Exactly! When I read the blog post, my first thought was, "Just another troll blogwhoring for attention on Slashdot." So I was a little surprised when I saw the author's name at the bottom. I use Dropbox for presentations that I give, so I don't have to mess with hooking up my laptop. I just use the public terminal, log in to Dropbox and download the file. I've never had to transfer a key or anything. Thus, it's pretty obvious that anybody with access to my account can access my files in plaintext.

Crypto is great and wonderful and all that, but it never exists in isolation. Access control policies, auditing, etc., are also required to have a secure, usable system that is flexible enough to provide the type of mobile access that Dropbox does. I see nothing contradictory about Dropbox's claims that employees cannot access user files directly. It seems to me that the author just never took the time to think about the implications of Dropbox's flexibility.

Much ado about nothing...

I call bullshit.

No. While not specific to Young Earth Creationism, ID is creationism. Go read the Kitzmiller v. Dover Area School District decision. ID is not an attempt to augment scientific knowledge with a more holistic worldview. It is traditional Christian creationism, pure and simple. If you look at the history of the ID movement, there is very clear evidence that it they just substituted "intelligent designer" where they would traditionally say "God." To suggest otherwise is revisionist history.

Those aren't probabilistic terms. Those are analogies. If you want to use probabilistic terms, then you'll talk about things like distributions, random variables, and events.

No, no, no, no, no. You're seriously attempting to conflate ID with genetic engineering? As I said before, ID has a very specific meaning. It is the belief that life is too complex to have emerged naturally, and that a supernatural entity must have interfered or guided the process. It is inherently unmeasurable. How can you possibly build a model, based on the historical record, to determine if a species evolved as the result of a being operating outside of the laws of nature? In the case of genetic engineering, yes, it is possible to build limited models based on our understanding of current environmental conditions. You can look at genetic sequences and identify patterns, etc. But that is not intelligent design.

Look. I'll give you the benefit of the doubt and assume that you're being sincere in your argument for statistical models of evolution as it is happening today. But you need to use a new term. Intelligent design has a very specific meaning based on its history. It is inherently not falsifiable, because it specifically involves the presence of a being (i.e., NOT measurable or provable) acting outside of the laws of nature. Humans are natural beings, so when we perform genetic engineering, that's still a natural event.

Articles like this annoy me, because it assumes that security is binary. Either your system is secure or it is not. That's crap. Security goals are defined relative to the sensitivity of the resources being protected, and to the aims of the organization.

The real problem is not how you are storing your passwords. The real problem, if your organization is trying to protecting something of value, is that you are relying solely on passwords to begin with. Multifactor authentication, intrusion detection/prevention systems, and auditing are minimums for real security. And, hey, if you're protecting something really sensitive, say the control system for a nuclear reactor, then toss on RBAC with separation of duty.

So I really don't care that Gawker got hacked and their passwords leaked, because those credentials should not be sufficient to access any resource of significant value.

Really, the main point of PBKDF2 is to slow down the verification process artificially and raise the computational requirements of the adversary. If an attacker can check 10,000 passwords in a second, then requiring 10,000 iterations of the hash means he can only check one password a second. Add a unique 4096-bit salt, and the average time to crack a single password (assuming no pre-computation) becomes 2^2048 seconds. And you can't really do pre-computation, because you can't store (and efficiently search) rainbow tables for passwords with all possible salts for all possible hash iterations between 1 and 10,000.

I think your concern is that the hashes somehow converge after repeated iterations. No, that doesn't happen with cryptographic hashes.

I would like some citation for this claim, please, because I think it's a load of crap. Without VICP, pharmaceutical companies would still produce the vaccine. They would just charge more per dose to offset the costs of compensation. Furthermore, the costs of compensation without VICP would be significantly higher for two reasons. First, you have to tack on lawyer fees. Second, sympathetic juries would give disproportionate awards that are based on emotion, rather than a rational evaluation of actual damage. They would see the companies and government as bullies that need punished. The government acknowledged this probability, and put VICP in place as a way to mitigate the financial risks for all.

They are. Have you (or one of your children) received a vaccine in the past 20 years? Every time I or my son have received one, we're given a piece of paper documenting all of the risks and side effects that are associated with that particular immunization. You are simply spreading anti-corporate, anti-government FUD. Why? There is only one side in this debate that has been dishonest, and it hasn't been the pro-vaccine groups.

(Side note: I'm only talking about the controversy regarding long-approved vaccines, such as MMR and DTaP. The process to get new vaccines approved and/or mandated is a different issue. For instance, the makers of Gardasil pulled some pretty shady backdoor lobbying. And there are plenty of other reasons to dislike the pharmaceutical companies, such as how they disproportionately fund high-profit, low-urgency treatments (e.g., erectile dysfunction). But those are tangential to the current debate.)

No, I do not work for a pharmaceutical company, and I have no financial stake in the matter. What really turned me against the anti-vaccine movement was attending a child birth class where the teacher gave this helpful advice: "If you just don't like vaccines, then tell them it's against your religion. You don't have to say anything else or name what your religion is, but they won't give your child a shot." The arrogance, ignorance and irrationality of the anti-vaccine movement is just astounding.

Do you really believe this? Do you not understand the influence that Fox News has with regard to elections in the U.S.? And you do understand that things like net neutrality, FCC decency standards enforcement, regulation and oversight of broadband providers, etc., are affected by the outcomes of those elections, right? You can ignore politics at your own peril, but to suggest that it doesn't matter is a bit naive.

Do you mean "decent and objective" like the Fox & Friends legal analyst who criticized the Senate for failing to pass a bill providing health care for 9/11 first responders, yet never once mentioned that every single one of the votes against bringing it to cloture were from Republicans?

The interesting thing about bias discussions is that you have to consider the baseline of comparison. That is, how do you determine what counts as "bias?" Are you (or the paper, rather...but you seem to be endorsing the study by proxy) really suggesting that the average member of Congress somehow represents "true" America? Should the average member of Congress really be considered the "unbiased" starting point?

Instead, I would posit that the average member of Congress represents the voting populace, not all Americans. For instance, this paper (PDF) finds that older voters routinely favor the older candidate. If we look at U.S. census data (PDF) of voters, we see that the voting populace tends to be older (58% are 45 or older). Demographically, this population tends to be conservative, both socially and fiscally. Consequently, it is plausible that the average member of Congress is more conservative than the average American of legal voting age.

Thus, if we accept the premise that the liberal/conservative make-up of members of Congress is more representative of the voting populace than the U.S. as a whole, we can conclude that the media organizations may have more of a liberal bias than the average voter, but not necessarily the average American. Personally, I believe that this premise is still too generous. Given the necessity of Congress critters having close ties to business (CEOs write bigger donation checks than grocery store cashiers), I would suggest that members of Congress are more conservative than the voting populace. If this is true, it exacerbates the flaws of the original study even more so, as it shows that their baseline is significantly more conservative than the average American.

Here is an interesting critique of some other problems with the paper.

You've sort of hit on one of the things that has concerned me about these leaks. I generally support WikiLeaks's stated goal of exposing corruption. But people, especially here in the U.S., ignore the repercussions. For instance, there are many people that argue that anything done in the name of our democracy should be public. That way, we would have a fully informed populace that would use this information accordingly in the next election cycle. As the argument goes, if the citizens are unaware of the government's actions on their behalf, then the citizens cannot act to change the policies. It's a very noble ideal. But it's also deeply flawed.

Information is not classified to keep U.S. citizens in the dark. Rather, it is classified (primarily...yes, there are abuses...but that's a different matter) in order to keep the information out of the hands of hostile entities (certain foreign governments and terrorist organizations). There is simply no possible way to have a fully informed populace without sharing the information with our enemies or those who do not share our values.

So, yeah, it is a nice ideal to help the citizenry become aware of corrupt actions done by members of the U.S. government. However, we need to accept that there is a cost to this information. It is not free. Individuals in other countries may be imprisoned or killed. North Korea may act even more antagonistically now that they have reason to suspect that they do not have the full support of China. Iran may increase the urgency of their nuclear program now that it's publicly known that Saudi Arabia and Egypt have been urging the U.S. to strike.

In the end, there's always a trade-off. Yes, we U.S. citizens have more information about our government. However, so do other groups that may react in very bad ways. To suggest that political embarrassment is the only result of these leaks is utterly naive.

If you look at the very end of the article, the author does mention that he will return to the topic in a couple of weeks where he'll "take a look at McAvoy," which I'll presume is referring to Atonement. But still... The Dunkirk scene is one of the most amazing pieces of cinematography in recent history and should be at the top of any list of long takes. The complexity and the sheer scale is phenomenal.

The claim that pirates take nothing is disingenuous. For every MP3 that exists, someone spent time and creativity to produce the song that is encoded. Thus, the pirate is actually taking the product of someone else's work. Of course, given the crap that's on the radio today, it doesn't seem like a whole lot of time and creativity. But there's no accounting for taste...

What you are really trying to get to is the fact that there is an artificial scarcity of digital media. That is, if I make a copy for you, I can still use my original copy. I completely agree, which is why I think the appropriate fine would be a fairly trivial cost for minor offenders. Something on the order of $5-20 per track.

The real problem with all of these prosecutions (persecutions?) is that there is a semantic gap regarding the actions that are occurring. P2P users think what they are doing is theft, if they think about it at all. They think that by using these systems, they are getting things for free. However, they are not being prosecuted for theft, but for copyright infringement, which is carries significantly larger fines. The average P2P user does not log onto the system thinking that they are distributing illegal copies. They may think that they are "giving back," since they got something for free, but they do not realize the legal implications of their actions.

What makes these prosecutions so heinous is that the MPAA and RIAA are perpetuating this misunderstanding. Every "P2P is bad" public service announcement that I have ever seen on TV or before a movie says that "file sharing is theft." This campaign of disinformation actually lures users (primarily those who are young and naive) into thinking that their crime is less severe than the charges they will actually face.

Courts and the legislature must work together to address this semantic gap, which includes new legislation that addresses the nature of sharing in the digital age and sets appropriate fines. That should also include sanctions against the trade organizations for irresponsible campaigns.

Before the election, I kept hearing all this talk of anti-incumbency and people being mad at both parties for screwing up. And yet, 85% of incumbents that were running for re-election won. Thank you, Mr. Jerry Mander.

In the strict classical sense, you are correct. However, that's not how the Senate works anymore. If the minority party threatens to filibuster, the majority simply does not bring the vote to the floor, unless they know they have 60 votes. Basically, both sides have become so damn lazy that they won't even fight for their bills and call the other side's bluff. Yet more evidence that the two-party system sucks.

*Sigh*. WTF? How can you guys take yourselves seriously when you are so clearly taking many things out of context and (intentionally?) misinterpreting clear sentences?

Kagan's quote: "It is still true that BCRA 203, which is the only statute involved in this case, does not apply to books [emph. added] or anything other than broadcast; 441b does, on its face, apply to other media." So part of the law actually under consideration (BCRA 203) does not apply to books, but another section (441b) does. So what is 441b? The first part of the text of that statute reads:

It is unlawful for any national bank, or any corporation [...], to make a contribution or expenditure in connection with any election to any political office[...]

The statue goes on to prohibit unions from making such contributions to federal elections (President, VP, Senate, etc.).

Let me make this very clear: This statute in no way gives the government the power to ban books. And Kagan was making no such claim. Rather, by stating that 441b applied to books, Kagan's argument was as follows. If a corporation paid for the publication of a book that was intended for the purposes of electioneering, that corporation has broken the law. The electioneering element is very clear. This does not apply to books in general. The book has to target a specific candidate and be published in the area where it would have an impact on a particular election. Furthermore, 441b only applies if the publication of the book was paid for by a corporation. If a private individual wanted to publish a book attacking a candidate, 441b does not apply. If a political action committee or a non-profit group or any collective group other than a corporation or national bank paid for the publication of such a book, 441b does not apply.

Even if the statute does apply, the book would not be banned. Rather, the corporation would face prosecution under the statute. In addition, publication of the book would be delayed at most, so as not to sway the electorate. Once the election is over and publication of the book holds no power over that particular election, publication would be allowed to proceed. Of course, as Solicitor General Kagan pointed out, even if there were a book that met all the criteria (corporate-funded solely for electioneering), which is very unlikely, courts would most likely allow the immediate publication because there is a strong argument for a legal challenge. So she is stating that if the government tried to pull such a trick, they'd almost certainly lose.

Finally, note that 441b does not apply to general political speech. Corporations can gladly pay to make Fahrenheit 9/11 or publish Ann Coulter's books, or any other such screed, because those works do not fit the criteria of electioneering. While candidates may be singled out, they are never done so individually. Fahrenheit 9/11, for example, took aim at the culture of the federal government after 9/11. Sure, it takes plenty of shots at Bush. But it also talked about the invasion of Iraq, 9/11 itself, the impact on people, how everyone in Congress (except Feingold) voted for the USA PATRIOT Act without reading it, etc. Political? Yes. Electioneering? No.

This is all a far cry from the suggestion that Kagan was claiming the federal government had the power to ban books.