Working together is un-American. The American Dream (TM) is that anyone can make it, but the assumption is for one person to get rich others must remain poor. Business owners are expected to maximize profits for themselves while keeping wages as low as possible, for example. Anything that might push wages up or interfere with someone getting rich, like unionising, is strongly discouraged.

It's just not in the nature of American society to work together and support each other, beyond small local communities. Almost every debate comes down to "why should I pay for someone else?" or "if it doesn't directly benefit me it shouldn't be funded".

It seems unlikely that you would get good results from such a set up without whitening the data, but you don't mention doing that. Did you try it with anything other than the rather old Diehard tests? Do you know they are not an indication of cryptographicly secure randomness? Do you have a schematic that could be reviewed for errors?

Even if they didn't whiten the data you could never trust that they didn't bias the measurement somehow. Besides which TFA isn't questioning the sources of entropy, of which there are many in a typical Linux system, it is the way that they are combined.

Dual_EC_DRBG did well against Diehard but is known to be backdoored by the NSA. The Linux PRNG does well against it too. In other words Diehard is known to be a poor test for a cryptographically secure PRNG.

Unfortunately there is no simple suite of tests you can perform to make this determination. Zener noise is a good source of entropy but the chances of your A/D being unbiased, or that XORing with an ARC4 stream is enough to remove the bias completely is slim. At best you created another useful source of entropy, but TFA points out that even with many excellent sources the way the Linux /dev/random system mixes them is potentially weak.

Apparently it is rocket science.

Are the people of N Korea 'responsible' for Kim Jun Un? No, but they're powerless to do anything about it. The only thing that can stand up to concentrated wealth is a black plague that wipes it out or a strong central gov't. There's a reason we had a 'Dark Ages'

You once again state that I want the super rich to be able to abuse the gov't, ignoring my point that no matter what you or I want their going to, so same to you, my comment stands.

I'd love to live in a magic world of fairy dust and pixy farts where something as powerful as a central gov't doesn't get abused. Instead, I'd rather work around the inevitable abuse. It's kinda like floods. In 4,000 years we might have weather control. We don't have it today, so I'll build levies instead of just prayin' to god to make the water stop.

You seem to have grasped my point about gov't being controlled by people to enrich themselves while being completely oblivious to my point that _you_can_do_that_too? There's enough gov't to go around. Just like there's enough food, shelter and health care to go around. People like you perpetuating the lie that there isn't is what's wrong with the world...

The headline is somewhat sensational. There is a pretty wide gulf between an abstract and rather arbitrary metric and a practical vulnerability. This is kinda the security equivalent of pixel peeping, a fun mathematical exercise at best and pissing contest at worst, but ultimately not all that important.

That's because you actually saw him.

Gilbert: There is one difference. In a democracy, the people have some say in the matter through their elected representatives, and in the United States only Congress can declare wars.
Göring: Oh, that is all well and good, but, voice or no voice, the people can always be brought to the bidding of the leaders. That is easy. All you have to do is tell them they are being attacked and denounce the pacifists for lack of patriotism and exposing the country to danger. It works the same way in any country.

It's not exactly an accident that the NSA legitimized their mass surveillance through the PATRIOT act.

I saw a list of science problems for 2001. It's pretty short, as I recall, and cements 2001 as the benchmark for scientific realism in movies. As I recall, Apollo 13 was good enough to impress the astronauts who had been in that mission.

I don't think you can really phase in stuff like this. Letters wouldn't really help. With the internet you already know the site is up. I guess you could put a code in the letter, but then there's the political element. Delays could be used to put the service on hold indefinitely. Plus the codes become yet another piece of infrastructure to fail.

Whether you fail gracefully or not you've still failed. The only difference is a pretty little message instead of a 404. Incremental growth is hard, because you've got so many factors fighting for the status quo that a large change is the only thing that can survive multiple lobbying efforts. If you want health care reform (debatable, but let's assume you do) You've got to strike while the iron's hot and there are people in office with the political will to implement it.

the last one should recognize that he had a _lot_ of help along the way (which he did) and be willing to pay it forward.

In the real world kids from the projects don't make it big. In the real world they're crushed by daily life and their lack of education. Look up the unemployment rate and average income of project kids (especially the ones that speak Ebonics, which sadly makes them more or less unemployable outside of manual labor and fast food). It's not a fun read.

This happens every time a major new internet service is launched. And it _always_ will. See, here's the problem: at launch everyone is interested and wants in. After a few weeks/months the interest dies off and the site hits a BAU point. So if you're designing one of these sites you're stuck either:

a. Spending billions on infrastructure for 3 months tops of high volume and then getting ripped to shreds in the press for 'wasting' all that money. or...

b. Taking your lumps up front and waiting a few months for people to forget about it.

The guys running healthcare.gov opted for 'b.', and I would too. The kinds of people that just want to say bad things about the ACA would have a field day with 'a.', with 'b.' they'll have to acknowledge (or at least ignore) the fact that in a few months it'll be working more or less as intended.

The human body maintains a fairly constant level of potassium, so no matter how many bananas you eat your potassium level won't be elevated for more than a few hours until you crap it all out.

The material released from Fukushima has got into the water, and into the food people eat and the dirt children play in. It gets inside the body and stays there for decades.

It's shocking how ignorant people are about how these things work, and yet still post with imagined authority on Slashdot and get modded up by others who know equally as little.

So it's a tall order but the NSA doesn't have infinite resources nor infinite clout particularly not outside of US jurisdiction. Infiltrators are always possible but also high-risk endeavors with huge political consequences. You can at least try to make the risk/reward ratio seem unappealing. After all, the current standards were made when strong encryption was neither computationally feasible nor publicly available. The main downside is that people don't want to carry around their encryption keys so I think you'd have to define at least three security levels:

1) The server does the decryption for you, trust the server
2) You download the encrypted message and your encrypted private key and must input a secure password (read: long) to decrypt, either once (stored on device) or every time.
3) You bring the encryption key yourself.

Honestly, already just the first one would be pretty damn good.... I want to email john.doe@example.com, the server asks example.com for his public key and verifies through DNSSEC that I'm actually talking to example.com then provides his public key back to my local client/javascipt webclient. I can verify the fingerprint, message is encrypted client side and sent to server. The server transports it over SSL to the destination server, not even metadata snooping unless you 0wn any of the servers or SSL itself. That's my side secure, the rest is up to the recipient and how paranoid he is. For example a corporation might feel their corporate email server and internal network is secure enough, there's no need to have personal passwords for every employee. The mail server at yourcorporation.com receives it, decrypts it and you collect it the old way.

The problem is getting the network effect kicked in, email has value because everyone else has email. If nobody has a clients or servers that talk the new protocol it won't go anywhere.