Most distributions (ie the archlinux one you linked to) digitally sign their packages with private keys, so the people who compromised kernel.org wouldn't be able to tamper with them without causing verification failures by the package management system.
One huge problem could be downloadable ISOs for live images or installer DVDs. Since you are booting up your system with them, there would be no reliable automatic signature verification.
I downloaded a Centos-6 ISO from the kernel.org mirror just the other day, and broke out in a cold sweat when I saw this story. However, Centos and just about everyone else publishes checksums of their ISOs. I compared my download against the checksum, and, to my relief, it matched.
It would be wise if everyone compared checksums immediately after downloading something like this. Alternately, you can use a protocol like BitTorrent for the download, which compares checksums automatically.
I often wonder what would happen if a group of nerds..like ourselves.. decided to start our own root DNS.. I would suspect that it would be shut down by the FCC in short order under some new or trumped up mangled misinterpretation of some law.
Alternative root servers have existed for years. The largest is probaby OpenNIC.
I'm not an expert on crypto, but it seems to me that, for instance, SHA-512/256 would not produce the same digest from the same input as SHA-256. I just conducted the following test on the linux command line:
$ echo hello | sha512sum
e7c22b994c59d9cf2b4 8e549b1e24666636045 930d3da7c1acb299d1 c3b7f931f94aae41edd a2c2b207a36e10f8bcb 8d45223e54878f5b316e 7ce3b6bc019629 -
$ echo hello | sha256sum
5891b5b522d5df086d0ff 0b110fbd9d21bb4fc716 3af34d08286a2e846f6be03 -
The first is the SHA-512 hash of the word "hello" (with spaces inserted to defeat the slashdot lameness filter) and the second is the hash for SHA-256. I don't see any way to truncate the the 512-bit output and get one that matches the 256-bit output. Therefore SHA-512/256 would not be compatible with plain SHA-256.
I don't see much utility in these new algorithms. Since we would already be calculating the 512-bit hash, why not just use it instead of truncating it? I suppose there are a few situations where for externally imposed reasons you just need a value of a certain length, but that's about it.
They can't dump the responsibility on the patient, especially by shoving an informed consent form under his hand in the 15 minutes before surgery.
Oh yes they can (legally speaking)
This is a very questionable statement, and depends a lot on the locale and the situations of the case. Contractually waiving your rights is something that the courts often frown upon.
Here is my experience. I live in California, and my old apartment was accidentally burned down by a maintenance worker who was not qualified to do the task he had been assigned. The landlord refused to reimburse me for my lost property, because I had signed a lease waiving my right to damages in such a case. I contacted a lawyer, who told me that one can't contract away responsibility for one's own negligence. The landlord was clearly negligent in the case, and the waiver clause in the lease would not hold up in court. I hired the lawyer, and we successfully sued the landlord
Taco Bell ingredients are great for quickly passing through your pipeline
That's why one of my friends calls the place Taco Bowel. It's much more descriptive than the commonly-heard Taco Hell.
Signatures written on paper are not all that helpful...Where they actually are accurate, however, is when written on pressure sensative pads (such as those seen on new-fandangled credit card swipers)
This may be slightly offtopic (but hopefully interesting to the slashdot crowd), so I apologize in advance. I've been trying to figure out how to use electronic signature pads to verify job authorizations, and haven't been able to come up with a way that they seem airtight to me if a customer denies issuing the authorization. Perhaps you or another reader can enlighten me.
I can record the data coming in from the signature pad and associate it with the job ticket in our database easily enough. However, if the customer denies authorizing the work, and we show them the signature data, they can just claim we copied it from another ticket. That seems like a reasonable defense to me, and one that very well might hold up in court if it came to that
I've tried to think of various ways to hash the signature data with unique information from a job ticket, but can't think of anything that can get around the fact that we have access to the raw data that comes from the signature pad, and can do what we want with it. Therefore, I don't see how they can be used for anything like signing a contract.
Of course, a signature on paper (which is what we currently do) can be forged, but there are ways to tell that have been mentioned elsewhere in this story.
I think pygtk is great. In fact, as I write this I'm taking a break from the cross-platform application I maintain as one of my job duties.
However, some people don't like python as much as you and I. For instance, they may prefer not to use a dynamically-typed language or need something with better performance. Also, I don't see why pygtk would be any more cross-platform than C# using the gtk bindings. At least in theory, both should work on many platforms, and look identical (since they would both use gtk widgets).
I've been deeply skeptical of Mono since it's inception, because of the patent issues hanging over it, so I see the latest happenings here as a positive thing. I'm not likely to abandon python any time soon, but more choice is a good thing for those of us who like using Free software but still need things to run under Windows.
Generally, to teach HS and below, the only degree allowable is an education degree. A PHD in math will not be allowed to teach algebra, and a Nobel prive winning physicist will not be allowed to teach physics, unless of course they additionally have a BA in education.
Where do you live? My wife is a high school English teacher, and has a degree in English. I have a friend who teaches elementary school who double-majored in Psychology and Italian. Here in California, teachers who teach specialized subjects (English, math, foreign languages, etc) generally have a degree in the subject they teach, while teachers who don't specialize (elementary school teachers, for example) might have a degree in education. There is a lot of flexibility, though.
All teachers here, except in rare circumstances, have to have teaching credentials, though. These are usually acquired after the bachelor's degree by completing graduate-level coursework that can be finished in a year, as well as taking an exam and getting some real classroom experience (usually through student teaching). The credential is not a degree, but it does require continuing education, and many teachers end up eventually getting a Master's in education due to all the additional education classes they need to take.
My wife did have a friend at her former school who ran into a problem similar to what you're describing. He was a 7th and 8th grade biology teacher, but had a doctorate in some branch of biology from Oxford University. Aside from having a solid background in the science, he was an excellent teacher, having been selected as Teacher of the Year for the district. However, he received notice that he wasn't "highly qualified" for his position and would have to take additional classes to keep his job. Apparently due to some bureaucratic snafu, the powers-that-be didn't recognize his Oxford degree because it wasn't a PhD, but a DPhil, DSc, or something similar that we never see in America. They couldn't be reasoned with, though, so he ended wasting a bunch of time taking classes that he had *taught* when he was a grad student.
Notice anything striking there? Of all my "Education" professors, none had taught in a non-college classroom in the last two decades. Some never had. What made them *qualified* to teach me? A PhD in Education. Did they have anything useful to teach? No. How could they, when their entire background was full-time immersion in college-level educational philosophy? My "Education" professors were philosophers,(PhD) not teachers.
My wife, who is a teacher, would definitely agree with you. She often refers to the following quote: "Those who can, do. Those who can't, teach. Those who can't teach, teach teachers."
Time-sharing is the junk-mail part of the computer business. -- H.R.J. Grosch (attributed)