Parent post hits nail squarely on head. Just because Random Hopeless CA X is still in a browser's trusted root CA list, should not mean that they can issue certs against my domain that anyone should trust. Placing signed cert public key fingerprints (or even the public key fingerprint of the root CA that actually issues your cert, if you really trust that CA) would make it much harder for an attacker to compromise a well-run, high-value web site (such as gmail.com or a banking web site).

Google did this unilaterally in their own browser, by only trusting the small set of CAs that Google uses when accessing its own web sites. Neat, but not at all scalable, even if Google were motivated to extend that feature to high-value web sites run by other companies.

Grid computing had a similar idea - if you wanted to get your CA's certificate into the bundle of trusted CAs distributed with common Grid software bundles like Globus or VDT, your CA had to have a "signing authority" that limited what certificate subjects it could sign for, which was part of the CA certificate. This meant that even if I compromised Random Trusted Grid CA X, I could not issue a cert that claimed I was from, say, Fermilab, because that cert would not match against the signing authority for that other Grid CA. Commercial CAs would never agree to similar provisions, because that would restrict who they could sell certs to, but the parent post's idea devolves that signing authority down to the people who actually pay for the certificate, which is naturally where that authority should reside.

Best of all, to implement this scheme, you just need to create an appropriate DNS record, add the check to your preferred open source web browser, and start selling the idea to the browser users and web site operators. With luck, the public support for the idea gets it adopted by web site operators (it costs them almost nothing), CAs have nothing to object to because they can still sell certs to whoever they were already selling certs to, and browser users put pressure on the developers to support the scheme. You don't have to persuade everyone to swallow a barrel of crypto-anarchist-libertarian "decentralise everything, storm the Winter Palace, power to the people, right on!" Kool-Aid and destroy the existing PKI CA architecture in order to save it.

Remember, politics is the art of the possible.

It is also true that no person who was ever born has ever had any personal knowledge or experience of any impossible state of affairs. That does not make any impossible thing more possible just because we don't know what it would be like to experience that impossible thing. Or, indeed, help us work out which impossible thing would be more likely.

How about you work out a consensus "God(s) made everything we see just like so" story with all the other religions than the one you happen to cleave to? Because, by the same token you would not necessarily know how to recognise the world as a creation of Brahma, Eurynome and Ophion, Mazda, or the Flying Spaghetti Monster, rather than your god. Who knows, you might end up looking at the world to find evidence of a specific creation story. How would you weigh one religion's claim for justification based on one piece of evidence with other evidence that supports your preferred religion? Or different interpretations of the same evidence? You might need to develop some theories of natural science that let you tell the commonplace from the extraordinary. You will no doubt be relieved to find that there happen to be some quite useful theories of that sort knocking around already, that have been refined for many centuries. Feel free to use them to rationalise however much self-deception you need in order to elevate your creation story over all the others.

I expected a lot from my young children, but I never expected them to bake cookies!

(My wife plays and draws and bakes cookies with my kids too, BTW... sorry, I just couldn't resist the exploitable typo :-)

What I find weird here is that this is being construed as "woo, Intel takes on RISC", whereas the actual situation is "woo, commodity microprocessors can now take on the low-volume, high-margin, high-availability big business end of the computer market". RISC has nothing to do with it - in an alternate universe*, it could have been VAXes running Ultrix that Intel was going up against, and the language would be completely identical. The big deal is that Intel Xeons can now go into systems that compete on high-end features with large, enterprise SPARC and Power systems, and just as importantly, that you can run workloads on the Xeons that you used to run on SPARC or Power systems. This is as much about the fact that Xeons can run Linux or Solaris about as well as SPARC or Power can run their respective Unices, and that the software is available across all three platforms. Not to mention, Xeons can now supplant Itaniums, but let's just dance around that subject thanks very much. :-)

What has happened though, is that in the lazy shorthand of business computing journalism, RISC has become equated with "large SMP machines with lots of HA features produced by vertically integrated companies like IBM, Oracle, HP and Fujitsu." It's a bit like equating V8 with "heavy car with terrible handling and fuel economy" because you happened to be writing about the American car market in the 1950s.

* a universe in which DEC managed to make VAXes actually go fast somehow

Yes... the doctor I saw for my amazingly painful and enormous bursitis, that happened to be next to a skin graze that wasn't healing quickly, implied that I was a panicky wimp when I asked him for an antibiotic prescription in case it happened to turn out to be infected. So I didn't get the prescription filled, and instead drove back out of town to the farm where I live.

Two hours later I was running a fever and driving back into town to get the antibiotics, and a month later I was still taking antibiotics trying to fight off the cellulitis that left my elbow and upper forearm looking like Popeye's from the swelling. I'm glad I got the antibiotics when I did, as a year or so later, a neighbour ended up in hospital for months after getting pretty damn close to multiple organ failure when he tried to to tough out a persistent infection by himself. He needed skin grafts to replace all the skin that died. Got to love this clean country living...

Keeping a cancer cell culture alive indefinitely is not quite the same challenge as keeping a organised colony of differentiated cells performing very different roles alive. For cells to turn cancerous, they must suppress the programmed cell death mechanisms that exist to kill off cells with damaged DNA. Cancer cells don't care about DNA damage at all - they are little defectors in the long-running prisoner's dilemma game that all cells play in a multicellular organism, and the cancer cells with too much damage just get crowded out by the cells that are still able to divide and run their metabolism. The individual cells sure aren't immortal - just like individual bacteria aren't immortal.

It would be interesting to know how often HeLa cultures end up genetically distinct from their parent cultures - how fitting, if a cancer were itself to get cancer...

A few years back, when last I looked, the BSAA (local Australian tentacle/surrogate of the BSA) were treating each PC sold as representing a certain quantity of licensed software that would be in use. They then compared this with some software license sales figures (the accuracy of which is another question), and if there were more deemed licenses in use through new PC sales than there were actual license sales, (guess what! there were!!) then that was their damning evidence that teh piratez were stealing Christmas.

This meant that some 40 staff desktops and 120 teaching laboratory computers at my workplace (a university CS department) which were bought with no OS license and installed with Debian, actually contributed to the BSAA's frothy-mouthed argument that rampant piracy was costing Australia many quality local jobs employing drones to process purchases of software produced overseas by US companies... that incidentally booked most of their profits via subsidiaries based in Ireland, thanks to its low low rate of corporate tax at that time.

So there you have it:
- I am a pirate
- my work was full of piracy
- you probably are a pirate too

because I/they/you have the temerity to buy machines with no OS to run free operating systems and free applications.

Australia - rhymes with failya. :-)

D'oh - thanks for spotting my arithmetic screwup. Serves me right for posting in haste. And you have a great point about how the savings work out w.r.t. marginal tax rates. Consider me corrected...

Yes, after stopping up cracks and installing insulation, solar water heating is the best thing that we can do here in Australia as well - using thermal solar energy to supplant electrical resistive heating is incredibly appropriate. For places without enough sun, there are air-to-water heat pump hot water systems which make more sense than resistive heating for the coastal regions of Australia; they aren't much good for winter in the high country though - we get down to -8 deg C at night, which is nothing compared to lots of Europe and North America, but much lower than the coastal areas. I suspect that the higher humidity at the coast may help a bit too with how much heat you can extract from the (above-freezing) air.

This is not surprising, but not that encouraging either. If you pay for a bit of fancy landscaping and planting around your house before you sell it, you can often improve your house resale value by much more than the cost of the work. Solar also offers a warm glow of righteousness far out of proportion with energy generated.

Where I live (50km south of Canberra, Australia), we're paying ~20 of your Earth cents for a kWh during the day around here, so if you assume 7kWh per day from a 1kW solar installation (not that hard here, as we get a lot of sun), it takes 14 years to earn back $3900. Electricity will certainly go up in cost during that time, but I wonder whether you wouldn't be better putting $4000 into some safe-ish investment and concentrating on reducing your energy usage instead.

For years, I was holding out for Nanosolar or First Solar to get domestic panels out at somewhere nearer to $2/kW and without so much embodied energy in the panels, but they don't look to be interested in domestic sales. Until then, the only reason that panels are cheap in Australia is because of very high government regulated feed-in tariffs and purchase subsidies, which are just middle-class welfare masquerading as a renewable energy policy.

Until the government killed the program, there were businesses here doing energy efficiency assessments to see if houses qualified for interest free government loans to improve energy efficiency or install solar systems. An interview I heard with one assessor gave the impression that most houses had considerable inefficiency to rectify before it made any sense installing generating capacity. New Australian houses are still much less insulated than new houses in northern Europe or North America, rely too much on resistive electrical heating for the house and for the hot water supply, and the current fashion for building faux-Mediterranean rendered boxes with no roof overhang guarantees high cooling costs in summer. Old Australian houses often had no (as in, ZERO) insulation in them. Visitors from northern Europe are amazed at how uncomfortable and slapdash many of our houses are.

From the summary: "prototype phonic gear" - are they going back to speaking tubes like the ones on old ships?

Perhaps you meant to write "perhaps you meant"?

Or perhaps you were meant to write that by vast forces beyond your control, which acted through you to correct that misuse?

Seriously, folks, it's best to read your posting carefully if the whole reason for your posting is to encourage correct English usage.

Enough with the meta-pedantry, on with the nerdy reminiscences of old-school CGI... anyone who thinks that the original Tron graphics look cheesy should read more about what went into that film; when I saw that film in 1982, it was far ahead of anything else that had been done with computer animation in the mainstream media.

When you understand how much traditional effects and animation handiwork went into fusing the CGI with the actors and animation, it's clear that the film effects were as good as you could make them with that technology at that time. With a bit better script, it could have been a much better film.

You obviously never used the Sun Member Support Center. Getting a report on your installed base felt like one of those children's book with the 45rpm record that would read a few words to you and then play a xylophone note when you should turn the page:

20 rows of results... ding! Turn the page!
Another 20 rows... ding!
Losing will to live... ding!

...with no apparent way to export the data as a big file. Wow, who would have thought that the big future of computing was somebody copying and pasting rows of data from a #$)@ Web app.

If only Sun had spent less time on all their zero-revenue "Project [some fancy name]" boondoggles, and more on Project Let's Not Piss Off Our Existing Customers.

Linux fdisk or GNU parted - change the units to sectors and you can then print the partition table out in raw sector LBA offsets.

There's another gotcha for FAT filesystems on SDHC, in that the filesystem metadata at the start of the partition has no natural power-of-two alignment. If you look into the FAT filesystem that a digital camera puts on an SD card when you format it, I suspect that you'll see a bunch of reserved sectors as padding before the FATs, to ensure that the first data sector lines up nicely with a flash write cell.

Wikipedia gives this lovely formula in their description of the FAT filesystem:

The reserved sectors field is 2 bytes, which allows padding of the alignment of the start of the data clusters to NAND flash write blocks, or even possible an erase block if that would somehow help. (erase blocks on a cheaper Intel SSD are 512kB, not sure about the sizes on SDHC cards or thumb drives).

Ummm, nothing? I already got whacked by the cluebat, but I'd be happy if others could be spared the same pain.