This handy fact may help when comparing the sizes of heathen litres to USofA liters :

miles-per-gallon are equivalent to furlongs-per-pint

Strangely (...) this works for both USofA gallons and Ye Olde British Imperial gallons (even though they have slightly different volumes), which just goes to show how very very wise The Ancients were when they dreamed up their weird, unpronounceable and difficult-to-manipulate-arithmetically system of units.

Of course this depends on American furlongs being the same length as Imperial furlongs ..... a British cricket pitch is one chain long, and as we all know, 10 chains make a furlong .... how many chains long is a baseball pitch ? :)

Why yes .. thanks very much ... I will have a drink for my trouble - I'll have 1/6th of a gill of your American sippin whisky tipped over an acre of ice please ;)

I think it's about time reference was made in this discussion to the statement of need made by Uncle Phil Zimmerman at the beginning of his original PGP 2.x User Manual :

Why Do You Need PGP ?

• Privacy is as apple-pie as the Constitution.

  Perhaps you think your E-mail is legitimate enough that encryption is unwarranted. If you really are a law-abiding citizen with nothing to hide, then why don't you always send your paper mail on postcards? Why not submit to drug testing on demand? Why require a warrant for police searches of your house? Are you trying to hide something? You must be a subversive or a drug dealer if you hide your mail inside envelopes. Or maybe a paranoid nut. Do law-abiding citizens have any need to encrypt their E-mail?

  What if everyone believed that law-abiding citizens should use postcards for their mail? If some brave soul tried to assert his privacy by using an envelope for his mail, it would draw suspicion. Perhaps the authorities would open his mail to see what he's hiding. Fortunately, we don't live in that kind of world, because everyone protects most of their mail with envelopes. So no one draws suspicion by asserting their privacy with an envelope. There's safety in numbers. Analogously, it would be nice if everyone routinely used encryption for all their E-mail, innocent or not, so that no one drew suspicion by asserting their E-mail privacy with encryption. Think of it as a form of solidarity.

And much much more, of course. It all sounded like a very sane stance when I first read that, so I tried to do exactly what he recommended. Of course, almost nobody else tooled up to deal with my highly secure bar crawl plans, so it was a waste of time. PGP tools for email back then were very primitive, but they're a lot better now ... it shouldn't be beyond us all.

You're almost right, but you're wrong about the lack of need for verification. The fact that she can decrypt the email which was encrypted with her public key obtained from a keyserver simply means she is in possession of the corresponding private key, not that she really is [the right] "Jane Doe" ... you might be beginning a correspondence with a spook. To verify that she is the person she is supposed to be (and not some Black Ops team MITM'ing her), the public keys must be verified, either by exchanging them in person in the first place, or by reading out key fingerprints over the phone if you would recognise her voice.

If John and Jane both get each other's public keys from a repository, and fail to verify them, then both keys may be bogus keys uploaded by MITM Bad Guys. This was well described by Phil Zimmerman in the original PGP 2.x User Manual

This is the other part of the PGP web-of-trust concept that most geeks I know don't quite get. When I countersign your key, I'm signing it to say that you really are the person you say you are (or rather "this key really does belong to the person it claims to belong to"), and NOT you are a person who can be trusted. So I must NOT countersign your key unless/until I'm really sure it's your key - which needs the key verification step to have been performed.

Unfortunately, most IT people I know who've ever been persuaded to try PGP just merrily get busy countersigning all the public keys they acquire, whether or not they've verified them. It doesn't help that some PGP email client software insists that you only use 3rd party public keys you're certain of, and won't let you pick an unverified key - so users will often just sign the 3rd party key to say they're certain of it so they can click 'Send' on the email.

Relatedly, I often suspect my colleagues don't even read the question you get asked when signing a key, which says "How strongly do you believe this person knows how to use PGP properly ?"

It is actually quite tricky to use PGP carefully enough to gain the full web-of-trust benefit - although I agree you can do what many folks do, and just ignore all that key-signing stuff, and wing it :)

Sigh ...

It's not specifically Americans - it's capitalism (or "unhealthy love of money"). The problem with Americans (generalising like mad here of course) is that they sure do like the ostensible benefits of capitalism, and often fail to see the consequent drawbacks, but the same problem affects (infects) many other western countries these days.

I remember years ago watching an interview with the chairman of Rio Tinto Zinc (RTZ), in which he was being given a hard time about how RTZ was digging up aboriginal sacred burial grounds to look for uranium. His reply, with an apparently straight face, was "What we are doing is not illegal, and as chairman my responsibility is to my shareholders to deliver the maximum profit possible".

He simply couldn't see the immorality (or at least amorality) of the company's actions - or if he could then he simply didn't care, so long as the profit was good

Capitalism doesn't do morality - it just does money. Transcending this is an evolutionary step that must be made if humanity is to have any future.

ISTR Paris Hilton's phone's password turned out to be just the name of her dog, or something equally stupid ... which wouldn't require hacking, just a lucky guess.

As most of us here understand, mobile voicemail hacking just requires brute-forcing a PIN - 4 digits in the case of UK cellphones ... or just 2 digits in the case of my home ansafone :-)

So there isn't much security on a cellphone's voicemail to criticise in the first place.

Thanks very much ! .... Now downloading ... (please don't hurt me Midway)

PS: I'm gonna be really surprised if it turns out nobody has ever implemented a native-mode clone or look-a-lot-alike ...[thinks] ... hmm, a project for me maybe

Sorry to hijack the topic like this, but availability of an audience of evident fans of the genre is too good an opportunity to miss, so .... does anyone here know of a good implementation of Space Invaders for the PC (Linux or Windows would do) ? .... one with reasonably faithful reproduction of the original action, graphics and sounds (it doesn't actually have to say "Taito" at the top tho'). I'd even pay :)

Cheers

Is Tbird 3.x end of life like FF4? I can still see some 3.1.11 versions for some languages, but English is 5.0 only, and it doesn't seem that anything has 3.1.12 or 3.2

You can get some of the older releases here :
http://releases.mozilla.org/pub/mozilla.org/thunderbird/releases/
(most of the major releases anyway ... there's 3.1.11 and 3.3a3 but no 3.2)