The 2100mAh NiMH batteries from Rayovac ('Hybrid') and Kodak ('Advanced Precharged') are the same as the Hybrios. They are also good for replacing alkalines in all sorts of low-drain stuff like remotes and clocks (you're supposed to replace clock batteries annually anyway; might as well recharge annually instead).

I agree that the review is heinously misleading. The dummy actually bought a separate charger for each set of batteries, instead of buying a nice $30 charger once like any halfway-seasoned amatuer would do.

Granted, we are all supposed to buy and like disposables better, especially those batteries in our music players and phones which "recharge" but won't be realistically replaceable in four years... turning the so-called "solid state" devices into junk.

Which is why I think the review's fatal flaw slipped past 'Gadget Guy' Rob: Gadget sites are largely about items that eschew standard-sized batteries, and these may be somewhat outside of his experience.

@Cory

I say give it a try on craphound.

Encryption is not computationally expensive by today's standards. It would allow people reaching your site through TOR to retain both their anonymity and privacy.

"I think if I saw her walking around in real life (and hadn't had too many beers), I think she would still look very weird. "
These responses seem pretty silly.

Yes, those 3D versions are somehow 'wrong': The artist reconstructed the exact cartoon shape in 3D instead of re-creating the impression you get from the 2D original. That's why a successful franchise doll/action figure will be subtly different than the original cartoon (beyond the extra dimension alone).

AGENT86:
Petty slagging is how they distract themselves from coping with a difficult issue. Thankfully I've learned to slag people off only when it is anything but petty. :-)

For what its worth, here is the Slashdot trackback:
http://tech.slashdot.org/article.pl?sid=08/04/15/1844219

I have just submitted this to Slashdot.

I have a copy of "Jake2" which is Quake2 ported to Java.

@ #17:

The software industry already has such experience: Nearly all of the software innovations up to the early 1990s were patent-free. That happens to cover most every significant development from spreadsheets to databases to kernels, various UIs, networking stacks, public key cryptography and the web browser.

What has changed most about PC software since software patents came into vogue is that minicomputer-class algorithms and interfaces have migrated down to the micro level, producing PCs that are more stable and feature-rich (ultimately thanks to better hardware). The other big change has been in communications links themselves - the arrival of robust and fast Internet hardware.

So I'll venture a guess that most of what software patents "protect" are the mundane and obvious algorithms, creatively phrased to appear unique. Where the "advancement" of the art is in that state of affairs may barely be worth mentioning.

@#2:

Computer programming is a branch of mathematics, and one of the core Enlightenment principles of a free/open society is the unrestricted use of algorithms as they are discovered.

Mathematical algorithms are considered to already "exist" independently in nature until they are discovered, not so much "created" by people.

This is what software patents boil down to: Who has access to a mathematical concept, and what kind of cost and litigation people must endure to get it.

If a GRB came along the far side of the sun, would we survive?

Why would the American press as we know it show any enthusiasm for such headlines when it is against the interests of their largest shareholders? How often do they use the U.N.'s QOL reports already available? Does having such reports issued by the U.S. govt instead make them somehow 'OK' for our press to use?

Even if reporting QOL indicators against GDP came into vogue, there's every indication that the QOL terms themselves would be twisted into nonsense - another national sham. I am reminded how the greedy and religious have co-opted the language of humanism and human rights to start wars and go profiteering.

I don't think any of the current trends will be improved upon until the average American learns to filter their education, news and culture intently through class consciousness. The only question is how big of a fall, if any, will it take for people to train a such vigilant eye on privilege.

A pretty song! Ah, but Myspace, the Pied Piper of NewsCorp.

Not sure which is worse, linking to the web-bugged Scientology video or linking to active content at NewsCorp. Cory, you might use a good tech consultant to help protect your readers.

#12, neither copyright nor patenting were founded upon the concept of property, so one has to accept the fallacy of "intellectual property" from today's power brokers in order to believe your argument.

You did hint at something important though: Keen got Lessig to accept the IP concept as the latter defended his reputation. So maybe Keen loses the battle but wins the war?

At the Au Bon Pain in Woburn, MA, I have been unable to access the following leftist discussion sites:

democraticunderground.com
peopleforchange.net
progressiveindependent.net

There was no error or other message accompanied with the blockage. The provider simply behaves as if there is no response at the IP level unless a proxy is used to route around their blockade.

Meanwhile similar rightwing sites such as freerepublic and lucianne remain accessible there.

ABP's Internet service is handled by "QGO an ICOA, Inc. company" which also provides service for many restaurants, hotels and public places like Boise airport, Omaha Port Authority, Stewart Intl airport, etc.

Cory, c'mon... Replacing all of your appliances is itself a major consumption of resources.

And why be so vague? You must have put your data into a GHG-footprint calculator at some point. If not, I'd expect that a frequent flier wouldn't come out looking so great.

FWIW, I am still waiting for many of the people who promote eco-friendly telecommuting to do the same with their far-flung conferences. It is time to make more noise about the environmental benefits of videoconferencing and to follow through.

Most people won't go vegan (or even consciously reduce meat consumption as I have), but you have a chance to set an example by cutting back on air-travel as well.

FWIW, the Hawk Fighter can be seen close to its original details here: http://www.comet-miniatures.com/infopopup.php?product=WRP0054&picture=1&

I wonder what assurances, if any, the city of Lyon got that no slave labor would be involved before signing their pact.

"I hope someone'll download all the parts, normalize 'em, trim out the intros, and piece them together into a single file."

Cory -

Put copies of the mp3 files into a seperate folder (on Debian or K/Ubuntu), then:

$ sudo apt-get install mp3gain
$ cd Folder
$ find . -name '*mp3' | xargs -I FILE rename 's/.*_.*_.*_.*_.*_.*_//' FILE
$ mp3gain *mp3
$ find . -name '*mp3' | sort | xargs -I FILE cat FILE >> Whole_Podcast.mp3

This normalizes the audio files and then combines them in alphabetical order. You would want to edit each piece first to remove any of the intro material that you feel should be taken out.

Note: The 3rd line matches your filenames of the form "Cory_Doctorow_Podcast_86_The_Hacker_Crackdown_Part_001.mp3' to make then more manageable.

Note: 'Folder' on line 2 may be interpreted WRT the folder you created, but ALL else is literal; The 'FILE' keyword on the other lines stays as-is.

As much as I love Ogg, the format doesn't accommodate straightforward normalization (its a messy process involving re-encoding).

Regards...

Funny how Linux developers are fond of saying how easy it is to compile software yourself. Yet they take an age before distributing their releases as compiled packages.

The Miro Linux packages are still sitting at 1.0 on getmiro.com, and I presume it will take 8 weeks or more for 1.1 to hit the Ubuntu repository.

I suppose I'll just switch to my Mac and download & install the new Miro the way its supposed to be done on a personal computer.

"sovereign wealth funds" - This is a reference to China's dollar stockpile more than anything else. China is creating investment funds to spend the money.

Good catch, Cory!

@16: But beyond that, I'm helping empower small-time web designers in the creation of feature-rich, standards-complaint web sites.

You seem to be in a product category where FOSS excels naturally, since the primary audience for a web/server-based product tend to have great technical skill and don't mind performing some customization for their users.

OTOH, Chandler is a PIM installed on the desktop and has to work on an individual level out of the box. The audience focus for this type of app is miles away from 'Apache, Linux, MySQL' or even a typical CMS, so the comparison isn't apt.

@17:
Think of Use Cases as the part of functional requirements that keeps drawing developer attention back to the end-users; every requirement starts out phrased as a user situation. IMO an essential part of maintaining the "true vision" thing.

I think the torrent update was much-needed. Hopefully you guys have figured out how to handle Podcast feeds too (that is long overdue).

With that said, can anyone from your Foundation shed some light on the uptake of BM and your strategy for promoting the torrent distribution method? I am curious because I expected to see a lot more feeds using bittorrent by this time.

Oops, looks like Cory is triggering a FOSS backlash. ;)

Seriously, I share a lot of the frustration that the other commenters have expressed. I also have a background in development, so let me share what I see as the FOSS Achilles heel:

FOSS projects avoid defining their audiences, and avoid the professional processes that keep a project tracking its audience. Then unconsciously, the project's audience defaults to a class of people I call "peer programmers"; the project becomes a vehicle for impressing one's coding peers, and it erects more infrastructure for these peers to socialize among themselves than it will ever do to socialize/market/support a mass of typical end-users. This is also why FOSS projects love *nix package repositories: It insulates the coding clique from its (poorly defined and confused) user base, letting the distro people handle those unwashed mases instead. If you don't have to distribute your wares directly to users, then the very act of getting to first base (program installation) becomes somebody else's problem and it goes downhill from there.

FOSS projects typically don't want commitments to an unknowledgeable, external group.

There are exceptions, like Mozilla, Kontact, OpenOffice.org, and some others. I would even start to consider Ubuntu in that camp (their product and focus are improving, which I largely attribute to their practice of attaching all new development to Use Cases). These have mostly inherited their project management habits from commercial software.

OTOH Mitch Kapor probably hasn't been on the coding or management end of a project since before most of today's best practices were invented. Or perhaps he has remained oblivious to them. He may even have been attracted to FOSS because it seemed like a way around all of the modern professional stuff; getting back to basics like in the old PC/XT days.

Despite such failures, I see no reason why FOSS could not internalize the best aspects of both free and commercial software. There are excellent examples out there; the required methodologies like RUP are not just known but actually standardized now. The profit motive will usually force the adoption of such best practices; but the FOSS project must choose them more out of principle.

Last two paragraphs were spot-on, and I was also reminded of this website: http://theyrule.net . Some interesting things in the blog too.

Maybe turning the tables of surveillance will be necessary to change their tune.

I didn't think it was very good. Message received, but not through this program.

There needs to be a more descriptive term for such people than 'naysayer'... bad example, nincompoop, dufus, deranged, irresponsible for starters.

But still he's a maverick and oh-so-cool for not joining in the 'hysteria'.

Isn't he??

Let's have more belittling and denial of the public's grave and well-founded concerns. I haven't had my full helping yet.

For a better description try this series of podcasts #30-37 from Steve Gibson and Leo Laporte.

Whatever you do, use NFS as the sharing protocol. Its faster than SMB/CIFS and much easier to setup. As a longtime user of Windows networking then Samba, I must say I discovered NFS way too late.

If the box doesn't support NFS then definitely find another one. You'll be glad you did!

With the non-protestant denominations trespassing is often handled with swift physical violence. I know a female videographer who was assaulted during a wedding ceremony by a Catholic priest because she approached too close to the altar. Having done some videography myself, I was warned about sudden physical retribution if the altar wasn't respected.

It seems par for the course.

@13: Why the remark about SSL certificates? The user will be either sloppy or careful with the tools they have. If they don't heed cert warnings or check the domain name next to the lock, then they're probably going to misuse Tor as well.

I think the reason why newer tools like Tor are so problematic is that so many people haven't grasped the rudiments of Internet and computer use. What we need is a body like the W3C to publish a distilled two or three-page guide as part of a campaign for Internet literacy; push it through schools, libraries, corporations, public service announcements, and tech bloggers. You may think the last one is odd, but I find even most enthusiasts and trained pros are keyed to industry fads while lacking basic knowledge.

I was expecting something a lot more informative than this.

For one thing, nobody should be encouraged to use Tor without being told that an exit node can inject hostile code into their browser. You must make (proper) use of SSL and/or script-blocking in order to prevent this from happening.

Also, your anonymity will be limited anyway if you use a unique/unpopular browser, or if you don't clear private data (such as cache and cookies) rather frequently.

Welcome to the dolltemple! Boingboing readers, please hand in your PC creds at the door before making irreverent comments...

OK, you can't run it on OSX 10.3 so I won't be looking at this thing today.

The way FF3's address bar was described to me, it seemed like they were creating a bigger problem than they were trying to solve. Computer novices should not be subjected to URL-mangling browsers that supposedly insulate them from 'nasty details'. The original intent was to emphasize the domain name, but became perverted into something different that censors bits of the URL, chopping it up into nonsense.

Dear Milarepa,

To me this Schiffgens person seemed to be clearly angling to have his proclamations laughed at. Has anyone checked that it wasn't a hoax on his part?

http://dir.salon.com/story/ent/feature/2004/09/16/bleep/index1.html?pn=1

If I were lampooning the kind of pseudo-science professed by Lynch, those might be the kind of things I'd say in Yes-Men fashion. The phallic-shaped building and shiny duds ought to be a dead-giveaway.

The offensive one was Lynch, who expected to comfortably sleepwalk through the event without really knowing the people he introduces and sanctions (much less the local language). What a stereotypical American boobie. His invincible (read: carefree and irresponsible) self has apparently been knocked down a peg or two by a deftly-orchestrated lampoon.

If said bookworms were spending seven or eight hours a day reading books at the expense of other obligations and at the detriment to their health, treatment for an addiction would definitely be in consideration.

Yet people throughout history have done so, and no one except for some totalitarian regimes has attacked books as dangerous.

My point is that in conveniently ignoring the real anti-social problems these individuals face, authorities are creating a boogeyman out of powerful tool that can undermine them. That they don't re-educate antisocial TV watchers is pretty telling.

This notion of "Internet addiction" is extremely dangerous.

Imagine that they were sending bookworms to be treated for their addiction like this. I'll bet a strong reading habit has a similar brain chemistry...

Encouraging people to diet with lots of sweet, starchy foods would put them at risk of becoming diabetic.

News For The Sexually Frustrated (TM).

Its a very inconvenient state to be in, so why not convert some of that frustration into feelings of superiority and irrational hatred.

FNC is becoming the archetype for yellow, tabloid journalism on TV.

Dalasv: "Alternative" implies there there is room for more than one.

Others: Can Miro handle podcasts yet?? I'm still having to use iTunes for some "free and open" shows because the last Miro didn't handle podcasts. It also didn't handle Youtube feeds.

Related - http://www.linuxjournal.com/node/1002828

Sketchup is ambrosia!

Its a shame Google don't have a release yet for Linux, though.

Smokers tend to be thinner than average, and I think that may have something to do with it.

What other unhealthy things keep people thin? (...and don't say 'gym')

Please, more PR anecdotes Mark. Anything that exposes people to the thinking and habits of America's propaganda specialists is probably healthy.

Defense theater, that's neither defense nor pretend.

Squint a little, and you will see a Dr. Who Cyberman.

Its like candy for kids (or just the immature) who've always wanted to live in a sci-fi war movie. I'm sure the transhumanists are having geekgasms...

A few more things about NiMHs -

Get a charger that can handle "1 to 4" (with "1" being the important feature here) batteries at a time. You want one that charges each cell individually, which maximizes cell life AND your ability to use an odd number of cells necessary for particular devices. You don't want to be collecting spent batteries until you have the 2 or 4 needed to satisfy a stupidly designed charger.

Only mix cells of the same capacity within a device.

And don't leave spent cells on the shelf for weeks before recharging. Get them into a charger within a few days' time to prolong their useful life.

The low-loss cells I mentioned previously are suitable for things like wall clocks, remotes and other very low-drain devices. Just recharge them once per year.

Cute.

But I think that using NiMH rechargeables would make more sense in general. The Rayovac Hybrid, Sanyo Eneloop and other "low-loss" models that will hold onto most of their charge for over a year are now widely available in department stores. And ANY type of NiMH made within the last 4 years will greatly outlast an alkaline in a camera anyway.

Adding some educational value to the video (like explaining how the circuit works) would have made it more worthwhile.

Unless this man was attacking people, there was no cause for using "less lethal" weapons against him.

I saw this woman profiled on some cheesy Discovery Channel war propaganda show a couple years ago; I was at a restaurant with a friend at the time, and there was a lot of eye-rolling going on at our table.

It seemed like the show was more intent on using the story to push the idea that her targets- people who were attacking occupying US forces - were "terrorists". I thought, they could have come up with better examples than that.

From my recollection of the story, the subtext of "attacking US tanks and helicopters equals terrorism" was present in all its false-propaganda glory.

From my own experience, Comcast seem to be hammering all upstream encrypted traffic. Its plainly visible when transferring anything over ssh, especially using scp which prints the data transfer rates.

The pattern is that the transfer starts at full speed (close to the advertised uplink speed) and then after a few humdred KB dips dramatically down to less than a fifth of the nominal speed.

The 'issues' being only what you have framed in your paper, apparently.

Look, you've had several chances to back up your claim. But I seem to have caught you in a fundamental error (or lie), spreading FUD about essential web infrastructure.

I don't see why anyone should take your identity proposals seriously if your statements about SSL are incorrect.

Your apparent lack of understanding with regard to the basic (though admittedly widely misunderstood) Internet precept of SSL encryption is troubling.

"there are techniques through which the evil site can overwrite the address bar and the status bar, so you have no idea what is going on beneath the pixels."

So your argument relies on in-browser implementation bugs? But that argument leaves your approach in the same boat, doesn't it? Well, nice try.

Tell me Kim, can you even cite a known exploit?

How can an attacker 'distort' an IP mapping if the user follows the basic security steps I outlined? I have dug around for information on this, and all the exploits I found relied on the user dismissing the certificate warning that would necessarily appear. Arp cache poisoning and MITM simply do not work against users that heed both certificate warnings and the domain.

How can the certificate dialog be "faked" when it
isn't even in the interest of an attacker to display one?! As for fake certificates, those appear as warning dialogs and the best that attackers have been able to do is issue the certificate to themselves... clearly visible to the user.

You still have not addressed the burden of proof I laid out earlier with regard to your quite serious claim. There must be some sort of studies an expert like you would have at hand...

Here is an excerpt from a recent Steve Ballmer speech where he describes how Silverlight will be more-equal on Windows than on other platforms:

"Mark's gonna to show you... is gonna focus some on a couple of these themes. Is gonna show you a little bit of Silverlight, which talks to some of
the next generation presentation and programming capabilities that we think we can do in a reach way, that is consistent, runs everywhere on the internet.
It'll be further enhanced... can be further enhanced if you wanna marry yourself to a... t..to Windows, which will provide a superset of Silverlight."

http://www.mydeo.com/videorequest.asp?XID=48644&CID=133678

Lo and behold, we have MS systems architect Kim Cameron with yet another MS replacement for a another common browsing fixture... this one having to do with authentication. Read Cameron's website which basically states what is being sold here is Passport v2 (Vista CardSpace).

Observe, we have Ballmer in the same speech above saying that Redhat will be made to pay for infringement of (undisclosed) MS patents, and hinting that patent trolls "like Eolas" ought to be encouraged to do the same to Linux vendors.

Observe also, that Cameron is making an unsupported claim against the security of SSL certificates.

Scummy.

Spenser,
Well there is PC, and then there is deranged, misapplied, overweaning PC. The promotion of all belief systems (religious or otherwise) is open to criticism and expressions of distaste, as long as it isn't extreme or personally harassing. Its especially true when you factor in who was the first to throw stones, and who is operating from an arbitrary morality that amounts to bigotry and irrational hatreds.

Race, gender, sexual orientation, and religious background are a different matter. Negative comments about their fundamental nature can't be considered honest criticism.

Kim Cameron,

I have provided a specific real-world regimen for end-user security (which admittedly addresses only Internet transmission). Please address the points of the regimen (as originally proscribed by the likes of W3C) or kindly keep your characterizations to yourself. If you have a valid technical critique/example (or even a social argument that explicitly shows the existing system to be unlearnable) then your labels like 'naive' may have some merit.

OTOH if you cannot provide anything more than vague statements about supposed SSL exploitability, then I must start to consider whether the premise or motivation for the rest of your project is faulty or suspect. Your employer, Microsoft, desperately needs to justify its Windows business model by pushing Vista upgrades and reinforcing the fealty of PC OEMs by making massive hardware upgrades an endemic part of PC culture. That you did not disclose here your employment at MS doesn't help that suspicion.

As for Ann, I could well have her wrong. My original post was only a first impression from the hour+ that I watched her. Actually, I Googled and read a couple of items about her past work going back to the 90s: I still have not seen one case where user education (remember, empowerment) was on her agenda. Her ideal purveyor of privacy in the home would seem to be an 'A+' GeekSquad tech purveying shrinkwrapped active measures that keep the user passive, the natural extension of virus-scanner and DRM culture. Rights-management mirrors Privacy-management here, and your stated belief in an eventually-mature DRM kind of makes me wonder if Ann believes in DRM too?

Where transmission security (anti-phishing and pharming) is concerned, there is no sexy angle, buzzword or entrenching self-interest for IT pros and enthusiasts in teaching people about the address bar, the certificate and the status bar. No status brands to pin our names to; No corporate appeal or resale commissions from all the stuff that 'has' to be (needlessly) replaced. So we generally don't even think about passing on this basic info, and instead bloviate about MS, IBM, firewalls, anti-spyware, blacklists, whitelists, WPA, ECC, and hopefully for you Vista... a very mixed bag that all relies on dramatic acronyms and PR-reinforced buzzwords. MS feeds this culture of ignorance and reliance on boutique services, or "open" standards that are actually patent-encumbered. Push the 'Vista technologies' of your employer all you like, but I am not hopping on that ultimately disastrous bandwagon.

The whole transmission side of this issue suffers from acute IT trade neurosis. Almost all of the MS-certified techs and about half of the computer science people I know cannot state how a user employs browser security except to say "look for the lock". They don't quite know what certificates are, or that they authenticate domains (not the proprietor or their level of ethics or legality... the domain; the other stuff are fundamentally personal ad-hoc decisions). Steve Jobs had the status bar turned off by default in Safari, while Negroponte had the address bar removed from XO Sugar... these bona-fide geniuses are sadly web-browser idiots and share in the neurosis. Their users either don't know where they're going, or don't know where they are, and the icon-extremism of their browsers translates into a semantic brokenness/vulnerability. (We are all becoming adled in the environment of profound software market failure embodied by your monopolist employer.) Is it too much to ask that a user has to discern the difference between the cafepress.com store and something called thecoffeepress.com or even cofepress.com? You CAN'T protect people from having to discern URLs, or deciding just what personal info to give out on a case-by-case basis.

Additionaly, browsers already have integration with OS-administered keyrings. Make the keyring format portable, promote more enforcement of strong passwords and the argument for a special new identity protocol disappears.

I have given your Ontario patron almost 1 hr. 15 min. IMO she is a humanities-based "expert" who exemplifies our failure in constant self-promoting buzztalk while rejecting an education + KISS philosophy. Neither you nor she can point out the supposed weakness of the existing tools except to strongly imply that users ought not to be bothered one iota learning extremely basic guidelines. Please reread your response's first paragraph and realize it is YOUR burden to succinctly state what is wrong with the design of the existing (and largely unused) tools.

Quite seriously: Prove your claim that a "human ceremony" (as you say in your paper) of user-checked domain + a passing certificate is in ANY way insecure outside of tangential issues like a compromised certificate authority or malware-infested (Windows) PC. Prove it.

I think you cannot prove your security claims, and therefore your identity claims are suspect.

As for the prospect of curing the IT neurosis, I must thank Cory Doctorow here. Every article and speech about the futility of DRM plants the seeds of awareness about other automatic systems that fundamentally misuse cryptography, based on absurd assumptions of what qualitative decisions can be made for us by a stew of automation + cultivated user ignorance. It is the main reason why I am drawn to his non-fiction writing.

I wish I could be more positive about this. The datacenter proposals largely sound quite good. More secondary-storage encryption; Best practices for sanitary handling of identifying info get a thumbs up. The neoliberal cant about self-regulating industry, about individuals being physically branded onto their keys while letting organizations (corps, govt etc) off the meathook...not so good. And lets be honest, your questionable suggestions about SSL while pushing Vista functionality (for your undislosed employer) is show-stoppingly crass: I await your answer on that.

All communication privacy is based on systems of trust, and 1hr into this lecture I see scant mention (nevermind justification) for why we should trust IBM and Microsoft to administer the keys to our identities. No explicit mention of how this relates to TCPA (Trusted Computing) especially Remote Attestation. No mention of VeriSign turning into a "lawful intercept" contractor for the NSA.

At 1:01:48 the slide "Implications for users" is worrisome, as she seems to be pushing intrinsic "embedded" TC-like capabilities that make decisions about il/legitimate transmissions for us. "It's already in Windows Vista..." IOW, you should only use computing technology that decides for you whether those shiny Citibank and QVC logos on your screen are real. Because that's where all this is heading... preserving the automatic responses people have toward professional-looking trademarks and the gravitas of all the old shiny-shiny graphic art. Click on the pretty pictures in your email and don't worry, because the big-league criminals are taking back junk mail from those faceless, PR-less, petty thieves.

She admits that the process "started with Microsoft" (and now bringing in IBM), a prime TCPA mover. How cozy.

I get the impression this woman isn't even trying to do basic consumer education. What is so hard about teaching the following (has she or anyone reading this ever tried this with users?)...

1) Learn the address bar and status bar! Mouseover and check links in web and email before clicking on them.

2) Learn what a URL is, and pay particular attention the domain name and SSL 'lock' status during any sensitive transaction. Is it the domain name that you want to talk with?; Is it spelled correctly?

3) Learn what a certificate represents, and how to handle a certificate warning. A locked page that is warning-free cannot be spoofed by a fourth-party.

All phishing and farming exploits are based on the assumption that the user will either A) click 'OK' on a certificate warning, or B) not scrutinize the address they are accessing. If the user is vigilant on only these TWO points, then data breach or spoofing is absolutely limited to the second party (e.g. Citibank) or the trusted third party (VeriSign).

Dealing with the VeriSign's of the world adds ONE more step for the end-user (switching your browser's CA setting). The CA question

The "Privacy-Embedded 7 Laws" phrase seems like an oblique reference to the Three Laws of Asimovian robots.

The biometrics advocacy is creepy, but 'OK' as long as it has unique passphrases and its not centralized by the government. How naive can one get? Having biometric info spread out amoung an array of Haliburtons, Carlisles, Blackwaters and Exxons is not the least bit encouraging. Private corporations are chartered by their host government and readily regurgitate and "EMBED" their databases whenever war is declared.

OK, so those are all of my off-the-cuff concerns about Dr. Cavoukian's presentation. OTOH, she mentioned a couple of security schemes and books that seem like they are worth reading time; That she wasn't confident enough to chart or summarize their workings I take as a bad sign however. And the suggestion to encrypt data and store identities (physically?) apart from the details is refreshing. Solidifying concepts like "secondary uses" and "information self-determination" is also a positive aspect of her speech. The brief history of privacy laws is nice.

No hint of empowering citizens through extremely simple education is ominous coming from a privacy czar. It speaks of a reflexive preference not for privacy, but for corporate services.

Sounds like a conspiracy theory to me.

Uppity liberals aren't entitled to harbor suspicions against the establishment; Let's ridicule them!

Hansellout makes an important point. And I fear that Cory doesn't seem to have anything good to say about Russia, either.

This xenophobic crap gets very, VERY old. And there's plenty of it here, even on boingboing.

Its probably worth noting that, going by the referenced material, this post is pushing little more than conspiracy theory. That is certainly true, if you adhere to the standard of proof required to indict powerful Americans.

"Petrocracy??"

Please! Go pick on Norway or Canada if such creative neologisms really concern you.

Oil blackmail? Yes, routing oil pipelines around neo-NATO territories (which I understand Chechen terrorists badly want to join), and raising their energy prices to post-Soviet fair market value is so teh nasty and duh evil.

-

An info-freedom activist apparently forgets that often it is negative information that wants to be free. How one deals with hysteria and lies is at least as important as the ability to run your samizdat un-harassed by lawyers (because legality scarcely signifies at the point where the latter becomes necessary... only truth).

Ah, always suspected that Windows' security model had an element of religious faith.

Ah, always suspected that Windows' security model had an element of religious faith.

I wonder to what extent the Iranians and others are afraid that Google is being used to spy on people and map their social networks (and intentions). This is information one country's military would use to invade another and tear any local resistance to shreds... or set various groups against each other. The civil war in Iraq is working out very well for ExxonMobil and BP.

People at all levels of society tend to use Google, and the searches with accompanying ads are a reflection of what people are thinking at a given moment.

If the country you governed were being loudly threatened with the regional steamrolling that is going on across the Middle East, how would you regard people blindly typing all that information into a central American repository?

Maybe Google-blackouts at critical times amounts to a security measure.

Yeah, I just read Cory's short story. I do not think it is paranoid.

There is more to this than censorship.

My, the digirati are getting nervous.

Despite the dialog being totally unrealistic, it was still a decent read. The theme of surveillance through an advertising business model has a lot of merit.

Now Cory, when are you writing a Verisign-NSA piece? But that's old hat and not sci-fi enough for you, perhaps.

#6

You seem to forget the capitalist appetite that initiated the whole conflict in the first place.

As for the unhinged comments about Marxist propaganda: I'd say that a desire to shift the focus and character of government away from extreme militarism and toward peaceful (even welfarist) endeavors hardly qualifies. I distrust anyone who so much as implies that government intervention is inherently misguided or evil; typically they follow the interests of a wealthy elite who prefer a somewhat smaller militarized govt catering to their tiny numbers and not to the masses.

#6

You seem to forget the capitalist appetite that initiated the whole conflict in the first place.

As for the unhinged comments about Marxist propaganda: I'd say that a desire to shift the focus and character of government away from extreme militarism and toward peaceful (even welfarist) endeavors hardly qualifies. I distrust anyone who so much as implies that government intervention is inherently misguided or evil; typically they follow the interests of a wealthy elite who prefer a somewhat smaller militarized govt catering to their tiny numbers and not to the masses.

Well, one can always just read Xeni and Cory's blogs separately now that Boingboing is hawking arch Libertarian ideology.

One last note to you, Mark: The individual-centered libertarian rhetoric has all been repurposed for advancing the freedoms of corporation-as-person. The past 30 years have come down to all individual responsibility and vanishing individual freedom, where the little guy has no financial security and is endlessly being "secured" against terrorists and other minuscule threats. The corrosive "government is evil" mantra has played right into the hands of aristocrats and their public servants, for a people who expect an evil government are the most likely to tolerate one.

KIINT-

There isn't much irony in Cory's russophobia; more a lack of fact checking.

I was struck by this fact when reading this Wired article just yesterday. It mentions in passing that VeriSign contracts as a wiretapper in addition to phone companies.

IMHO this sort of activity is possibly a deep, deep conflict interest and betrayal of trust for a certificate authority like VeriSign to be engaged in. I could be wrong but it seems likely that VeriSign could, with help from ISPs, use their position to stage man-in-the-middle attacks on unsuspecting users without prompting any certificate warnings.

Would someone with detailed background care to comment on this possibility?