There is no technology, aside from an RFID chip that is implanted into your hand, that would be able to identify you as the owner. Fingerprints are not an option for the reasons that you listed; and they are not reliable either, even on our computers, in a clean environment, with guaranteed power, and when no one's life depends on it.

Besides, there are several videos on YouTube that show how a child can open a commercially produced gun safe in seconds, without a key. A child, having infinite time on his hands, will defeat the smart gun, just like they defeat nearly every measure that their parents come up with to constrain them.

A good test case may be GZ - he drew and fired while laying on the pavement and being beaten up. Any delay between drawing and firing (like "Authenticating... please sweep your finger three times on the sensor...") would only result in TM taking his gun away and using it as a heavy blunt object.

It all depends on people. We (outsiders) don't know what caliber of people Yahoo has and what they are thinking. Therefore we cannot answer the question.

https://en.wikipedia.org/wiki/Small_Business_Innovation_Research

SBIRs have fixed cost - at least in first two phases. Other R&D contracts are often cost plus from day zero; it is absolutely necessary when even the customer doesn't know where the idea will take them.

I'm sure there are government contracts that have nothing to do with R&D but still can be classified as engineering. For example, construction of a new building at a military base. I don't have experience with such jobs.

Projects at power stations, oil refineries, steelworks and chemical plants for example

Those are not R&D projects, they are implementation projects where there is no science left. Three hours for backup, one hour to physically replace the old server, three hours to restore, one hour to test and put online. Everything is known, everything had been practiced before in dry runs, and there are plans B, C and D just in case.

Government projects that (I suspect) were mentioned are blue sky R&D projects. Take, for example, a new fighter airplane. It doesn't exist. How much will it cost to design one? How long? Nobody can tell for sure; it's a "pay as you go" work - and that's how these projects go over budget and over schedule. Some bugs are still haunting F-22, for example - like that oxygen supply system. Seemingly an easy system to build, isn't it? But several pilots are dead because of it. You can plan all you want, but if an essential team member gets hit by a bus you can throw those schedules away. How much time do you need to debug a fault that happens only once in a month, and you strongly suspect that it is caused by unexpected interaction between 120 threads that your system is spawning and joining in real time? Can you predict the date when the bug will be identified and squashed?

They would want to use automatic weapons

What for? Could you please elaborate? What gangbanger would want to carry a replica of M16 and a few magazines full of ammo? What target would that be useful against? Handguns are far more practical for what criminals are doing. Full auto weapons are only useful for laying suppressive fire, preferrably against a massed enemy. A terrorist might want one (see Mumbai,) but a common criminal, IMO, has no use of it.

With a lifetime measured in tens of rounds, it really isn't all that special.

A large number of handguns are used to make either zero or one shot in their entire history. Not everyone religiously, every week, goes to the range with a thousand rounds and comes back with only empty brass. Many concealed carry firearms are never discharged. Barrel durability is not a concern at all. Barrels of big guns (like those on ships) are designed only for a few hundred shots - and they are far more expensive than a few grams of plastic. A printed gun is a problem only if you are a professional who shoots frequently - a soldier, or a target shooter, or a hunter. Even police officers are safe - they rarely shoot; whenever they do, it's a big deal.

primer and powder can also be made by hand I thought

You can make black powder, for all the good it will do to your precious firearm. You cannot make a modern propellant without mastering the chemical and extrusion problems. A few of your attempts will result in an explosion.

You cannot make a primer. The oldest chemistries of primers are known, but they are very unstable. I do not know off the top of my hand what primers are in use today, but Wikipedia lists lead azide, lead styphnate and tetrazene. The technology of producing and loading a highly sensitive substance is quite specific; I recall reading about blending of these crystals under a layer of ethanol, for example, but I don't know if it is in any way related to reality. This is a highly explosive process, and it has to be automated and perfected over a hundred years to get to where we are today. Probably there is no chance of making primers in somebody's garage without *exact* description of *all* technological processes and parameters, and without all the necessary equipment.

In the end, it's not an impossibility. There are hundreds of people in the country who know all about these processes because they run them every day at ammo factories. If need be, those people could become a core of garage-based manufacturing of primers and propellants. So far that hasn't happened, and the real secrets are safe. Wikipedia may describe 90% of the technology, but the remaining 10% always takes 90% of the effort. You can easily classify making of primers and propellants as rocket science.

Where have you seen an engineering project that was (a) completely finished and (b) on schedule? A "Hello, World," perhaps, in Perl?

By law, the government has to give the contract to the lowest bidder. Not the best one, and not the most honest, but to the lowest one. This means that the contractors *have* to bid low, and hope to make it up later on, during the contract. Some contracts (cost plus) allow that. A contractor who bids exact or a little over does not get the job. Fair and honest estimates are bred out of government contracting by laws.

This was a server to server connection, from one of Slashdot's SMTP hosts to my MX.

Connections to IMAP are also protected by TLS, but they look different - like this:

May 19 08:03:31 xxx cyrus/imaps[28590]: accepted connection
May 19 08:03:31 xxx cyrus/imaps[28590]: starttls: TLSv1 with cipher AES128-SHA (128/128 bits reused) no authentication
May 19 08:03:31 xxx cyrus/imaps[28590]: login: lan.xxx.com [vvv.www.xxx.yyy] tftp plaintext+TLS User logged in
May 19 08:03:31 xxx cyrus/imaps[28590]: seen_db: user tftp opened /var/lib/cyrus/user/t/tftp.seen

As you can see, here it's Cyrus who reports the login. TLS between SMTP hosts is handled by Postfix. There is not much in common between the two, except that Postfix delivers to Cyrus. When I send an email, my MUA uses TLS to connect directly to Postfix (the submission port, or 25/tcp.) It looks like this:

May 20 00:09:25 xxx postfix/smtpd[2239]: connect from lan.xxx.com[vvv.www.xxx.yyy]
May 20 00:09:25 xxx postfix/smtpd[2239]: setting up TLS connection from lan.xxx.com[vvv.www.xxx.yyy]
May 20 00:09:25 xxx postfix/smtpd[2239]: Anonymous TLS connection established from lan.xxx.com[vvv.www.xxx.yyy]: TLSv1 with cipher AES128-SHA (128/128 bits)
May 20 00:09:25 xxx postfix/smtpd[2239]: D47EC487ED2: client=lan.xxx.com[vvv.www.xxx.yyy], sasl_method=LOGIN, sasl_username=tftp
May 20 00:09:25 xxx postfix/cleanup[2243]: D47EC487ED2: message-id=<050401ce5529$0be9e0e0$23bda2a0$@xxx.com>
May 20 00:09:25 xxx postfix/qmgr[1394]: D47EC487ED2: from=<tftp@xxx.com>, size=2853, nrcpt=1 (queue active)
May 20 00:09:28 xxx postfix/smtpd[2239]: disconnect from lan.xxx.com[vvv.www.xxx.yyy]

Postfix is easy to configure to use TLS. CA-signed certificates give you nice log entries, but in general they are useless because it doesn't help anyone to know what company owns a given server. So I use self-signed certificates (make my own CA.) I then import that CA's certificate for IMAPS use.

Today it doesn't take any effort whatsoever, nor any money, to have all connections of your SMTP/IMAP server encrypted every which way. Many servers on the Internet are already configured this way - and all popular email hosts, like Google and Yahoo, are using TLS. The man with a tap at the router will not gather much.

If you run MS Exchange - even as the dirt cheap Small Business Server - then you get TLS included automatically. SBS generates a self-signed certificate, but you are encouraged to spend money on signed bits. (It is not required.)

May 19 17:16:37 xxx postfix/smtpd[28927]: connect from unknown[aaa.bbb.ccc.ddd]
May 19 17:16:40 xxx postfix/smtpd[28927]: setting up TLS connection from unknown[aaa.bbb.ccc.ddd]
May 19 17:16:44 xxx postfix/smtpd[28927]: Anonymous TLS connection established from unknown[aaa.bbb.ccc.ddd]: TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)
May 19 17:16:48 xxx postfix/smtpd[28927]: 3B1D5487E1F: client=unknown[aaa.bbb.ccc.ddd]
May 19 17:16:53 xxx postfix/cleanup[28932]: 3B1D5487E1F: message-id=<1369008893.841070-20720-slash-slashdot-daemon-91.v22.ch3.sourceforge.com@slashdot.org>

Most people would find it inconvenient when an important electronic receipt comes with all important fields blacked out. When I buy for a company online I forward these receipts to the accounting. What would I do if the email doesn't say what I bought, how much I paid, what c/c I used, and so on?

I understand that it is perfectly possible to have a purely HTTPS online store, without using email at all. You could print your receipts securely on your local printer (or into PDF) and submit those. However hardly any store on the Internet operates this way. And even if we make that additional step and revolutionize e-commerce, still we would have a partially broken system that has a huge disconnect between the arbitrary identity of the user and the verified identity of the credit card (thus allowing anyone to buy with a stolen c/c.)

In practical terms, email is not easily interceptable. En route it is usually encrypted with TLS. That is easy because SMTP servers do not insist on authentication of peers. So only the two endpoints, those that hold private keys, have access to the content.

One could say that the SMTP server itself is vulnerable. Well, it is, unless you run your own. I do. It's trouble-free. On top of that, nothing prevents the server from encrypting stored emails so that it's hard for an operator (or an intruder) to gain access. For example, generate keypairs for each account, and make sure that the SMTP/database box has only the public half. To read mail (and decrypt) you have to log in with your password, which just happens to decrypt the private key - and that can happen on a completely different (IMAP) box, and only in RAM, and only while you are using the server.

So for all practical purposes it is easier - and probably safer - to keep the current practice. Most retailers black out the c/c number anyway; the last four remain, but how many cases are known of actually recovering the full number this way? (Just send a Google Glass wearer to the checkout line at any store and capture as many cards as you care to.) The rest is not very likely to get stolen. As I understand, most thefts of login data occur directly from databases because they are either not encrypted, or encrypted with a symmetric algorithm, and the key just sits right there (it has to, otherwise you cannot encrypt.)

But if people want change, it should begin at the basics - with secure and sufficiently trustworthy authentication and encryption; this means that everyone gets issued at least one keypair inside of a dongle. Once you have that, everything else becomes trivial. As I understand, DoD has implemented exactly such a system with a common access card.

the rather ramshackle habits of securing one transmission via HTTPs on the one hand and then not securing a future transmission in any way shape or form on the other hand

How would one secure an email? Existing S/MIME and PGP are not commonly used.

A company cannot abandon email because it's the only notification method that is guaranteed to be delivered to the purchaser of goods. If you just show a confirmation number on the screen in big bold red letters and ask to write it down, 99% of customers will not notice that. Some may not even see it because they walked away or closed the browser as soon as the transaction went through.

So the problem here is far deeper, it's not just lazy programmers. Perhaps it won't be solved until every one of us has a personal FIPS 140-2 USB or smart card processor on a keyring.

They're coming from somewhere, folks.

Yes, there are writings of all sorts out there. It doesn't really matter who produces them and how. It's far more important to know what percentage of readers reads them.

You seem to be throwing out these cardboard stereotypes about suicidal people, criminals, old people, everyone. There's such insane variety around any kind of label you can imagine and you seem to be ignoring all of it.

That is true. Even if Slashdot would be capable of providing enough writing space for a ten-volume manuscript, it is still necessary to have a better command of the subject. I am not a professional in this particular area and don't have access to specific, statistically significant cases. My opinion is based on personal observations and on what I read. My opinion may be right or wrong, but I have it and it's mine. And you have yours.

BTW, if your friend is depressed, I don't think you should give him a map to the nearest tall building. You are free to persuade him - and he is free to listen to you or not to listen. Usually people do listen, especially those who don't have physical, material reasons for their decision. (That's what I read!)

It doesn't matter how much you argue otherwise, crime is a symptom of youth and as they age people generally turn away from a life of crime.

... at least because they are not physically capable anymore of the exertion that is required to do it. Quite possible. Still, plenty of young ones around to ruin one's day. And not so young too - look at the FBI's list of most wanted criminals; most of them are well past their teens. (But, of course, those are unusually bad; statistically, they don't matter.)

not only should we not try to prevent it, but it should even be easier.

It's already easy enough. You just can't make it easier. What you can do is to make it less painful. Is the fear of pain a deterrent? Perhaps, to some. But the car exhaust (CO) will kill you painlessly; some sleeping pills (barbiturates) will do the same. Heroin will do you in as sure as a bullet; and not only you won't suffer a pain, you will be rewarded with the final performance. It's far easier for most suiciders to just park their car in the garage, close the door, and let the CO kill them, than to look for a gun and then shoot themselves. It is very painful, by the way, and very messy - shooting yourself is not a good way to leave this world.

The society will not notice the outcome of their decision anyway; there are 6+ billion people on the planet already, it's not like we are endangered species or something. If someone wants to make room, it's their right. Not that I encourage them, of course. They are just free.

I know a guy who committed suicide and a girl who attempted suicide and no one is happy that he succeeded or that she failed

Romeo and Juliet, something like that? Those were successful all the way through. Does the society want them dead? Not really. But, darwinistically speaking, the society benefits from mentally stable people, not from head cases. Those *should* evolve out, in the grand scheme of things. Like taxes, if you support a certain behavior you get more of it. There are people who try to commit suicide repeatedly (and fail N-1 times out of that.) Then firemen are summoned, the police, and the doctors... what for? In the USA the Constitution guarantees your right for pursuit of happiness, but it does not define what form it may take. If you cannot live without your man|girl, don't. Will I be sad? Probably. But I cannot tell you to suffer for years, if not for the rest of your life, just because it is in my personal interests, either political or religious, to keep you alive. That would be awfully selfish of me. On that subject:

can't you at least acknowledge that more people killing themselves is a bad thing?

Bad thing... bad thing... bad to who? What metric are you using, and whose viewpoint? Per the blind and deaf quadriplegic, his life is over already. Per his brother, he must be kept alive until brother's own child can inherit his house. Per his wife, he should die immediately, so that she inherits. Per his aunt, Jesus the God personally told her that suicide is a sin, so the poor injured man must be kept alive for as long as possible - even though he suffers physically and mentally. Who is correct here, in this sea of incompatible interests? (This is a dramatization of a real world scenario that played out in Florida.)

So when you say "bad thing" you need to qualify this statement. The nature doesn't have bad things. Things can be declared good or bad only by an observer who has an opinion.

Actually I'm guessing the ones who don't get caught or killed stop on their own once they pass their mid-twenties.

I'm not sure where you live, but in most countries criminals cannot stop. There are the usual socioeconomic reasons for that. There is not enough jobs even for citizens who never jaywalked. What chance, in your opinion, a man with a burglary or a theft under his belt has? How many store managers will be happy to give him the keys to the money box? The only jobs that are left for them are menial jobs, like digging of ditches. Maybe one can become a licensed professional, like an electrician or a plumber, but that's not easy - there is a requirement for apprenticeship, and with that see above.

Can a criminal reform? Yes. Most of those success stories are from white collar crime, where for example an accountant made a "mistake" toward his own bank account. Just once in his whole life. He won't do that again. Kevin Mitnick is a good example. Some violent criminals embrace religion in prison and also become ex-criminals. The vast majority, however, is stuck in the vicious circle forever. They don't know how to live differently, and the society rejects them even if they try to end their wrong ways; they become career criminals.

With regard to "hardened killers", there is no shortage of those. Gang initiation rituals sometimes include killing of someone. There are obvious reasons for a gang leader to require that. Many homeowners are injured and killed during home invasion. Nobody would be concerned about an imaginary problem; the people are concerned because the problem is very real. It is exacerbated by the fact that most homes in the USA are open to anyone; you are separated from the street with just one flimsy glass door. Burglars throw a stone through that door (in the back of the house, usually,) and if nobody comes out to investigate then they come in and gather valuables. If you are unfortunate enough to catch them in the act, they may kill you. Many burglars are desperate druggies in search of money to buy another dose; they won't even consider your life sacred; they will kill you for $10 (that has also happened.)

I cannot say much about the distribution of violence among criminals. But my own understanding is that meek criminals do not exist. They simply cannot survive among their own kind. If they are lucky enough to get arrested early, they are most likely to mend their ways. The survivors, on the other hand, are someone to fear - they are graduates of a school that does not forgive a weakness.