Hehe, bad choice of examples. Yes, Sputnik was launched during an IGY year of "cooperation"... but that doesn't mean it wasn't a cold war space race from the beginning. The USSR announced their intention to launch an artificial satellite nine days after the US announced the same intention. Then the USSR went forward with designing the satellite, only to discover that their original planned machine was going to take too long. Afraid that the US might beat them to it, they stepped back and focused on a simpler design so they could get it into space faster, and beat the US. As soon as their launch vehicle was good to go, they launched, pushing back some planned military test launches to do it.

Makes perfect sense to me. There are lots of people whose lifestyles don't permit a regular job, but could use a flexible income supplement.

That's a rather violent, not to mention criminal, response. I think not.

First, my comment was not a "defense" of anything.

Second, you seem to have missed the sentence "It's not quite as good if the smartphone is also providing the fingerprint scanner and camera, because in the event of an attempted fraudulent transaction that means the attacker is in control of those components."

Also, you seem to have missed the last paragraph. In fairness, I suppose I wasn't quite clear enough. When I said that the security is in the same ballpark as a four-digit PIN, I was comparing to a system using phone-mounted sensors. With sensors provided by the retailer, in a staffed checkout lane, it's unambiguously stronger.

zerofoo said nothing of the sort. He said that killing or fully disabling the shooter isn't necessary, not that it's not possible, or even unlikely.

The history of mass shooting violence in the US bears out both zerofoo's point that killing or disabling the shooter often isn't necessary, since mass shooters tend to suicide as soon as they meet armed resistance, and even those who don't are clearly going to have to shift their focus from mass murder to self-defense or be an easy target. There are plenty of cases in which shooters have been killed, disabled or otherwise stopped by citizens, though they tend to get less press for the simple reason that fewer people die.

Interestingly, the US has conducted this experiment over the last 40 years or so, as the number of concealed carry permit holders went from basically zero to up to 15% in some areas of the country. What happened? Not much. Violence declined, and there is some weak statistical evidence that it declined faster in areas where more people began carrying guns on a daily basis. There is no evidence that violence increased.

I suspect it won't change at all. What would reduce the number of shootings is removing all of the guns, but that is impossible.

This is something of an unrelated point, but I think it's worth noting that police did not respond quickly at Columbine High School, and that the experience dramatically changed police doctrine for responding to active shooters, across the nation. After-action analyses showed that as soon as the shooters faced aggressive armed response, they killed themselves, but that happened many minutes, and several deaths, later than it could have. At the time standard procedure was to cordon the area, isolate the shooters and wait for enough backup to arrive -- preferably SWAT -- that the police could enter in overwhelming force. But Columbine changed that, and most police departments now train their officers that if they have good reason to believe it's a lone shooter then the very first officers on the scene should enter immediately.

Immediate entry, without overwhelming force or special weapons, seems like it significantly increases the risk to the officers, but in practice it doesn't, much. And, of course, waiting tends to give shooters time and space to rack up massive body counts.

Or just change positions several times per day. I stand until I'm tired of it then sit for 30 minutes, repeat. I set a timer for the sitting periods, otherwise I find that when I'm focused on something I forget to stand up again. I've thought about hacking and arduino into the controls on my desk and automating that, so that after 30 minutes my desk automatically returns to the standing position, but haven't gotten around to it.

I have a motorized desk from VersaTables. Nice desk and the company was great to work with. Not cheap, though, not at all.

Not if you lease. If you lease, it's the lessor that gets the rebate, so when they calculate the financing they just take it off the top. The federal credit, anyway. This is one of several reasons why more EVs are leased than purchased.

This is incorrect. Charging on 120V doesn't do any damage to the batteries, in fact it's probably a little bit better for them. The problem with level 1 charging is that it's slow. Assuming the LEAF's battery is empty it takes about 21 hours to charge it to full on the 120V adapter included with the car.

I actually charged my car regularly on 120V and it wasn't as bad as you might think -- as long as I only needed to make one trip into town per day (from my house to the city is about a 40-mile round trip). The car was almost always fully-charged by morning, but if I went somewhere in the morning and came back home, there was no possibility of making a second trip in the afternoon or evening. Not without stopping off at the level 3 charger in town, anyway. Which I did from time to time -- it's free, and recharges the car from empty in about an hour, but it means having to kill an hour, and there isn't much of interest within walking distance of the charger.

So, I installed a 220V "level 2" charger. With it, the car recharges from empty in a little under four hours. In practice, that means that when I pull into the garage and plug in, it's generally full again in a couple of hours. Most of the time the flexibility that provides doesn't matter, but sometimes it's very handy. The level 2 charger cost me about $400. Was it worth it? Maybe, maybe not.

Both of you are wrong and so is Dustin Kirkland (whoever he is). The core of your error is in this statement:

That sentence is true, as stated, but only because it includes the word "token". Yes if you're using secret tokens for authentication, then the tokens must be secret. But exchanging secrets (or proof of possession of secrets, which is what most cryptographic authentication protocols do) is not the only way to do authentication. Not by a long shot. In fact, humans hardly ever use secrets for authentication.

How do you identify and authenticate your mom? Do you ask her for a secret password? Of course not. You use the same tools for both identifying and authenticating her, and those tools are a set of biometric markers. The same set of tools are also used in high security situations. Back when I was a security guard in the Air Force, I was trained that personal recognition is the very best form of authentication. Not only is it not necessary to check the badge of an individual you know personally, badge-checking is inferior to personal recognition for authentication (note that badge-checking may still be important for authorization, verifying that the person who has been identified and authenticated actually has permission to enter. Thus I was trained to always check the access control list before allowing someone near nuclear weapons).

With respect to user authentication in electronic contexts we generally use secrets because computers don't (or at least haven't) had the ability to use the sorts of biometric authentication that humans use quite effectively. But, when we equip them with biometric sensors, they can.

HOWEVER, this does not mean that biometrics are useful for authentication in all circumstances.

Secret-based authentication has the advantage that -- assuming the secret has sufficient entropy and can be assumed not to have leaked nor been intercepted and cannot be rerouted (note that that's a pretty long list of criteria, some of which are hard to establish) -- you don't have to worry about the possibility that the authentication could be spoofed. An attacker who doesn't know the secret can't fake knowing the secret.

Biometrics, though, are not secrets. They are public knowledge. This means that an attacker must be expected to have access to copies of our fingerprints or faces. The biometric authentication process is different, though. It does not rely on secrecy of the authenticator, but instead on non-replayability. If we can be certain that (for example) the fingerprint placed on the scanner belongs to the person we wish to authenticate, and that the stored template we match against belongs to the person we wish to authenticate, then we can perform a good authentication. The fact that the fingerprint is not secret does not matter.

Where biometrics fail is if (a) we can't be certain that the livescan data acquired from the sensor belongs to the person trying to authenticate or (b) the stored template belongs to the person we wish to authenticate. Part (a) is particularly difficult to validate in many contexts because faking the input isn't necessarily hard to do, and in some cases an attacker can even bypass the sensor entirely and simply inject a digital copy.

This doesn't mean biometrics are worthless, it just means they're only useful in certain contexts. And, again, their utility for authentication has nothing to do with their secrecy. And rotation is likewise irrelevant and silly to discuss. You need to rotate secrets because you can't be certain they have stayed secret and because if they have low-ish entropy they may have been brute forced. None of that applies to biometrics because they're not secrets and their utility as authenticators does not depend on secrecy.

Can we please kill this incorrect meme about biometrics as identifiers, not authenticators? They can be either, or both, and are used as both, by billions of people, every day, with high effectiveness and reliability. Whether or not they provide security depends on the context.

With respect to credit card payments, fingerprint and facial recognition biometrics are pretty reasonable tools. This is especially true if the sensors are provided by the retailer, and the consumer is providing a traditional electronic authentication (cryptographic challenge-response) with their smartphone or smart card. It's not quite as good if the smartphone is also providing the fingerprint scanner and camera, because in the event of an attempted fraudulent transaction that means the attacker is in control of those components.

But you also have to consider the model that is being replaced. Is fingerprint plus face recognition better than a signature which is theoretically matched by a non-expert human, but in practice never checked at all? Absolutely. Is it better than a four-digit PIN? That's debatable, but it's at least in the same ballpark.

Actually, Inbox is Gmail for power users, for people who have massive volumes of e-mail to manage. It takes a little bit of work to figure it out and set it up, but once you have, it's awesome. There are some features it lacks, like complex filters (simple filters are very easy to set up; you just move a message to a label and Inbox asks if you want to always do that. Click "yes" and you have a new filter rule), vacation auto-responder and the like, but you can always use the Gmail UI when you need to set stuff like that up.

The Inbox features that that make it great for heavy e-mail users are:

Snooze.

Many people use their e-mail inbox at least partially as a task list, especially their work e-mail. This results in having to keep e-mails that for you can't work on yet sitting in your inbox, cluttering it up and making it harder to process new e-mail. When you snooze an e-mail, it goes away until some point in the future. You can pick a date and time, or even a location (requires using the Inbox app on your mobile device). Heavy application of snooze with well-chosen times/locations lets you clear all of the stuff you can't do yet out of the way, knowing it will come back later when you can handle it.

Bundles.

Bundles are just Gmail labels, but with an additional setting that tells Inbox to group them in the inbox. This is fantastic for high-volume mailing lists. With Gmail you can get almost the same effect by setting a filter to apply a label and skip the inbox, but then you have to remember to actually go look at the label from time to time. With bundles, you get the same grouping effect but the bundles show up in your inbox so you don't forget to go look. The reason that grouping (by whichever mechanism) is useful is because when you have large volumes of email, most of which you don't actually need to read, it's much faster to scan through a list of subject lines and evaluate what's important and what isn't when you already know the context.

My process for plowing through a busy mailing list is to scan the subject lines and click/tap the "pin" icon on the few that are interesting, then "sweep" the rest. A single click or gesture archives all unpinned items in a bundle. Then I handle (or snooze until I can handle) the pinned items.

I also have a bundle (label) called "Me" that is applied by a filter that looks for my name or username in the To line or the body of the message. This helps me to be sure that I notice e-mails where people are mentioning me or asking me questions. It's the first bundle I look for every time I check my e-mail. Similarly, I have a bundle that extracts e-mails that reference my project's name. That's the second bundle I look at. Other high priority bundles are e-mails from the code review system and e-mails from the bug tracker.

Obviously there are many e-mails that mention both my project and me. That's fine; bundles are labels not folders, and it's perfectly reasonable for an e-mail to be in more than one of them. When I archive a message in one bundle, it disappears from the others. So, often I'll look at Inbox and see the "Me", project, code review and bug tracker bundles displayed, but by the time I've processed everything in the "Me" bundle, the other three have disappeared.

Delayed Bundles.

I think this vies with snooze as the killer feature of Inbox. By default, a bundle appears in the inbox whenever you receive new mail with that label. But there's lots of stuff, at least in my inbox, that I don't need to see immediately. Having low-priority stuff displayed instantly distracts me from my work, or obscures truly urgent e-mail. Also, it's more efficient to handle low-priority e-mail in bulk. So, you can specify that a bundle should only appear once per day, or once per week. Inbox will accumulate e-mail in delayed bundles and only show the bundle at the specified time.

When I start work in the morning I have a dozen or so bundles containing low-priority e-mail. I can quickly scan each of them, pinning the items I care about and sweeping the rest. I have a few bundles for purely informational mailing lists which are set to display once per week, so I only see them on Monday morning.

I'd like a little more granularity on this feature. Specifically, I'd really like to be able to set some bundles to show, say, every three hours. Then I'd only allow the highest-priority bundles to show immediately, giving me larger blocks of uninterrupted time but with the knowledge that I'll still get notified of truly urgent stuff immediately.

Consistent Interface

It took me a while to realize just how valuable this is, but it's really great that the mobile and web UIs for Inbox are virtually identical. I don't have to have two different flows for handling e-mail on mobile vs desktop. The mobile UI is a tiny bit better because of the gestures a touchscreen interface can provide, but my process for using it is the same.

One common complaint about Inbox vs Gmail is that Gmail's more compact; you can fit a lot more stuff on the screen with the Gmail UI. I find that isn't a problem, because the Inbox workflow mostly eliminates the need to scan through a big list of messages visually, looking for something in particular. The need to do that arises mostly (for me, anyway) when I'm keeping a lot of stuff hanging around in my inbox. With Inbox, I don't do that. I snooze it or I archive it, so my inbox is empty nearly all the time. If I need to find something that I've snoozed or archived, I search for it.

Bottom line: If you're a heavy user of Gmail, you should really take a good look at Inbox. Odds are you'll never go back.

Will the evening news be illegal? Wishing someone a happy 30th birthday? Mentioning that Christmas is over 'til next year?

Though, apparently it's legal if you do it in analog.

I meant password, of course. Sorry, not fully awake.

Also, don't give your SSID to anyone who does or might in the future use Windows 10, or have a Windows phone.

No, we don't. If you don't have the water, or at least the hydrogen and oxygen, you don't have a large body of water to moderate the temperature and host cyanobacteria to create oxygen, which takes hundreds of thousands to millions of years, assuming you have enough bound oxygen to begin with. We don't have the technology. We can't even filter out a little carbon dioxide in our own atmosphere.

That assumes the winds are perfectly linear and even fairly constant, which of course, is impossible on a sphere.

The problem is they are advertising a "free" upgrade to everyone with Win 7+ right now. Who doesn't want a FREE upgrade? Obvioously /. readers but most consumers think they are saving money with a free upgrade to an OS that is in fact pwning them.