Yes, they do lie, but on the other hand it's also common knowledge that satellite has unusable latency. The speed of light is a fundamental physical limit, and it takes that long for light to reach a GEO satellite and back. See this rant from 1996.

Uh, what? Verizon Galaxy Nexus? Is that recent enough for you? I'm not saying Verizon is a saint here, but it is possible if you choose wisely. GP is talking about rooting and roms which is definitely possible on the Verizion Galaxy Nexus.

You own the mail server, and you own the mail clients. The clients run on a device, in this case a mobile phone. You can physically bring the mobile phone into your office and manually load the correct public key. In effect, you perform the initial authentication with, literally, your own eyes and hands. There's nothing bad about accepting a self-signed cert for which you have manually verified the corresponding key.

Using your own root CA still involves authenticating the root CA. You still have the same problem of authentication for the CA, and you still have to solve it one way or another, most likely by manually loading the root CA key as above. For internal, intranet-only cryptographic keys, loading keys onto devices manually is absolutely the correct solution.

In a sufficiently small company (say 1-3 people), the overhead of a separate IT department is too great, and it's better to just educate the users in key management, or have a designated knowledgeable person handle this stuff. For large companies it may be better to run a root CA, but honestly, I'm not entirely convinced. Consider the example of SSH, which is almost the polar opposite of SSL. SSH by default uses plain public keys with no certificates, and has dominant market share within its category. When was the last time you ever heard of a successful man-in-the-middle attack against SSH? I certainly never have. Obviously SSH and SSL differ in many areas, but the point is that it is possible to handle authentication securely without certificates.

Security guru Bruce Schneier has consistently stated many times that complexity is the enemy of security. CAs add a layer of complexity. This complexity in and of itself undermines security. I think you need a really compelling case for CAs (such as public web sites) before it's worth considering bringing this complexity on board.

It's really frustrating to see people like you continually perpetuate these nonsense myths about SSL certificates.

A certificate from Verisign makes a lot of sense on a public web site. It makes a lot of sense to use a third-party certificate in any transaction or communication where the two parties involved do not know each other in advance. That's the purpose of a certificate: to certify that the other party (whom you have never met before) is whom he claims he is.

It makes absolutely zero sense whatsoever under any conceviable circumstances to use a third-party cert to authenticate between two parties who have already authenticated each other prior to their first communication. For example, if you are connecting your own email client to your own email server, it is ridiculously, mind-bogglingly insecure to rely on a third-party certificate to authenticate this transaction. Using a third-party certificate in this situation just adds an additional single point of failure, one that wouldn't exist otherwise. Actually, it adds many thousands of independent single points of failure all of which are outside of your control, since any one security breakdown at any of the thousands of certificate compaies such as Comodo or Diginotar will compromise your email.

The right way to authenticate your own server to your own client is with first-party public keys, not with third-party certificates. Unfortunately, the SSL standard does not support plain public keys, but self-signed certificates are a close alternative. This method is correct, easy, cheap, and provides the most security.

There is no way to put this nicely. The authors of the SSL standard were wrong in insisting on certificates in any and all situations. It's disappointing and dangerous to see that the general public has, without thinking, bought into the insecure and nasty myth that certificates are always better. Honestly, they're not always better. Sometimes they're worse, much worse. Please think about real world security threats and security needs instead of just mindlessly parroting false advertising for Verisign.

X over SSH is in fact easier to secure. It's obviously not easy to the point of never having to apply patches again, but it improves on RDP in a significant, nontrivial way: the GUI is decoupled from the network-facing service. The resulting small network-facing service is easier to audit and secure against attacks. It's important to appreciate the benefits provided by the Unix philosophy of one separate small program for each task.

The analysis contains some errors, although the errors are probably fixable and thus the overall result is probably correct. For example the "crossover gadget" (version 2) in the paper does not do what it claims. In SMB3 it's possible for a big mario entering from the bottom to break both blocks and crouch-jump into the left hand gap.

Regarding your larger point, I don't think video games are an especially compelling example of a critical survival skill that's well-suited to human brains. The classic examples are speech recognition and especially face recognition, which are VERY hard to do on computers. If I had to pick a hard problem that humans can solve better than computers, I'd pick music transcription. For polyphonic music (such as a whole orchestra), this is absolutely impossible for a computer, but any even semi-skilled rock guitarist can do this in their sleep, at least as far as picking out the melody, harmony, and rhythm.

The GP is correct. USPS is a lot more reliable than Canada Post.

I live in Canada right now, but I've lived in the US for most of my life. Here in Canada, I routinely receive misdelivered mail in my mailbox. For example, I'll get mail addressed to someone with a different street number but same street name, or same street number and different street name, or some combination of both. Empirically I estimate that about 1% of the mail I receive is intended for someone else. As there is nothing particularly special about my address or mail volume, one can extrapolate (at least locally where I live) to conclude that Canada Post misdelivers about 1% of all mail. By contrast, I have never seen this kind of error in US mail.

When law enforcement officers confiscate a computer, they usually (in the US at least) try to transport the computer without powering it down. Standard procedure is to plug a portable generator into the wall outlet powering the computer, unscrew the outlet, and take the whole apparatus (including wall outlet, generator, and computer) to the forensics lab, without interrupting power to the computer. If all the jacks in an outlet are in use, they will unscrew the wall outlet and splice the generator's power cables into the outlet.

The article and summary do mention situations where computers are powered down for transportation. These are exceptions. They are not the norm.

I'm one of the authors of that algorithm. You might be interested in my latest work: an improved cryptosystem based on elliptic curve isognies which seems to be more secure against quantum computers than previous isogeny-based schemes. (In particular, my algorithm for breaking the old isogeny-based schemes doesn't work against this new scheme.) Since posting the paper, we have improved the performance of the new scheme to the point where it is faster than RSA for the same (conjectured) level of security, even against classical computers (never mind quantum computers).

I am obviously biased, but I think my new scheme is the best candidate for quantum-resistant key exchange. It's faster than RSA, it uses shorter keys than RSA, and it's security is based on relatively standard results in elliptic curve theory compared to other systems that involve difficult-to-analyze problems on lattices. It is very much a classical cryptosystem with some nice features, which happens to be quantum-resistant. It's not some kind of cumbersome scheme which you would use only if you cared about quantum computers.

In general, I've given up on replying to Slashdot crypto articles, unless I have a personally relevant reason to do so (your post certainly qualifies). The general level of ignorance in the discussion is so stratospheric that it is painful to read. Even worse, the vast majority of commenters think that they know what they're talking about (they don't), and the vast majority of moderators mod up ignorant (but plausible sounding) drivel while ignoring the comments made by actual cryptographers.

The correct answer to the submitter's question is what you just said: there are plenty of quantum-resistant key-exchange protocols available, among them NTRU, McEliece, learning with errors, and my scheme. The submitter should also have asked about quantum-resistant digital signature schemes. Here the answer is much less reassuring: there is only one, namely, NTRU. This is a huge problem for crypto if we ever build a quantum computer, since authentication is at least as important as encryption. It's a real shame that this entire discussion is based on the wrong question.

Judging from your subject line, you seem to be under the false impression that bankruptcy is a solution. Unfortunately, it's not, because of decades of highly successful lobbying by banks and Sallie Mae.

Student loans cannot be discharged in bankruptcy under any circumstances. This is a federal law, passed in 2005. It applies to both federally backed and private-party student loans. It applies (retroactively) to all student loans, even those which were issued before 2005.

Creditors can garnish wages without a court order to pay off student loans. Creditors can confiscate tax refund checks, disability checks, and social security checks without a court order. Notice the part about social security -- there is no statute of limitations on student loans, so creditors can do all of the above for as long as you live, even into your retirement years. If you die, they can pursue your cosigners for as long as they live.

The only way to win forgiveness for a student loan is to prove undue hardship in court. This is not the same as bankruptcy -- it's a much higher standard of proof. The burden of proof is on the debtor. Few borrowers have the resources to hire the legal representation that this process requires.

A huge part of the problem is that most Americans have no idea just how one-sided the student lending laws have become. Unfortunately, you seem to be contributing to that problem.