The problem, even with a spinal cord cut intentionally and carefully, is that the surgeon has no way to know what connections in the head go to what connections in the body.

It sounds like he's simply hoping it all sorts itself out somehow. Or maybe that the brain could eventually remap everything. Seems unlikely. Especially within two years.

Soulskill, thank you for letting us know, and for the effort.

Some problems I am having:

• I can't get to my account settings. Right now I get a pop-up of article category choices.
• I can post to a story that I posted to yesterday. This has actually been true for some time. I get a "you can't post to this page" message. Perhaps it is due to some issue with the ISP's invisible proxy? This means I can't ever follow-up when I get a reply.

I'm not rejecting Noether's theorem -- I'm rejecting temporal invariance. Spacetime is dynamical, therefore not invariant, etc., etc.

You can definitely torture the definitions of words until you reach a kind of invariance, but I feel this creates more problems than it solves. Better to just say, "conservation of energy only holds true for static backgrounds."

See Sean Carroll's "Energy Is Not Conserved" blogpost for a more detailed explanation. He convinced me to stop talking about the energy of the gravitational field as the escape hatch for conservation. :)

It's commendable that you want to pass on wisdom. But I suspect your daughter isn't going to miss your wisdom anywhere near as much as she's going to miss you. What is it that makes you so uniquely you?

For example: I have some really strong memories associated with science fiction, particularly Poul Anderson's Tau Zero. So I might record myself reading Tau Zero, and whenever I reached a passage that really resonated with me I might go into a long digression about why it resonated with me, and things in my life and history that also strike that same thematic note. By the end of it, she would know not only that I loved Tau Zero, but she'd know a lot more about me and why I loved it and why it spoke to me and why, with only six good months left, I'd choose to spend six hours of it recording it for her.

Wisdom is overrated. It really, truly is. It's valuable but it's not the best thing out there. And I say that as the son of a father who has the keenest mind I've ever known, a guy who has enormous life experience and wisdom and has shared it with me freely throughout my life. If-and-when he goes, I'll miss his wisdom a lot. But I'll miss him more.

The most important gift you have to pass on to your daughter isn't your wisdom. It's you.

First, the complexity of the engine shouldn't matter. You will never get the bulk of users out there to use, or care about, the real power of the engine. They don't want to mess with the engine. The engine should be under the hood, in a black box, whatever engineering metaphor you want. Users just want things that work.

I remember way back when I was at university. There were various absolute rules for good software engineering. The first was that the user should be presented with a must-read manual no longer than one paragraph. Tips and tricks could be more extensive, but that one paragraph was all you needed.

The second was that the user absolutely must not care about how something was implemented. In the case of encryption, I take that to mean, in the case of e-mail, that the engine should not be visible outside of configuration. A supplied key should trigger any behind-the-scenes compatibility mode or necessary configuration to talk to that user. If the keys the user has aren't suitable to correspond with that person, the system should ask if one is needed and tie it to that protocol.

There should be no extra controls in e-mail, except at an advanced user level. If a key exists to correspond with a user, it should be used. If a key exists for inbound e-mail, the key should be applied. The process should be transparent, beyond getting passwords.

Any indexes (particularly if full indexes) should be as secure as the message, good security practices on both will take care of any issues.

Ideally, you want to have the same grades of authentication as for the early certification system, adapted to embed the idea that different people in the web of trust will have done different levels of validation and will be trusted to different degrees. The user should see, but not have to deal with, the level of trust.

Last, GnuPG is probably not the system I'd use. Compatibility cruft needs to be as an optional layer and I'm not confident in implementation.

There should be eight main libraries - public key methods, secret key methods, encryption modes, hashes (which encryption modes will obviously pull from), high level protocols, key store, index store and lacing store. (Lacing is how these are threaded together.) The APIs and ABIs to those libraries should be standardized, so that patching is minimally intrusive and you can exploit the Bazaar approach to get the best mix-n-match.

There should also be a trusted source in the community who can evaluate the code against the various secure and robust programming standards, any utilized theorum provers and the accepted best practices in cryptography. Essentially replicate the sort of work NIST does, but keeping it open and keeping it free of conflict of NSA interest.

I think the Gemalto response seems reasonable, actually. The documents suggest they weren't doing anything more sophisticated than snarfing FTP or email transfers of key files, which Gemalto say they started phasing out in 2010. And the documents themselves say they weren't always successful.

NSA/GCHQ are not magic. They do the same kind of hacking ordinary criminals have been doing for years, just more of it and they spend more time on it. If Gemalto are now taking much better precautions over transfer of key material and the keys are being generated on air gapped networks, then it seems quite plausible that NSA/GCHQ didn't get in. Not saying they could NEVER have got in that way, but these guys are like anyone else, they take the path of least resistance.

Besides, it's sort of hard for them to do something about a hypothetical hack of their core systems that they can't detect and which isn't mentioned in the docs.

How do you know how useful it is if you've never thought about how many people use it?
It's still potentially useful even if nobody else uses it; you can at least show later on that you or someone with access to your private key signed something.

Why use gpg instead of s/mime, which has native support in most e-mail programs, with no need for plugins? S/MIME relies on centralized key servers or opens itself to man-in-the-middle attacks. You can hand-authenticate individual CAs with some effort, but there's no equivalent to PGP's web of trust. And CAs are single points of failure, making them extremely desirable points of attack. Marlinspike, of course, has developed his own proposed solution to the CA problem: http://en.wikipedia.org/wiki/C... It's up to the reader whether this contributes to his credibility on the issue because he knows what he's talking about and has taken the time to contribute code to help fix the problem, or whether he's someone with his own personal dog in the fight and hence has an ulterior motive in denigrating PGP's trust model.

You are confusing the medium with the message. That's how you end up with crappy greeting cards.

I like being able to see whether I can sleep for an hour more without fumbling around.

You need one of those ceiling projector clocks. I've had one for years and it's the nuts. Just look at the ceiling to see the time.

oil will be back in the triple digits soon enough, almost definitely by Memorial Day.

Almost definitely? You know if you're that sure you could make enough money to retire by buying oil futures. It's not as predicable as you make it out to be.

It's hilarious. For a moment I wondered if the transcript is even real. This makes Eliza look sophisticated.

Q: Which of those countries should we give backdoors to?

MR: So, I’m not gonna I mean, the way you framed the question isn’t designed to elicit a response.

AS: So you do believe then, that we should build those for other countries if they pass laws?

MR: I think we can work our way through this.

AS: I’m sure the Chinese and Russians are going to have the same opinion.

MR: I said I think we can work through this.

He seems to believe, "I think we can work through this" is an acceptable answer to a simple yes/no question. The guy doesn't even have a coherent answer to one of the most basic and obvious questions he could possibly be asked. I thought Comey did a poor job of explaining his position but this takes it to a whole other level.

Why would people not report a SIM as stolen currently? They have every incentive to. They'd need to do so, to get their old number back anyway.

But seriously, if you're a terrorist, you're not going to be fazed by just doing some street muggings to obtain cell phones first. It doesn't matter much if the cards get de-activated a day later. Heck, just point a gun at a SIM vendor and force them to activate the cards with fake data. If the vendor doesn't have the IMSI codes for every SIM in their inventory, they can't even report them as stolen.

.... solution is more registration?

You have to understand. Brad is old and forgets things. You can tell by his user ID. So to him, these jokes aren't redundant, it's like they're bran....hang on, what were we talking about?