Yes, they do lie, but on the other hand it's also common knowledge that satellite has unusable latency. The speed of light is a fundamental physical limit, and it takes that long for light to reach a GEO satellite and back. See this rant from 1996.

Uh, what? Verizon Galaxy Nexus? Is that recent enough for you? I'm not saying Verizon is a saint here, but it is possible if you choose wisely. GP is talking about rooting and roms which is definitely possible on the Verizion Galaxy Nexus.

You own the mail server, and you own the mail clients. The clients run on a device, in this case a mobile phone. You can physically bring the mobile phone into your office and manually load the correct public key. In effect, you perform the initial authentication with, literally, your own eyes and hands. There's nothing bad about accepting a self-signed cert for which you have manually verified the corresponding key.

Using your own root CA still involves authenticating the root CA. You still have the same problem of authentication for the CA, and you still have to solve it one way or another, most likely by manually loading the root CA key as above. For internal, intranet-only cryptographic keys, loading keys onto devices manually is absolutely the correct solution.

In a sufficiently small company (say 1-3 people), the overhead of a separate IT department is too great, and it's better to just educate the users in key management, or have a designated knowledgeable person handle this stuff. For large companies it may be better to run a root CA, but honestly, I'm not entirely convinced. Consider the example of SSH, which is almost the polar opposite of SSL. SSH by default uses plain public keys with no certificates, and has dominant market share within its category. When was the last time you ever heard of a successful man-in-the-middle attack against SSH? I certainly never have. Obviously SSH and SSL differ in many areas, but the point is that it is possible to handle authentication securely without certificates.

Security guru Bruce Schneier has consistently stated many times that complexity is the enemy of security. CAs add a layer of complexity. This complexity in and of itself undermines security. I think you need a really compelling case for CAs (such as public web sites) before it's worth considering bringing this complexity on board.

It's really frustrating to see people like you continually perpetuate these nonsense myths about SSL certificates.

A certificate from Verisign makes a lot of sense on a public web site. It makes a lot of sense to use a third-party certificate in any transaction or communication where the two parties involved do not know each other in advance. That's the purpose of a certificate: to certify that the other party (whom you have never met before) is whom he claims he is.

It makes absolutely zero sense whatsoever under any conceviable circumstances to use a third-party cert to authenticate between two parties who have already authenticated each other prior to their first communication. For example, if you are connecting your own email client to your own email server, it is ridiculously, mind-bogglingly insecure to rely on a third-party certificate to authenticate this transaction. Using a third-party certificate in this situation just adds an additional single point of failure, one that wouldn't exist otherwise. Actually, it adds many thousands of independent single points of failure all of which are outside of your control, since any one security breakdown at any of the thousands of certificate compaies such as Comodo or Diginotar will compromise your email.

The right way to authenticate your own server to your own client is with first-party public keys, not with third-party certificates. Unfortunately, the SSL standard does not support plain public keys, but self-signed certificates are a close alternative. This method is correct, easy, cheap, and provides the most security.

There is no way to put this nicely. The authors of the SSL standard were wrong in insisting on certificates in any and all situations. It's disappointing and dangerous to see that the general public has, without thinking, bought into the insecure and nasty myth that certificates are always better. Honestly, they're not always better. Sometimes they're worse, much worse. Please think about real world security threats and security needs instead of just mindlessly parroting false advertising for Verisign.

X over SSH is in fact easier to secure. It's obviously not easy to the point of never having to apply patches again, but it improves on RDP in a significant, nontrivial way: the GUI is decoupled from the network-facing service. The resulting small network-facing service is easier to audit and secure against attacks. It's important to appreciate the benefits provided by the Unix philosophy of one separate small program for each task.

The analysis contains some errors, although the errors are probably fixable and thus the overall result is probably correct. For example the "crossover gadget" (version 2) in the paper does not do what it claims. In SMB3 it's possible for a big mario entering from the bottom to break both blocks and crouch-jump into the left hand gap.

Regarding your larger point, I don't think video games are an especially compelling example of a critical survival skill that's well-suited to human brains. The classic examples are speech recognition and especially face recognition, which are VERY hard to do on computers. If I had to pick a hard problem that humans can solve better than computers, I'd pick music transcription. For polyphonic music (such as a whole orchestra), this is absolutely impossible for a computer, but any even semi-skilled rock guitarist can do this in their sleep, at least as far as picking out the melody, harmony, and rhythm.

The GP is correct. USPS is a lot more reliable than Canada Post.

I live in Canada right now, but I've lived in the US for most of my life. Here in Canada, I routinely receive misdelivered mail in my mailbox. For example, I'll get mail addressed to someone with a different street number but same street name, or same street number and different street name, or some combination of both. Empirically I estimate that about 1% of the mail I receive is intended for someone else. As there is nothing particularly special about my address or mail volume, one can extrapolate (at least locally where I live) to conclude that Canada Post misdelivers about 1% of all mail. By contrast, I have never seen this kind of error in US mail.

When law enforcement officers confiscate a computer, they usually (in the US at least) try to transport the computer without powering it down. Standard procedure is to plug a portable generator into the wall outlet powering the computer, unscrew the outlet, and take the whole apparatus (including wall outlet, generator, and computer) to the forensics lab, without interrupting power to the computer. If all the jacks in an outlet are in use, they will unscrew the wall outlet and splice the generator's power cables into the outlet.

The article and summary do mention situations where computers are powered down for transportation. These are exceptions. They are not the norm.

I'm one of the authors of that algorithm. You might be interested in my latest work: an improved cryptosystem based on elliptic curve isognies which seems to be more secure against quantum computers than previous isogeny-based schemes. (In particular, my algorithm for breaking the old isogeny-based schemes doesn't work against this new scheme.) Since posting the paper, we have improved the performance of the new scheme to the point where it is faster than RSA for the same (conjectured) level of security, even against classical computers (never mind quantum computers).

I am obviously biased, but I think my new scheme is the best candidate for quantum-resistant key exchange. It's faster than RSA, it uses shorter keys than RSA, and it's security is based on relatively standard results in elliptic curve theory compared to other systems that involve difficult-to-analyze problems on lattices. It is very much a classical cryptosystem with some nice features, which happens to be quantum-resistant. It's not some kind of cumbersome scheme which you would use only if you cared about quantum computers.

In general, I've given up on replying to Slashdot crypto articles, unless I have a personally relevant reason to do so (your post certainly qualifies). The general level of ignorance in the discussion is so stratospheric that it is painful to read. Even worse, the vast majority of commenters think that they know what they're talking about (they don't), and the vast majority of moderators mod up ignorant (but plausible sounding) drivel while ignoring the comments made by actual cryptographers.

The correct answer to the submitter's question is what you just said: there are plenty of quantum-resistant key-exchange protocols available, among them NTRU, McEliece, learning with errors, and my scheme. The submitter should also have asked about quantum-resistant digital signature schemes. Here the answer is much less reassuring: there is only one, namely, NTRU. This is a huge problem for crypto if we ever build a quantum computer, since authentication is at least as important as encryption. It's a real shame that this entire discussion is based on the wrong question.

Judging from your subject line, you seem to be under the false impression that bankruptcy is a solution. Unfortunately, it's not, because of decades of highly successful lobbying by banks and Sallie Mae.

Student loans cannot be discharged in bankruptcy under any circumstances. This is a federal law, passed in 2005. It applies to both federally backed and private-party student loans. It applies (retroactively) to all student loans, even those which were issued before 2005.

Creditors can garnish wages without a court order to pay off student loans. Creditors can confiscate tax refund checks, disability checks, and social security checks without a court order. Notice the part about social security -- there is no statute of limitations on student loans, so creditors can do all of the above for as long as you live, even into your retirement years. If you die, they can pursue your cosigners for as long as they live.

The only way to win forgiveness for a student loan is to prove undue hardship in court. This is not the same as bankruptcy -- it's a much higher standard of proof. The burden of proof is on the debtor. Few borrowers have the resources to hire the legal representation that this process requires.

A huge part of the problem is that most Americans have no idea just how one-sided the student lending laws have become. Unfortunately, you seem to be contributing to that problem.

You have no clue what you're talking about.

I take it you live in the USA? The set of Asians who live in the USA is a very very biased and unrepresentative sample of the set of all Asians. The US immigration system is designed to select the best and brightest immigrants. That's why the Asians in the US are so smart and hard-working. The average Asian from an Asian country would be nothing special in America. But Asian Americans as a group are taken from the top 0.5% of all Asians, because US immigration laws are designed to keep out the stupid people. It's completely the opposite of what you claim.

If you actually go to an Asian country you'll find that the people there are no smarter than Americans. But from your condescending attitude it's clear that you're happy to claim international expertise without ever having left the USA. Try traveling or even immigrating to another country sometime -- it'll work wonders on your world view.

With blacks and Hispanics, it's a totally different story. African Americans came mostly as slaves, and Hispanics have illegal immigrants to skew the numbers. That's why the selection effects of US immigration law are significant only for Asians and not other races.

No, it's not a fact. The "fewer than 50" claim is outrageously false. Wikipedia alone lists dozens of western speakers.

I personally know three westerners, neither born nor raised in China, who are completely fluent in Chinese (could pass a spoken or written Turing test), and another five who are fluent except for a foreign accent. It's absurd to claim "fewer than 50" when I personally can think of eight firsthand without even trying.

Having visited foreign consulates in China, a quick estimate indicates that there are likely at least 500 westerners with total fluency in Chinese in the embassies and consulates alone.

In the first sentence of the post to which you are replying, the GP explained convincingly that s/he is more used to metric, and not American.

I live in Canada as a permanent resident. I've imported and registered American cars in Canada (permanent registration, not temporary, and yes I've done this more than once, in different years). The process is a pain, but not as difficult as you imply.

The Canadian authorities require a speedometer capable of displaying km/h. A speedometer dial that shows both sets of tick marks is fine, even if one is larger than the other. A digital speedometer that has a metric option is also fine. I've seen cars with analog dials and only one set of markings, where you press a button on the dash to change the meaning of the needle from mi/h to km/h. (If you press the button while the car is moving, then the needle will jump from X mph to Y kph). That's fine too.

There is no requirement that the odometer display support kilometers. This is a fact, that I have personally verified with border agents during my previous importation experiences.

The main difficulties in importing American cars to Canada are:

1. Daytime running lights: Basically the car must have low-intensity headlights or (at a minimum) fog lights that are on at all times while the car is in operation, and the driver must not be capable of turning the lights off.
2. No automatic seat belts (prohibited in Canada).
3. Attachment points for car seats (mandatory in Canada).

It's quite possible that converting American cars into Canadian cars is cost-prohibitive, but I bet the cost has much more to do with things like daytime running lights than the relatively trivial issue of units.

Your reasoning is fallacious, and (unfortunately) quite common. Although it is not politically correct to put a price on human life, in reality money is a finite resource which can directly save lives (food aid, etc.). A crime which causes monetary or productivity loss can certainly be viewed as catastrophic, depending on the amount of monetary loss involved. 3.2 million people losing internet access for 5 hours can certainly affect a country's economy and measurably impact their tax revenue. Presumably the government is doing something productive and (dare I say) life-saving with that tax revenue. Indirectly, massive financial crimes can in fact cause loss of life, and this loss of life can be quantified.

If you think just a little bit outside the box, you'll see that financial crimes can be just as devastating as murder in terms of society-wide effects.