Apples and oranges, because the business of Catholic hospitals is not about health insurance.

Catholic hospitals are primarily secular in nature. If I go to St. Mary of the Holy Land of Virgin Blessed Heart hospital for an X-ray of a broken arm, I don't care if the technician is Catholic, Hindu, Zoroastrian, or Pastafarian. I just want the dang X-ray done. Furthermore, the contraception decision is simply that these primarily secular institutions cannot interfere with the individual health care decisions of their employees, who are (statistically speaking) most likely not Catholic (Catholics are only 23% of the US population). The contraception coverage issue is a business decision that mostly impacts the employee, and one's employer should have no say in it since it has no direct impact on one's ability to do one's job. That should be true even if the employer is religiously affiliated, provided that the main societal function of the employer is not religious. Note that I'm not suggesting employers can't make aggregate budget decisions regarding their benefits' packages. Catholic hospitals should (and can) work out those numbers as they see fit. (Curiously enough, covering contraception actually reduces costs for the employer, as that employee wouldn't have to take time off for, you know...having a baby.) Simply put, my employer should not be interfere with my private health care solely on the basis of a moral objection.

And the whole objection of the Catholic hospital paying money for contraception is a red herring. They're paying for it anyways. The only difference is whether they hand the money to their employees (who then forward it to the insurer) or do they pay it directly to the insurer. The end result is simply that the employee has to pay more without direct coverage. So, in essence, the Catholic hospital wants to fiscally shame their non-Catholic employees into following Catholic morality.

A more appropriate comparison would be whether or not a Catholic hospital would have to keep an employee who was handing out Christopher Hitchens books to co-workers.

See my comment above. Shor's paper talks about the discrete log problem for a cyclic group in which the group operation is multiplication over integers. That is, modular exponentiation. There are other forms of ECC that do not use modular exponentiation. It is not entirely clear (to me, at least) whether or not Shor's algorithm would apply to the discrete log problem in other settings.

Yes, but Shor's paper is talking about computing the discrete log within a cyclic group for which the operation is multiplication over integers. ECC (there are actually multiple types of ECC...but that's a different discussion) is built on a different operation. For instance, you can do ECC using bilinear mappings such as the Weil pairing. It is not clear, based on what I've read, whether or not Shor's algorithm would apply to these other operations.

RSA can also be broken by factorization. e and d are selected because of Fermat's little theorem, built on the totient function. That is, ed = 1 mod Phi(n), where Phi(n) = pq. If you know p, q, and e, you can compute d very efficiently regardless of the message encrypted.

Posting as AC, huh? Are you an NTRU Cryptosystems employee?

Here's a paper that surveys a number of quantum resistant cryptosystems. "NTRUEncrypt has also been found to be vulnerable to chosen ciphertext attacks based on decryption failuress [18, 21, 31, 38], but a padding scheme [30], which has provable security against these attacks, has been developed." "A comparatively greater number of problems have been found in NTRU-based signature schemes." "In 2006, it was shown by Nguyen that the unperturbed NTRUSign could be broken given only 400 signed messages [42]."

I'd say that the jury is still out...

Mod parent up. Just because an attack exists in theory does not mean that a potential attacker has the incentives or resources to do it.

For clarification, you are talking about two separate problems. One problem is integer factorization. In the case of RSA, encryption and decryption are done modulo some n = pq, where p and q are large prime integers. While n is public, p and q are private. If you know p, q, and a public key, you can compute the corresponding private key efficiently.

The other problem is computing discrete logarithms (sometimes over a finite field, as in ECC). RSA encrypts message m with a key e by computing c = m^e mod n. The discrete logarithm problem has to do with the hardness of discovering e given knowledge of m, n, and c. Many other cryptosystems (like ECC) do the same thing, but the multiplication operation underlying the exponentiation is different, and those systems do not require that n be the product of two primes. As such, determining the prime factors of n does not undermine the security.

Hence, the security of something like ECC cannot be broken by integer factorization, but can be broken if there is an efficient way to compute the discrete log. As of right now, I am not aware of any quantum algorithm for computing discrete logs.

More than supply and demand? Here's some data from the Department of Education on enrollment statistics (http://nces.ed.gov/programs/digest/2010menu_tables.asp), specifically looking at http://nces.ed.gov/programs/digest/d10/tables/dt10_275.asp:

In 1976-77, there were 1536 private (not-for-profit) and 1455 public colleges and universities, for a total of 2991. In 2009-10, there were 1624 and 1672, yielding 3296. This produces a total increase of 10.2%.

In the same years, student enrollment at private (not-for-profit) and public institutions went from 10,967,775 (2,314,298 + 8,653,477) to 18,575,725 (3,765,083 + 14,810,642). That is a total increase in student population of 69.4%.

In other words, the growth in demand (students enrolled) has significantly outpaced the growth in supply (institutions). That's going to have a far greater impact on the cost of going to college than subsidies (which are arguably small as a percentage of the total cost of education).

(To be fair and thorough, I really should also look up the change in the number of faculty, but I just don't have the time or motivation to do so.)

On the contrary, until 1995, speed limits were regulated by the federal government. Specifically, the National Maximum Speed Law, passed in 1974, prohibited states from setting any speed limit above 55 mph. These regulations stayed in place until Congress repealed them with the National Highway System Designation Act. There was never any argument regarding the Constitutionality of the NMSL.

That's quite a reading of the 10th Amendment you've got there. Too bad it is wholly inaccurate and completely ignores the 200+ years of case law that has been decided ever since...

Agreed. Somehow, two data points (seizure from a guitar manufacturer, and prosecution for improper documentation of a large collection of imported antique pianos) translate into evidence that we live under totalitarianism (Play guitar? Well, you better have documentation about every piece of its manufacturing origins or else!!!).

Sometimes it seems that /., with its sensationalism and knee-jerk anti-government hysteria, is aspiring to be Fox News.

This will clearly work, because we know that no one would ever make accusations in bad faith.

You're under the mistaken assumption that all of government funding and investment works like defense contracting. Believe it or not, there are some segments of the federal government that are very good at funding research based on its merits, rather than political connections. Groups like DoE and NSF have excellent procedures, where proposals are peer-reviewed by experts in academia, industry, and government. And, contrary to your assertion that government involvement interferes with private research, many funding proposals for government research investment comes from private industry. Want some evidence of how government investment can lead to private investment? You can read about the origins of the research that created the foundation for this little company.

You are a living, breathing example of sqrt(2)'s point that, "The people saying we should do nothing are doing so mostly out of an ideological mistrust of government doing anything [emph. added]." You simply make blanket statements about how government programs like this ALWAYS fail and we WON'T have private investment, despite the fact that you have no idea how scientific research funding actually works.

Exactly! When I read the blog post, my first thought was, "Just another troll blogwhoring for attention on Slashdot." So I was a little surprised when I saw the author's name at the bottom. I use Dropbox for presentations that I give, so I don't have to mess with hooking up my laptop. I just use the public terminal, log in to Dropbox and download the file. I've never had to transfer a key or anything. Thus, it's pretty obvious that anybody with access to my account can access my files in plaintext.

Crypto is great and wonderful and all that, but it never exists in isolation. Access control policies, auditing, etc., are also required to have a secure, usable system that is flexible enough to provide the type of mobile access that Dropbox does. I see nothing contradictory about Dropbox's claims that employees cannot access user files directly. It seems to me that the author just never took the time to think about the implications of Dropbox's flexibility.

Much ado about nothing...

I call bullshit.

No. While not specific to Young Earth Creationism, ID is creationism. Go read the Kitzmiller v. Dover Area School District decision. ID is not an attempt to augment scientific knowledge with a more holistic worldview. It is traditional Christian creationism, pure and simple. If you look at the history of the ID movement, there is very clear evidence that it they just substituted "intelligent designer" where they would traditionally say "God." To suggest otherwise is revisionist history.

Those aren't probabilistic terms. Those are analogies. If you want to use probabilistic terms, then you'll talk about things like distributions, random variables, and events.

No, no, no, no, no. You're seriously attempting to conflate ID with genetic engineering? As I said before, ID has a very specific meaning. It is the belief that life is too complex to have emerged naturally, and that a supernatural entity must have interfered or guided the process. It is inherently unmeasurable. How can you possibly build a model, based on the historical record, to determine if a species evolved as the result of a being operating outside of the laws of nature? In the case of genetic engineering, yes, it is possible to build limited models based on our understanding of current environmental conditions. You can look at genetic sequences and identify patterns, etc. But that is not intelligent design.

Look. I'll give you the benefit of the doubt and assume that you're being sincere in your argument for statistical models of evolution as it is happening today. But you need to use a new term. Intelligent design has a very specific meaning based on its history. It is inherently not falsifiable, because it specifically involves the presence of a being (i.e., NOT measurable or provable) acting outside of the laws of nature. Humans are natural beings, so when we perform genetic engineering, that's still a natural event.

Articles like this annoy me, because it assumes that security is binary. Either your system is secure or it is not. That's crap. Security goals are defined relative to the sensitivity of the resources being protected, and to the aims of the organization.

The real problem is not how you are storing your passwords. The real problem, if your organization is trying to protecting something of value, is that you are relying solely on passwords to begin with. Multifactor authentication, intrusion detection/prevention systems, and auditing are minimums for real security. And, hey, if you're protecting something really sensitive, say the control system for a nuclear reactor, then toss on RBAC with separation of duty.

So I really don't care that Gawker got hacked and their passwords leaked, because those credentials should not be sufficient to access any resource of significant value.