are 104 liters equal to 39 litres?
This handy fact may help when comparing the sizes of heathen litres to USofA liters
miles-per-gallon are equivalent to furlongs-per-pint
Strangely (...) this works for both USofA gallons and Ye Olde British Imperial gallons (even though they have slightly different volumes), which just goes to show how very very wise The Ancients were when they dreamed up their weird, unpronounceable and difficult-to-manipulate-arithmetically system of units.
Of course this depends on American furlongs being the same length as Imperial furlongs
Why yes
my e-mails have no worth and no one in their right mind would want to read them in the first place
I think it's about time reference was made in this discussion to the statement of need made by Uncle Phil Zimmerman at the beginning of his original PGP 2.x User Manual
Privacy is as apple-pie as the Constitution.
Perhaps you think your E-mail is legitimate enough that encryption is unwarranted. If you really are a law-abiding citizen with nothing to hide, then why don't you always send your paper mail on postcards? Why not submit to drug testing on demand? Why require a warrant for police searches of your house? Are you trying to hide something? You must be a subversive or a drug dealer if you hide your mail inside envelopes. Or maybe a paranoid nut. Do law-abiding citizens have any need to encrypt their E-mail?
What if everyone believed that law-abiding citizens should use postcards for their mail? If some brave soul tried to assert his privacy by using an envelope for his mail, it would draw suspicion. Perhaps the authorities would open his mail to see what he's hiding. Fortunately, we don't live in that kind of world, because everyone protects most of their mail with envelopes. So no one draws suspicion by asserting their privacy with an envelope. There's safety in numbers. Analogously, it would be nice if everyone routinely used encryption for all their E-mail, innocent or not, so that no one drew suspicion by asserting their E-mail privacy with encryption. Think of it as a form of solidarity.
And much much more, of course. It all sounded like a very sane stance when I first read that, so I tried to do exactly what he recommended. Of course, almost nobody else tooled up to deal with my highly secure bar crawl plans, so it was a waste of time. PGP tools for email back then were very primitive, but they're a lot better now
if you sign and encrypt emails, you don't have to verify the keys, that's done automatically:
John Smith wants to send Jane Doe an email, so he looks up her public key at an online key repositoy.
He uses her public key to encrypt the email and his private key to sign it.
She receives the email and decrypts it with her private key, validating his signature using John's public key she looked up in the key repository. If her public key (used by John to encrypt the email) had been spoofed in the repository, she wouldn't be able to decrypt the email with her private key.
You're almost right, but you're wrong about the lack of need for verification. The fact that she can decrypt the email which was encrypted with her public key obtained from a keyserver simply means she is in possession of the corresponding private key, not that she really is [the right] "Jane Doe"
If John and Jane both get each other's public keys from a repository, and fail to verify them, then both keys may be bogus keys uploaded by MITM Bad Guys. This was well described by Phil Zimmerman in the original PGP 2.x User Manual
This is the other part of the PGP web-of-trust concept that most geeks I know don't quite get. When I countersign your key, I'm signing it to say that you really are the person you say you are (or rather "this key really does belong to the person it claims to belong to"), and NOT you are a person who can be trusted. So I must NOT countersign your key unless/until I'm really sure it's your key - which needs the key verification step to have been performed.
Unfortunately, most IT people I know who've ever been persuaded to try PGP just merrily get busy countersigning all the public keys they acquire, whether or not they've verified them. It doesn't help that some PGP email client software insists that you only use 3rd party public keys you're certain of, and won't let you pick an unverified key - so users will often just sign the 3rd party key to say they're certain of it so they can click 'Send' on the email.
Relatedly, I often suspect my colleagues don't even read the question you get asked when signing a key, which says "How strongly do you believe this person knows how to use PGP properly ?"
It is actually quite tricky to use PGP carefully enough to gain the full web-of-trust benefit - although I agree you can do what many folks do, and just ignore all that key-signing stuff, and wing it
Sigh
I tend to look at your statement as part of a big problem with Americans. You can rationalize any number of clearly unethical or immoral situations by either stating, "...it's not illegal..." or "...XXXXXX does the same thing
It's not specifically Americans - it's capitalism (or "unhealthy love of money"). The problem with Americans (generalising like mad here of course) is that they sure do like the ostensible benefits of capitalism, and often fail to see the consequent drawbacks, but the same problem affects (infects) many other western countries these days.
I remember years ago watching an interview with the chairman of Rio Tinto Zinc (RTZ), in which he was being given a hard time about how RTZ was digging up aboriginal sacred burial grounds to look for uranium. His reply, with an apparently straight face, was "What we are doing is not illegal, and as chairman my responsibility is to my shareholders to deliver the maximum profit possible".
He simply couldn't see the immorality (or at least amorality) of the company's actions - or if he could then he simply didn't care, so long as the profit was good
Capitalism doesn't do morality - it just does money. Transcending this is an evolutionary step that must be made if humanity is to have any future.
ISTR Paris Hilton's phone's password turned out to be just the name of her dog, or something equally stupid
As most of us here understand, mobile voicemail hacking just requires brute-forcing a PIN - 4 digits in the case of UK cellphones
So there isn't much security on a cellphone's voicemail to criticise in the first place.
Thanks very much !
PS: I'm gonna be really surprised if it turns out nobody has ever implemented a native-mode clone or look-a-lot-alike
Sorry to hijack the topic like this, but availability of an audience of evident fans of the genre is too good an opportunity to miss, so
Cheers
Is Tbird 3.x end of life like FF4? I can still see some 3.1.11 versions for some languages, but English is 5.0 only, and it doesn't seem that anything has 3.1.12 or 3.2
You can get some of the older releases here
http://releases.mozilla.org/pub/mozilla.org/thunderbird/releases/
(most of the major releases anyway
People who go to conferences are the ones who shouldn't.