After reading though their paper and getting a better understanding of the exact protocols etc. I can say assuredly that this method of protecting a database from use-after-theft is pointless.

Here is my reasoning (Ignoring the possible patch to allow pre-knowledge authentication for now, as that leaks way too much information);
1/ The whole system relies on the use of a threshold system of password login attempts to dynamically build the in-memory database decryption key.
2/ That can either happen by one or more administrators attempting login after restart or by using a queued user authentication stack.
3/ In their own FAQ they state that weak passwords should be avoided as this weakens the system.

My assertion is that any real world use of this system is open to humans picking passwords, and humans are really bad at that. That being so, if I were to run an SQL injection to steal the user table I would do the following:-

a) From a dictionary of common "non-weak" human passwords (see recent thefts for the list) pick a password.
b) Run it using the sites hash, using the record salt against every entry, producing a possible hash Hp.
c) XOR that with the hash in the table to get a possible Shamir share Sp.
d) pick random lists of Sp and combine (derive constant from equasion) to see if a statistically significant number of entries agree on a table key C and the share ratio R.
e) If not successful, rinse and repeat with another password and/or repeat to confirm C.

This algorithm should under any normal use derive C in quite short order provided there are at least R+1 repeats of any provided password guess.

May I ask the counterpoint, is there a country anywhere that uses only metric ISO units?
Here in Canada we still put $/lb on food items, In the UK all the road signs are in Miles and speedometers are in Miles/hour and I do not know of anywhere that the weather report is given in Kelvin, as it should be. Is it just me or does a balmy 293K sounds much better that 20C.

Is it even possible to close an open source project? If the license allows derivatives under the same license then would not the community create a Fork and start developing from that?

Thinking of starting a pressure group National Ringer Association with the aim of supporting sensible mobile pricing, no contract lock-ins, no data caps etc.

The rallying cry directed at the CRTC and voiced by a passionate Canadian celebrity would be:

'You can have our wind mobiles when you can prize them from our cold dead hands!'

In closing may I add that if it was not for the greedy governments running practically fixed auctions for spectrum that results in massive bids, then Wind would not have been forced to go outside Canada to find the extra funding. There was a time when all spectrum was licensed for an agreed fee that only depended upon factors affecting the support of that licensing.

Disclaimer: The above in no way should be confused with the National Rifle Association or its aims, it is recognised by the author that a strong society can only proceed upon the premiss that ownership and use of lethal weapons of all kinds must be closely controlled by sensible laws, and that includes your Hummer Mr. I'm going to occupy two lanes of the 401 at a time.

I have tried several ways but the download link to the android market is a 404 here in Canada. Is this a shared result or should I report it to Skype?

There is much missing from the above, the current ISO9001 certification ISO9001:2000 has other requirements for a 'Quality Management System' above what was stated already. Much of it boils down to something similar to above:-

'Say what you do', 'Do what you say', 'Measure them both', and 'Offer proof of ongoing improvement in the customers perception of quality'.

Anyway, so the question as asked. There are many products out there that state ISO9000 document control conformity, my company used several including Sharepoint and a very restrictive system called Quality Workbench.

My opinion is that if you want an easy life, go for something very restrictive and conforming. Your Quality Assessor will love you (I was one) and its an easy tick in the box. BUT, your colleagues will soon hate you and loath the very ground on which you walk for making their life harder. That will in the end result in them bypassing the standards to get the job done. So make their life easier and yours a little harder and use something more human, my current favourite is a good Wiki, and before you go moaning that a wiki cannot for the core of an assessable document control system just think. Its all in the definition!

If you define the document control system as a fluid, managed system where each interest party is kept informed of managed changes then that can be a wiki. Every change is tracked, notified and can be discussed, inline at any time then it seems to me that it is the system of choice. You will though spend much time with the assessor explaining al your control methods.

I remember a posting about a solution called Vanish see ( http://vanish.cs.washington.edu/ ), that produces an encrypted email where neither the sender or recipient has the key and due to the nature or the cloud P2P key storage system the email becomes unreadable some 8-9 hours after creation. Using this idea with and a small access key protected application running on a remote server. It would allow me to store encrypted data on Amazon S3 for example in such a way that if I fail to access the volume at least once every 8 hours the volume key expires. This way, if I am arrested and held for more than 8 hours - period to last access, before questioning (which is likely) I can give law enforcement the access keys to my server application to extract my encrypted volume which will by that time have expired. This I can comply with the law, follow all their instructions and yet still not give them access to secret information. The only two proviso's being that the keys expire before I am asked and that I am allowed to keep silent until a question is asked without that in itself being incriminating. i.e. 'You do not have to say anything, but it may harm your defence if you do not mention, when questioned, something which you later rely on in court. Anything you do say may be given in evidence.'

Did the former US ambassador to Japan really say: "Six of the G-7 countries have found ways to protect the innocent from being prosecuted for possession of child pornography. " Or is this a typo / misquote? I ask because this because it seems to me that the US as one of the G-7 has found many ways to prosecute the innocent, 'Sexting' prosecution of minors for one. They also made the law so strict in the US that even law enforcement cannot possess this material for use as enforcement samplers, having to rely on the dubious merits of File Hash comparisons (which are not provably unique).

None of this makes any sense in this 24h, online world. Why not just abandon the whole timezone illusion altogether.

For the purpose of timekeeping and keeping everyone in sync, have everyone use Universal Time (UT) or GMT which is more or less the same thing. The military have done this for years calling it Zulu time.

For working days, everyone adopt flexy-time dependant on who and where you have to report with is. Go in at a time that suites you and work your agreed hours.

For media, release programming, world wide at a specific time (we are going to timeshift anyway) so why not take advantage and shortcut the cross border pirates grabbing media early.

Advantages:-

No rush hours = fuel savings + less accidents + lower stress levels.

International Trade improved by knowing when a meeting starts and being there.

Education, once taught in schools that the position of the sun related to the clock depends on where you are then every child will now have an accurate mental image of our rotating world. Thus being able to see us a one world, one people, clinging to a thin veneer of habitability on a fragile world.

That way at least if they survive our mistake, the next generation will not repeat them.