Comment Re:Cyber Spies (Score 1) 83
SANDVICH IS CREDIT TO TEAM!
SANDVICH IS CREDIT TO TEAM!
You do realize that ever since the Intel Pentium FDIV fiasco that their processors allow you to patch the microcode, right? It would be silly to think that you couldn't do the same with an ARM chip, especially when it's tracking a moving target like the CLR.
If you have enough signal for a voice call. My office is weird. I can't make a voice call, but I can text just fine.
There are plenty of situations where you have a radio signal strong enough and reliable enough for slow data but not for voice. Those are the kind of places that they're talking about.
There's a reason that you can get around the world with less than 5 watts of radio power on CW.
I realized I made that mistake about 30 seconds after I posted...damn posting before thinking!
According to Wikipedia, all television signals have been transferred to other satellites. So unless your cable company hasn't received the memo, there should be no interruption of service.
Pat Robertson never flew an airplane into a building or blew up a bus full of women and children.
You can bet your sweet ass that if Pat Robertson thought driving a bus full of true Christian believers who were willing to be martyrs into an abortion clinic would make him and the people that follow him martyrs and spark a great fundamentalist Christian conversion, he would do it in a fucking heartbeat.
He's smart enough to know that the backlash would destroy the evangelical movement, but don't think for a second that something similar hasn't crossed his mind.
Five years of working retail from 14-19 certainly taught me to hate the vast majority of humanity and swear like a sailor.
However, the good customers made up for the meager paycheck and the idiot boss.
I didn't know you had a Slashdot account! Tell me more!
Nominally subordinate to only the 4th Amendment, which it violated by allowing exceptions to the Amendment's requirement of a warrant issued prior to any wiretapping.
Um, no. The Fourth Amendment says no unreasonable search or seizure, not no unwarranted search and seizure. It does, however, set out what a warrant requires, but it does not require a warrant for a lawful search:
The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.
There are many cases where a warrentless search has been held to be reasonable, and thus not a violation of the Fourth Amendment.
That being said, warrantless wiretapping of the entire US population is, indeed, an unreasonable intrusion, in my opinion.
The problem with a system that relies on trusted third parties is that these third parties have to be, well, trusted. This implies that they are trustworthy. Have you evaluated all of the CAs on the list included with your operating system and browser for trustworthiness? I know I haven't. I've delegated that to the OS vendor and the browser vendor. Should I be doing this? Do I have evidence that shows that my OS vendor and browser vendor are trustworthy? And whose interest do they work for?
These are all things that need to be evaluated when dealing with a system that requires trusted third parties. The problem, of course, is that very few people actually do this. SSL is a system that requires trusted third parties if you are to put any trust in the fact that the certificate signed by a CA really belongs to the person the CA says it belongs to.
[This is, technically not true with self-signed certificates. Anybody can be a CA. Just self-sign a certificate and use that to sign the certificates of others. The problem is that you're not included by default. Of course, there are some sites that have their own CA, either for business reasons or because they can. They have an internal CA that they use to sign certificate for business purposes. These CAs are verified and pushed to machines, either by Active Directory at Windows sites or some other mechanism. There's no reason that an individual can't do the same when they generate certificates. The problem is that the fingerprint of CA certificates needs to be validated out of band in order for you the avoid a man in the middle attack when distributing the CA certificate to somebody else. This sort of distribution of SSL certificates would not require a trusted third party, but you would need to be able to identify the person or organization giving you the fingerprint and judge their trustworthiness.]
That doesn't help taking to your bank
It sure does. When someone signs up for online banking, make them go to the branch to set a password and give them documentation showing how to verify the certificate and set it up in their browser. Bonus points for making this a bank-specific CA and then having rotating certificates on the bank website that are signed by this bank-specific CA so that this only needs to be done once per computer/browser.
Numeric stability is probably not all that important when you're guessing.