But why bother with the charade? In other police states, people disappear with no reason. There is no secret court. There is no "process". They just do what needs to be done. Opposition politicians, investigative journalists, enemies of those in power, and, in many cases, friends of those in power are arrested one day and never heard from again. That hasn't been happening. Stupid cowboy shit like bugging the phones of world leaders, yes. Compelling the secrecy of secret surveillance, yes. But as far as I know, the Feds aren't shredding the Bill of Rights (outside of airports, but that's a special case of its own--you can fly anywhere without being searched, just not on a major carrier).

So are we at the end of a 12-year transitional period that spans two administrations? OR is all of this cloak and dagger stuff considered genuinely necessary by a law enforcement apparatus that really really wants to operate legally but feels that tipping off criminals will make them impossible to catch?

Gag orders are as undemocratic as it gets, and way too blunt an instrument for a society that can and should have come up with a more refined successor to the PATRIOT Act by now. But there isn't anything reported so far that is inconsistent with the law -as written-. Declaring the Constitution null and void based on the actions of the NSA and FBI to "Intercept and Obstruct Terrorism" is a bit premature, given that they are doing so with the blessing of Congress.

No, you can't sue the government.

Because if you could, we could shut down NSA wiretapping in a heartbeat by bringing a massive class action suit against them, where every victim of a crime that could have been prevented by NSA surveillance between 2005 and 2013 would be a member of the class.

If you ever watch "Person of Interest" that's exactly the kind of crimes I'm talking about -- the "irrelevant list" of criminals that are ignored because they don't touch national security.

What the hell good is a police state if we still have violent crime in our everyday lives? The government should be held accountable for not enforcing the law if they have the ready means to do so.

And yes, this is somewhat tongue-in-cheek, because of course that kind of society would be *monstrous* without real reform of many areas of law. But the fastest path to reform is when rich, powerful people (and their children) are arrested with the same frequency as poor, powerless people. Wealth and power provide the means to hide from traditional law enforcement, but not from the kind of data mining that the NSA is (theoretically) doing.

Then again, imagine how much safer it will be to skate, skateboard, cycle, fly kites, walk the dog, or participate in just about any other form of exercise that happens to take place on or near a roadway. If cycling deaths drop with the same rapidity as automobile deaths, cycling will become A LOT more appealing to risk-averse people. Walking/cycling/etc to music will also become safer, and music encourages more strenuous activity.

There is also every chance that you'll get more casual exercise, just by having more free time and less stress.

This is a really interesting point.

But the fleet could simply drive itself back out of lower Manhattan to areas with cheaper parking/storage facilities. After all, the "reverse commute" is usually pretty light. Also, a large percentage of driverless cars would make multiple inbound trips since people's workdays start at different times. The problem is not dissimilar to what already happens with the taxi and limousine fleet.

Now, if you wanted to own your own driverless car, then it gets interesting. Since you're going to pay for parking for the car, you have an incentive to send it back out of the city to your home garage, or at least to a cheaper parking space across the river. There is absolutely no reason for you to park your car, er, have your car park downtown just because that's where you work.

This seems really complicated. Why not just track the RFID signature generated by the various parts of the car which are tagged? Tires, replacement parts, items in the trunk, ID badges on the passengers....

Except for the part where if you control the domain registration you can have a new SSL cert issued within minutes.

Oh, and I get it now, duh. The idea is that if GRC's server sees the same fingerprint you do, then you're good. Nice hack, and something you could do yourself with your own cloud server.

But what if it doesn't, and the reason is that Google is using different certificates for different regions?

Well okay, but someone could build a *much* better version of that. And mirror it out to other sites. How do you know you can trust the certificate of grc.com?

But as a proof of concept for what all secure site operators and their Certificate Authorities should already be doing, yeah.

Yes, there is a simple solution.

Google should post, in a permanent, obvious location, a list of the SSL Certificates they are using along with the certificate fingerprints.

This list should be mirrored by other parties and the issuing CA to prevent the problem where someone with a forged cert can post their own list. They could also mirror the list in DNS TXT records.

This should be standard for every well-known site that uses SSL, and it should be a service provided automatically by every Certificate Authority.

I'm sick to death on non-transparent CAs. Publish the certs you sign. Publish your revocation lists. Stop assuming that no one understands what you do or that you don't have a responsibility beyond lining your own pockets.

I was in my early 20s when Myst came out. The visual design turned me off, it looked like someone's coked-out New Age fantasy come to life. Like a wine bar on steroids, all brass rail and ferns and bubbling water. No thanks.

Now, "The Neverhood", on the other hand... that was like being dropped into the middle of a Gumby adventure. That game rocked.
http://en.wikipedia.org/wiki/The_Neverhood

I know, off-topic since not an open world game. But it was puzzle-solving and on CD-ROM, so...

Layman's answer:
It's trolling when the party seeking to enforce their patent rights has no intention of selling an actual working implementation on the open market.

If the purpose of your company is to make money by licensing an idea, rather than selling a product or service that incorporates that idea, then you're a troll. The system shouldn't allow you to feed on other companies and individuals that are using that idea in their own products or services.

Nobody cares if an inventor sells a patent to a manufacturer or a service provider who will actually use it, that's how the system is supposed to work. But holding companies and the builders of defensive portfolios should have no place at the table.

Also, just because business has been conducted a certain way up till now, doesn't mean that's the best way to conduct business. Thomas Edison wasn't a saint, he ruthlessly exploited the inspiration and perspiration of everyone who worked for him and went to great lengths to crush his competitors. WE CAN DO BETTER, is the point.

Newsflash: If you run servers in Amazon's cloud, you have to trust Amazon.

There's no flaw in AWS that enables this hack by untrusted parties. You have to have access to the AWS account in order to clone a volume, just like you'd have to have physical access to a physical server to clone a volume.

The only interesting point here is that an Amazon employee could do this without you knowing it. But come on, how obvious is that? Their sysadmins could do a lot more than just clone your hard drive and change the password, you know.

Thanks for updating chntwp, though.

Or the code comes from a known-good set of files on your local drive, and only the encrypted data is transferred to and from the cloud.

HTML + CSS + JavaScript files == open source. As long as you load them using a file:// URL you can know what exactly you're getting.

This is preferable to an extension which is a) compiled and b) could access every page my browser visits.

A real fix to this problem would let me download the js and html and whatnot once, as a signed archive, and use your application from a file:// url on my computer.

In other words, the only thing that would come from a server from session to session is the encrypted data file. No application code. No HTML. Just the data.

It's a lot more like a traditional application, except that it runs in the browser and the source code is right there for me to look at.

It takes a lot of light--A LOT of light--to grow big, healthy plants.

LEDs are great for growing seedlings, and also lettuces and strawberries and other "low" crops. But when it comes to corn or tomatoes or other things that get tall, you need 4x-6x the lights in order to cover the mature plant. It's a big investment.