It stood up where there was an actual contract or financially backed transaction in place, not just off the back of a random click on a website.

It has nothing to do with luck. It has everything to do with one's point of view and how far one is willing to go to achieve that dream.

The American Dream does happen, and it happened to me. Of course, there aren't many people like me, but to say that it is a lie is to deny the reality.

The only way a tyranny can last is when the people let them.

Unless they can find a way to turn the "subjects" into borg-like things (which obeys their master 100% of the time), human beings, being a rebellious lot, can not, and will not be suppressed forever.

Rebellions (plural) will happen.

While the tyrannical regime might be able to crush most of the rebellious attempts, there will always be that final rebellion which will crush the ruling junta.

Thus, the cycle continues ...

The Chinese are always, and have been, very concern to what is happening in China.

Even me, a Chinese, who ran away from China when I was very young, and ended up in America and stayed in America for a few decades, still in my spare time, check out what is going on in China.

The "nationalistic" phenomenon for the Chinese people ebbs and flows - it happened back in WW2, when the Japanese invaded China, it happened again during the Korean war, and for a while, in between the Korean war until recently, most Chinese prefer to focus their attention towards themselves.

At first it was for survival, as China under the tutelage of Mao, landed itself in a seemingly endless episodes of man-made disasters. Famines that took away the lives of millions happened. Cannibalism happened, cultural revolution happened, intellectuals were driven to madness and/or suicide happened, and so on...

When Deng took over in the late 1970's, economically speaking China became better. The Chinese people turned towards making money.

That lasted for almost 40 years, and the economy of China has started to flatline, people are getting laid off (and young university graduates couldn't find jobs).

To allay the pent-up anger, the CCP, under the Xi-Li pair, opted for the "nationalistic" approach.

And that coincides with the provocations from Japan. With more and more provocations from Japan, the fuel for the fire of nationalism multiplied.

You gotta understand that the Chinese people, until today, can *NOT* forgive what the Japanese did to them, back in the WW2. That is because, unlike the Germans who issued public apologies to their victims (particularly Jews and Gypsies), the Japanese refused to apologize for the carnage they had done in China.

That bad blood in between the Japanese and Chinese is now exposed in the open.

The CCP of course, ain't stupid. They fully utilize the follies from Japan to add fuel to the nationalism fervor.

The fact still stands.

In the United States of America, the commoners are totally cut off from the decision making process.

George Bush did *NOT* get the permission from the American public before he launched the attack. He didn't have to, as the American public has absolutely *NO SAY* in the running of things.

Taking this a step further --- in the current situation relating to NSA --- Obama does *NOT* care what the people feel, because the "feeling" of the people is inconsequential, as what is to be done, WILL BE DONE, whether the people like it, or not.

Sadly, you do not know the US of A.

The politicians inside the United States of America do not need to frame any proposal to the people, all the need to do to get anything done is to use their influence to rally a portion of semi-elites to his or her cause, and through the butterfly effect , it is done.

Case in point - United States attacking Iraq

When George Bush decides to attack Iraq, he did not need to get the approval from the Americans. All he did was to rally the world community (elites from different countries) to his cause, and when he got the support, off goes the Desert Shield and Desert Storm.

I was from China, and I still remember how hard the Chinese Communist Party had to rally their own people to support their decision to send troops into Korea to fight the Korean war.

In contrast to what George Bush did - the Chinese government, under Mao, almost tapped into all the resources it could muster, to get the people into the mood.

In a way, at least back in the time of the Korean War, the Communist government which rule China was more attuned to their own people, than George Bush, to the Americans.

Your argument is silly because it completely discounts cost of living.

I live in Boston, and rent is just one portion of your expenditure. Taxes, childcare, private schools, parking, and even your average restaurant bill are all significantly higher. This winter, I paid more to shovel after one storm in Boston than my friends did to have someone shovel all winter in Cleveland.

My salary would get me a middle class living in Boston or SFO, a lower middle class living in NYC, and an affluent upper middle class living in most of the midwest.

Blanket statements that anything about X makes you rich (or super rich) is plain ridiculous. Heck, I'm in NYC as I'm typing this and I'm pretty sure you'd get a shoebox for $1500.

Classic ASP doesn't run on .NET, it was pre-.NET.

There are also non-ASP.Net MVC frameworks based on .NET, like NancyFX, so the .NET category seems to very very wide. At a guess I'm going to assume the same for Java, as its really the same situation.

What about the folks who prefer Hulu? What about the next great Internet service that now can never happen again like it did in the past? Netflix paying Comcast is not just about gaining access to customers. It's about locking out competition.

I'm always amazed at how hard something as simple as password hashing can be. Yes, it's the user's fault for reusing passwords, but we should try and protect him anyway, because it's very common. Part of the job of the computer security industry is protecting stupid people. Improving this is situation one reason for the Password Hashing Competition.

You are right that password strengthening before encryption is a different problem from user authentication, but the solutions tend to be the same. You can use Bcrypt or Scrypt for strengthening a password hash on an authentication server just like you can while deriving a volume decryption key. The main difference seems to be that a common server may not have a significant fraction of a second to spend on authenticating a user/password combo. TC has some additional constraints, like the volume needs to appear as random data, making it harder to embed various encryption parameters, such as which key stretching algorithm is in use. To an attacker, he doesn't care whether the password/salt is protecting a login account or an encrypted volume. To him, it's just so many rounds of PBKDF2 (or whatever), and then a quick check to see if he got the right answer, and do as many in parallel as possible. Salt is used either way to defeat rainbow tables, so instead attackers use GPU farms to do massively parallel brute force guessing, where each guess is user/salt specific.

However, the two cases I've mentioned are both encryption: TC encrypted volumes, and OpenSSh id_rsa private keys. We could argue about how much effort a server should put into protecting it's user's passwords, but both TC and OpenSSh do *nothing* more than a typical server, devoting only a millisecond to key stretching. That's just lame.

I just added a keyfile as you suggested. I put it on a couple of USB keys, so I have a backup, and now in theory my encrypted volume can't be mounted without having the physical key. That should greatly increase my passphrase protection, as well as the volume contents (basically a list of all my various user/password credentials at various sites). I'm still running TC in Windows, and several times I've answered "yes" to let various programs make changes to my hard disk, and my machine probably comes with back-doors from both Lenovo and Microsoft and maybe even Intel. I don't trust our company's closed-source VPN provider, either. So, I still don't feel secure, but at least it's an improvement. Thanks for the tip.

I don't do this for a living, but I'm not totally ignorant about this topic. TrueCrypt does a poor job strengthening passwords. TC's users would be far better protected if TC ran something even as lame as PBKDF2 for a full second, with rounds somewhere in the 100's of thousands or millions. Not only does TC do a poor job protecting my data, but when an attacker does manage to guess a user's low-entropy password, he can then try that password all over the place to see where else the user has used it. This is why I say that the user's password is at risk due to TC, not just the data TC encrypts.

To give TC some credit, OpenSSL has the same lame password strengthening as TC, putting id_rsa passphrases at risk, in addition to the user's private key. So, there seems to be plenty of lameness to go around. I hear that a Bcrypt option is in the bleeding edge version of OpenSSL. I which they'd push out that patch along with the Heartbleed fix.

I use TrueCrypt. Not that it likely matters given all the other back-doors on my Lenovo Wintel laptop, but I use a passphrase from Hell, and I suspect even the NSA's biggest cracker would have trouble with it.

Other than the backdoors in various places on this toxic waste dump of security, the biggest security threat to my passphrase from Hell is TrueCrypt itself. TrueCrypt by default does 100% useless password strengthening (key stretching or whatever it's called). It's strongest mode, which you have to select manually, is 2000 rounds of SHA-256. I can buy SHA256 boxes that do 1 Giga-hash/second per $10. Figure a government has a few million at least for such boxes, and go compute how strong your password needs to be, and it isn't pretty.

I use my password and TrueCrypt to protect my data. Why didn't it occur to the TrueCrypt authors to protect my password? I mean, Bcrypt at least, come on...