I'm not sure he is talking about what I think he is talking about with untrusted certs. Self signed certs are MORE secure as long as the party at both ends understands the process. You simply cannot have a true secret when there is a 3rd party. Certificate authorities are only there to make the process acceptably easy for those who don't know what is going on.

You don't give your certificate to a third party by getting a signed certificate. You generate a signing request, which contains a check sum of your certificate and the details of the certificate. Then your upstream CA signs this signing request.

The private part of the certificate never leaves your computer. Clearly you do not have the faintest idea how the SSL protocol works

You are not understanding the issue.

The key is protected by a code, that is 4-5 digits long. After ten tries, the iPhone destroys the key or enables a timer, meaning you have to wait before next try. What FBI is asking is that Apple make a custom iOS that does not ask you to wait, or destroy the key. And inputting all combinations of four digit codes is doable. If you use five seconds per code, plus a second for checking, that's 60000 seconds for all codes - or 30000 seconds for half (which, on average, will do the trick). That's a bit over 8 hours for half, or 17 hours for all. It's not gonna be a fun job, but it is totally doable. As long as they have a custom iOS that doesn't ask them to wait for an hour after multiple failed attempts, or simply destroys the key.

We're upset because you're peddling snakeoil. Here is an excercept generating the hardware ID:
If Dir("gethwi.bat") "" Then Kill "gethwi.bat"
Open "gethwi.bat" For Append As #1
Print #1, "w32tm /stripchart /computer:us.pool.ntp.org /dataonly /samples:5 >gtime.dat"
Print #1, "systeminfo >gsys.dat"
Print #1, "getmac >gmac.dat"
Print #1, "exit"
Close #1
Shell "gethwi.bat", vbHide

You use this information to generate an ID. But you don't even hash it with a one way hash, which means it's possible to forge a reply to give an desired result. A good one way hash would at least make that impossible. It is also not scaling very well - you will need a lot of support for pissed customers who changed parts of their computer or changed timezone.

Furthermore, you do no authentication of the answer from the server. Anyone can send the response, and be accepted. You do not have any security. It would be trivial either remove your DRM by jumping over it, or supplying the very wrong values. A race condition would also work - overwriting the gsys.dat, gtime.dat, gmac.dat before your program reads it. Or simply replacing the code snippet above with a batch file which state echo "Desired values..." > gsys.dat.

So take an evening, think about how you can bypass your system. Try my suggestions. Fire up an debugger, and have a look at the software.

Yeah, nearly. I didn't say it was FULLY crackproof, but you have to know what you're doing in order to bypass it. Which is why server authentication is BUILT IN. So, unless you've got a direct proof-of-concept exploit, such as faking burned in MAC address codes, along with simple bios info (which amazingly, can be brought up via windows commandline), I would make the educated guess that you're upset in regards to me further maintaining already solid code which someone else can build on.

Or what happends if the software is modified, with a neat little jump instruction where it wants to run the verification? Or what if you just write an API wrapper that gives the desired input?

NSA is buying security holes to use against us. This is part of what Snowden revealed with the leaks.

Offering a bounty, even though it is not as much as the security problem could fetch on the grey market, creates a certain loyalty towards the vendor, and makes it easier to go to them, and ensure the hole gets patched. It also attracts more eyeballs to your software, as finding a problem means money. Google has gone even further - by offering grants for research into specific products, where you get money for checking security of the software, not just finding security prolems.

So I believe it is a good thing; it probably means more holes will be reported directly to the vendor, and not sold for exploit. It probably attracts eyeballs as well...

Except that Cloudprint sends the printjob to google, which then sends it to the printer. It means that both the printer and computer needs internet connectivity, not merely network connection.

It's because the working class organizations (consumer organisations, trade unions) are so strong in most parts of the EU and especially Norway, they have gained a lot of rights and limitations to the powers of capital.

Indeed. We have fought for our rights, and we've won them over time. And we've made a soceity where fear is not a driving power.

Just looking at things like the recent uprise in USA about police shootings is shocking in most of Europe. Here, police does normally not shoot people. In Norway, it's literaly years between when the police shoots and kills someone. In most of Europe it's major news when it happens. In a country like Germany, with 80 million people, it happens 3-4 times a year.

I would claim that Europe is freer than America. Granted, we can't carry guns where we want, but the risk of crime is lower, and the living standard is on average higher.

I agree with the concepts your are talking about, but I cannot imagine an IT shop failing to check the background of a system administrator who will be working with banking systems, for example. Think about the fallout if Deutsche Bank hired a database administrator with prior convictions for banking fraud, only to see that employee steal 100 million from the bank.

Of course it's checked for some positions, and finance is one of those. But in general, it's not legal to ask about it. If you apply as a programmer the employer can generally not even ask.

I'm going to bet that criminal convictions are pretty important in the relevant areas, even in Europe. They probably do a better job of discriminating which information is relevant and which positions are sensitive.

In general no. For the jobs I've applied to (electrical engineering for some pretty big companies) it's not been asked about. They have no right to ask, and no right to know. On defence projects the individuals participating has had background checks by the intelligence service, but failing that would not mean losing job - only not being allowed to work on defense projects.

In Europe they might not have to ask before running a criminal background check. And lying on the application might not make a difference when it comes time to terminate an employee.

In most European countries the employee have to sign and/or submit the application for a background check. The result will be sent straight to the employer, but the application has to be filed by the employee.

In Norway, I can not even get a written copy of my record unless I provide a valid reason. I can get it read out to me, but not in writing. That is to stop companies from asking without reason. The reason is printed on the record, and misuse is illegal. So if I get one for a visa application, and my employer uses that for anything but visa application, they look at civil liability for the information misuse, and criminal liability for the failure of threating information in the proper way.

Now, while this sucks for the felon trying to land a job, it also sucks for the company, and lets face it, the recidivism rate among past felons is generally pretty high. Why should a company want to risk it's own livelihood or existence just to give you a second chance?

I think there's a circular logic somewhere there. If you don't have a job, I guess you have a lower threshold for crime. If you have a job, and everything to loose, I guess crime is not so tepmting.

In most of Europe, criminal convictions is simply irrelevant to jobs. Some jobs require your record, but mostly not the full - only a limited record. For instance, if you work with kids, you need a record clean of child abuse and sexual assaults. But for a general job in IT? Noone would even ask about your record. I have not been asked ever - except for a visa application to the USA.

I believe the European system is better at integrating convicts back into soceity, stopping them from committing more crime.

A smart grid will help. If you're able to serve up 20-30 percent of the supply from batteries (EV's can be batteries in a SG system too), you can reduce the grid. They can also serve as UPS systems, effectively smoothing out dips as switchgear changes layout of the grid.

So yes, smart grid with energy storage can help by averaging load over time. For an EV you can configure it to be fully charged at 4, when you leave work, and let it feed the grid in the meantime. You can supplement this with stationary batteries. As EV's become more common, used batteries from EV's which are unsuitable for the size constraints of the EVs can be repurposed to fixed location storage, where size is not as big concern.

When peak power is occuring is less interesting. The interesting thing is that using a conventional grid it happens - time waries.

Power grids does not need to be dimensioned for peak power - provided you have local energy storage. 1MWh of Lithium batteries will weigh in at approx. 10T, and will fit in a small garage, and will be able to supply a peak power of 2MW for half an hour. During periods of lower use, they can be recharged - bringing the peak load on the grid down. They can also assist in smoothing power production. Have an excess gigawatt? Put it into your batteries around the neighbourhood.

The project is definitively not backyard. I cannot tell details, but it is supplying a power in the megawatt range twice an hour, and then recharging using the power grid - enabling huge peak loads that the local grid cannot support. It is a project you've read about in Wired...

If you google smart grid you'll see that it's a big thing. Siemens, ABB, Schneider Electric and many other big companies are working on it. So your comment smells of trolling with no real insight in the field.

It's true that renewable power levels like wind-power rise and fall, but once you look at a larger area then it pretty much evens out.

But dimensioning the grid for average power draw is cheaper than dimensioning the grid for peak power. During the night, power consumption is low, and batteries can be recharged. When everyone wakes up, and makes coffee peak power occurs. With local storage the consumption can always be kept at the average level.

This also means that when there's good wind, you can save the energy for consumption later, without transporting it. Yes, batteries have a 5% energy loss, but so do long haul transmission. And long haul transmission technologies like HVDC costs a lot of money when you get into high effect converters.

I'm currently involved in a project where the conclusion was that a local battery storage was cheaper than renewing the power grid for peak load. The point where it's cheaper to install a Smart Grid Solution instead of bigger grid is only gonna move in favour of smart grid the next few years...

Highspeed trains need special tracks. Creating these tracks involves confiscating a lot of land from people along the way.

Roads also need a lot of space. So I don't entirely see your point. Maybe roads need 20% less space or something, but it's not like they need no space.

Doing this creates many lovely opportunities for corruption in government as the route can go a lot of ways depending on who influences it.

We have solved huge parts of that in Europe. We do it with open goverment, post journals showing mail that has arrived to a government agency, political hearings were everybody can send in their opinion, and the agency has to comment and publish all hearing comments. This mostly works. In the cases where it doesn't work, a sufficiently pissed of party can take the case to court to have the process reviewed.

"It says something about the state of train travel in America" yeah it sure does. It says that people would rather drive than be subject to that TSA garbage.

Straw man. We don't have TSA garbage on european high speed railways. And while I can take the train for long distances in the Europe, I believe I'd be taking a plane in the USA, exposing me to that very TSA garbage.

Oh there's so many vulnerabilities with electric typewriters, especially the single-use ribbon. Manual typewriters with a fabric ribbon that is re-used might still need to be burned.

Yes, there is security vulnerabilities. But compared to a computer, containing millions of lines of code, and the capability of running arbitary software, a typewriter is a very simple envirorment, with fewer unknown and bugs.

Securing a simple envirorment is easier than securing the complex. Take a Selectric typewriter - you can check the software manually as it's probably quite short. You can easily verify it, and there is NO reason why any other software should be present. This is not the case with a computer.

Or mechanical typewriter - no software, so the only storage mechanism is the ribbon.

So yeah, a bit of physical security is needed. The ribbons needs to be handled as classified. The drums may contain imprints, and neads to destructed safely. Sound might reveal something, so the room needs soundproofing and checks for unwanted bugs. But compared to a computer, it's quite trivial, and the security is within the reach of even a small organization.

Or are they thinking they will go it alone and continue to update their Linux distro/kernel just because it is open source? Do they really think they are qualified to do that? Or is the hope that they can spend money to keep the OS in long-term-support status?

That is not as hard as it sounds. There's already tons of mission critical in-house applications in banks, some of them probably quite a lot more complex than an OS with some drivers and an application on top of it...