staying at a holiday inn express last night.
I am a software developer and consultant. I download entire system images (4-8GB), client log files (gigabytes), daily system updates for a number of systems (more gigabytes). I download multi-terabytes per month. If I didn't have an unlimited business plan, I would be out of business. Just getting the headers for my system repositories is multi-megabytes per day per system - 3 Linux and 2 Apple, plus updates for 2 phones.
If you didn't have a fat pipe you would still be in business only difference you would be smarter about how you use the limited resources you could afford.
I'm sorry. I have ZERO confidence that V2V will not have a back door for abuse by authorities, never mind the hacker/crook people.
It might not be all bad... the viral propagation of a V2V worm across the country could end up being quite amusing...especially if infected vehicles began issuing zombie warnings when encountering other infected vehicles.
Propose renaming "Intersection stop line violation" bit in BSM Part II vehicle safety extension element to "Zombies"
They will, or you assume they will? There's a difference...
I know they will.
Besides, who cares how your speeding is detected?
I do. This business of coupling of ends and means is a loosing proposition.
If you're speeding you're speeding. There's no "it's ok as long as I don't get caught"-clause.
Acceptable methods of detection is a critical question for any society of humans. The right to be left alone is core component of the social contract.
In terms of safety impacts, the agency estimates annually that just two of many possible V2V safety applications, IMA and LTA, would on an annual basis potentially prevent 25,000 to 592,000 crashes, save 49 to 1,083 lives, avoid 11,000 to 270,000 MAIS 1-5 injuries, and reduce 31,000 to 728,000 property-damage-only crashes by the time V2V technology had spread through the entire fleet.
These figures are quite amusing ... how can the range of estimates vary by several orders of magnitude while concurrently expecting anyone to take anything you have to say seriously?
It's not harmless stringing them along like that. What you're really doing is giving them invaluable experience and training in responding to people who might simply be on the cusp of getting taken.
Acting like an idiot who types slow and has a LOT of questions is not only amusing but wastes time cutting into profits and capacity to contact new victims. As a bonus the experience may help advance your acting career. Ultimately on the job training arguments don't appear to me to carry sufficient heft to outweigh competing arguments. When you hang up and they talk to an honest to god sucker this also counts as on-the-job training.
Remember kids your computer is off, you have to walk slowly down creeking stairs into the basement to turn it on.. and once there it is very old... it takes *FOREVER* to boot. Be sure to express your displeasure with the performance of your computer.
According to the Federal Communications Commission, smartphone thefts now account for 30 to 40 percent of robberies in many major cities across the country. Many of these robberies often turn violent with some resulting in the loss of life.
Consumer Reports projects that 1.6 million Americans were victimized for their smartphones in 2012.
In order to be effective, antitheft technological solutions need to be ubiquitous, as thieves cannot distinguish between those smartphones that have the solutions enabled and those that do not.
Is there something wrong with the water in California? Did zombies, head crabs and giant bugs with straws feast upon brains of lawmakers?
It seems either California is going to single handedly put an end to cell phone theft OR they are going to single handedly further endanger the lives of billions of cell phone users around the world. Which is more likely?
The technological solution shall be reversible, so that if an authorized user obtains possession of the smartphone after the essential features of the smartphone have been rendered inoperable, the operation of those essential features can be restored by an authorized user
...
An authorized user of a smartphone may affirmatively elect to disable or opt-out of enabling the technological solution at any
time.
Apparently in order to combat problem of theft of smartphones this law forces thieves to coerce the VICTIM of theft into disabling technological solution prior to walking off with the device making an already dangerous encounter more perilous and traumatic.
If you read the details of the story, it becomes quite a bit less sensational.
The details make it worse because not kissing police officers asses resulted in bullshit disturbance charges. (e.g. retaliation)
Not only did the grownups at the school abuse their authority so did the police.
Have to love broad laws willfully designed to make everyone guilty.
When the kings dislike you they need to have a "legitimate" excuse to beat you down and lock you away in their dungeons.
How hard is it to cross compile an application?
The right to free speech does not mean a university has to provide the publishing infrastructure to make that speech.
No shit university can do whatever it wants.. as a result they can expect to be held accountable for propagating indefensible policies. Fact this university is state funded means they have to answer to more than just students.
By logical extension of your standards universities must also provide spray cans so that students can spray paint their thoughts onto the campus buildings.
Censoring content is not spray cans sorry.