> A relatively easy way to get all those samples is to inject a script into somebody's HTTP response - say, for http://slashdot.org/ - which constantly does nothing but request the same HTTPS URL

Not with a https url you're not going to do that. You're going to need to attack a protocol in which bytes from the master key are reused in each transaction. WEP was such a protocol, TLS isn't one. TLS rc4 hashes a nonce with the key each time, so the bits used as the rc4 key are different each time, making probabilistic attacks useless.

That's the "bits can't be reused in the xor" part of my post.

I've noticed a pattern with you. You're reasonably well informed regarding cryptography, and understand the concepts well (though you sometimes read too fast and miss the details). You therefore decide that ONLY you are informed and everyone else are idiots. Here's the thing. You've read a lot, but forget that everything you've read was written by someone other than you. You HEARD about an attack on a cipher. Great, so did everybody else. Somebody actually developed that attack. Somebody who is in the set "not you, therefore an idiot" developed the attack. You'd do well to actually read what others have to say rather than skipping what they said said because after all, anyone other than you is an idiot. (No, some of us actually created what you study).

There are a few schools that offer essentially that. I'm doing it at WGU.edu, which is a state school in many states (WGU Texas, for example, is a state school in Texas). You finish each class whenever you can pass the test, which in many cases is an industry-recognized certification test from CompTIA, CIW, Microsoft, etc. I just finished my database course, which took me a week to get four college credits since I know the material very well. If you knew ALL the material well enough to pass all of the tests, you could get a bachelor's degree in six months or so. They ALSO provide curriculum to teach you the material, but you study it only as much as you need to.

You mentioned the cost. With WGU, you don't pay per-credit or per-class, but per-semester, and you can take as many courses in that semester as you want. (Minimum 12 credits for financial aid.) IF you knew everything you need to know for your degree, you could do the whole thing in one six-month semester at a cost of only $3000. The tax credit is about $1,200, so the net cost to you is only $1,800.

Personally, I have a full time job, a part-time business, and a family, so I'm doing it in just a few hours per week and it will take a while.

Other schools offer similar programs. WGU offers low cost and reasonable credibility - it's a state school just like Texas A&M, University of Texas, etc. Not AS flagship prestigious, but also not a joke like some online programs. Exclesior is somewhat similar in that you get credit for knowing the material, not for attendance or homework.

As others have pointed out, xor is actually very strong - unbreakable in fact, IF the key is long enough. A key may be made long enough by any of many key-stretching algorithms. Also, the same portion of the identically stretched key shouldn't be reused.

In practice, that means that plain xor by itself is limited to either a) short plaintexts such as passwords or other keys or b) highly secure one time pad based systems, which require that key books be shared ahead of time. XOR can also be used as an essential component of a strong algorithm which is more, complicated. Basically, xor as the actual encryption on the data plus some method to extend the key securely.

For a much longer plaintext, you'd be correct. Starting with a long plaintext and reducing the entropy by using it's hash would be bad. That's actually recommended practice for hashing PASSWORDS. Yes, it increases the risk of of collisions but given the length of passwords, that's not very significant. More significant is that it then takes an attacker 2048 times as long to check a password in an offline attack.

She says it's "not protected by the first amendment." The first amendment is "Congress shall make no law ..." So the first protects speech FROM CONGRESS. To say it "is not protected by the first amendment " is to say that Congress can ban it.

  She then says it "should be removed ". You ask "by whom?" Considering that she just said Congress can do it, the only reasonable interpretation of "should" is that she means Congress should do so, possibly indirectly through a federal agency. That's scary only because Congress is HER, she's a senior member and she thinks that her colleagues and her should do this.

Feinstein said:

not, in my view, protected by the First Amendment and should be removed

The first amendment says that the federal government may not violate freedom of speech. So saying "not protected by the first amendment " is saying "can be removed by the federal government ".

I think that's covered in fourth grade, so ...
> It is notable that she did not say who should remove these from the internet, or how.

She's either a) quite unfamiliar with the Constitution and the Bill of Rights, or b) saying it should be removed by the federal government, which is her and her buddies. Either option is rather bad.

> 5% of the total energy use is still

The 5% neither of total energy, nor of use.

It's 5% of electricity generated within the state.
Most of the energy isn't electricity, and a large percentage of the electricity they use is generated in Arizona, where regulation has allowed new power plants that generate reliable electricity to be built.

In other words, it's really just how many new electric plants were built in California (only solar ones) as a percentage of the plants that California already had prior to them shutting down development and forcing any new plants capable of providing reliable electricity to be built across the state line in Arizona.

Given that the population of California has increased by 10% in the last 15 years, the fact that their electric capacity hasn't kept up, that they've become more dependent on power from Arizona, isn't actually a good thing.

I'll mention to the IT department that they could save $30 by buying a generic stick from a random Chinese guy rather than buying a popular product form the third-largest company in the world.

If you're a hobbiest playing around, seeing what you can do with your new toy, you might want to save that $30. If you're a business spending $100 / hour to employ someone to set it up and maintain it, that Chinese stick is much more expensive. It's much less expensive to get something well documented and supported by the world's third-largest company than to choose something with instructions that read "Push of button the power electric to on".

Also, the headline is wrong, to put it mildly. As they normally do, the solar-electric propagandists came up with that 5% number by doing math that makes no sense - using POWER USED for the numerator and ELECTRICITY GENERATED for the denominator. Most power isn't electricity, so the number is bogus. Also, California uses a lot more power (and electricity) than they generate, so it's double bogus.

I say the number is "wrong", but MOST solar-electric stories on Slashdot make the exact same "mistake". When someone making an argument consistently screws up the math in the same way, after the error has been pointed out the them many times, that could be called "lying".

The useful number is "how much of the power we use can be generated from ________?" In the case of solar-electric in California, it's less than 2%. That's good in the sense that it's about the correct amount to generate in terms of resources used vs power generated. More would wasteful and hurt people's standard of living. For example:
It would be silly to use the sun to heat water, in order to drive a turbine, in order to generate electricity, in order heat a coil, in order to heat water for your shower. If you want hot water for a shower and you have bright sun, just pipe the water for the shower through a large black pipe and heat it directly. That's much more efficient than the Rube Goldberg approach of adding turbines, generators, etc. to it. If you want hot water and have hot water, just use the hot water - it's wasteful to convert it into electricity and back again. Under that kind of analysis, solar electric SHOULD be about 2%. Other sources are better for most of the needs of most of the people in most places, for most of the year.

Microsoft does "me too". Apple did well with the ipod, Microsoft called up China and ordered a cheap copy. Nintendo and the other companies had good game consoles, Microsoft stuck their name on one, apparently without having much of a clue about the market they were entering. They then lose a billion dollars or so on each, stubbornly refusing to admit failure.

Google checks out the market, then releases something that's best-in-class, or often fairly unique, being the first major offering of it's type. They spend a ten or twenty million trying it out. If it only breaks even, they move on to the next idea. They don't keep at a losing strategy, losing a billion dollars on something. Instead, they move on to the next idea until they find which one will make them a billion dollars.

At the end of the day, that's the difference- Microsoft's big initiatives that they really push for years lose a billion dollars, Google's big projects that they really push make a billion dollars.

* Google tried "me too" once, with Google+. Fortunately for them, they can well afford one big error because they are winning big in a dozen other areas.

It's more convenient to plug in a dongle and be done than to plug in a dongle, connect a smartphone, and then hope your application works with the Chromecast. A real hdmi connection will outperform the Chromecast screencasting by a couple orders of magnitude. Since it's Chromebook-like hardware, it'll run Ubuntu or other Linux - the same OS running on everything from desktops and radios to super computers. Programs can be written in any language. It has full remote management capability (ssh etc.) so you can set it up and everything from your desktop, using the same methods you use to manage servers over a network, unlike a smartphone.

I have one use-case right away. We want to hang a monitor or TV on the wall as a kind of digital bulletin board that has constant updates. This device would be perfect. We COULD use a smartphone and a dongle, but just a dongle (no smartphone needed) makes it simpler, and running Linux on the dongle means it's more powerful and flexible- I can program it in Perl, C, Ruby, or PHP rather than being forced to write an Android app in Java.

The government web site doesn't work with any operating system. It doesn't work with any version of the #1 most popular desktop operating system, Windows. It doesn't work with IE, Spartan, Chrome, or Firefox. The government web site plain refuses to work. And by the way, it's a web form a friggin form tag. Many eight-year-olds can build that and make it work.

You equate that with the private company's HARDWARE which works just fine with the predominant operating system, and also works just fine with some versions of minor operating systems. It just has an issue on one version of an OS that few people use. I use OS X, so it might bug me, but that's quite different from "doesn't work at all, under any OS.

Based on the technical women I've worked with, I have to agree with one thing you said:

Women comprise over 50% of population and any ... that can tap that ... suddenly has a tremendous advantantage

Kidding, of course. Seriously, what you said is true not only of countries, but of COMPANIES. Companies who hire and promote people who do well have a tremendous, almost insurmountable advantage. A company who wasted half of their good people and good candidates would quickly be beat by the competition. Therefore, tremendous successful companies like Google MUST be promoting people who are both technically and with "people skills", employees who work well with others. If Google systematically ignored half the available talent, Apple or Microsoft would wipe the floor with them. They'd never had gotten this big because Yahoo would have had twice as many really good people. Therefore natural forces are such that companies that identify and nurture effective people (effective technically and as a team member) will grow and will win.

Based on the headline, you've decided the governor is stupid. Presumably, you'd vote against stupid politicians, or at least wouldn't vote for him.

The article expalins that the governor once accidentally sent a completely blank email from his Blackberry - he sat on the button or whatever. A guy whose only email was a blank'one sent accidentally is a guy who doesn't use email. Exactly as the governor said, after he was elected he quit using email, to avoid a Hilary situation. He's exactly right - sitting on your phone once doesn't suddenly turn you into someone who uses email for their work.

Yet, with no interest in the facts, you decided based on a clickbait HEADLINE whether or not you'd support the guy. Whatever headline you saw first decided your position, and you end up voting for dumb politicians. Fyi, there is a connection.