A couple of things... Minor errors? Really? A complete misunderstanding of the material at hand, and publishing an article that is effectively disinformation is a minor error?
Techdirt has made mistakes of this magnitude in the past. (They usually post corrections, but you're correct, that's neither here nor there.) This does not invalidate the claim that faulty reporting will lead to a loss in readership. There were a few instances in which techdirt nearly lost me as a reader due to blatant errors that invalidated the entire article.
This article isn't about bashing the other news sites for getting it wrong (at least, not primarily, it does feel like Techdirt is gloating a bit, which is not cool given that they have made similar mistakes), but informing the readers, whp may also be readers of one of the other sites, that the information reported therein was not accurate, and to stop the spread of disinformation.
If I flipped a couple of virtual ones and zeroes around and emptied your bank account, would you still claim that nothing was stolen from you? Or do you really believe that your money is just sitting in big vault somewhere? Ownership is a far more complicated concept than whatever physical items you can lay your hands on. Many aspects of ownership are "virtual", beyond just the obvious. Ownership of copyright, of land, of debt. These are all virtual concepts, yet they govern most aspects of our lives. This is not something new, the frameworks of virtual ownership have been around, in one form or another, for centuries.
Shrugging all of this off as "virtual, and hence meaningless", is... short-sighted.
The CA does not create or provide Certificates, they merely sign them so they are "trusted".
This has little to do with the actual encryption between a TLS enabled client and server. There are at least three legs here (more if you have a web of trust instead of a single trust authority): the client, the server, and the CA. Each of these points have their own private/public key pairs. Data to the client is encrypted using the server's private key, which the CA most certainly does not have.
If the CA were compromised by an attacker, they still couldn't decrypt communication between client and server. However, if the attacker was able to intercept traffic as a MitM, what they could do would be impersonate the server using the compromised CA. That way they wouldn't need to break the encryption, since the client is encrypting the traffic so that the MitM can decrypt it, thinking that they're talking to the server.
Blaming third-parties for not disobeying government orders is a red herring, anyway. The government should not be allowed to issue such orders. Period.
Just wanted to point out that it is possible to steal IP, and in context it's what Kerry was talking about. When you break or hack in to obtain confidential information that you aren't allowed access to (and possibly destroying or corrupting the original), that is most certainly theft.
When you distribute information that you obtained legally without permission and against Copyright laws, such as sharing a movie online, that is infringement, not theft. Corporate espionage falls under a different label than infringing.
The concepts, of course, are not mutually exclusive. The use of the stolen IP, such as by putting out a competing product based on the IP, is, once again, infringement.
That bit of pedantism aside, this was a great article.
TL;DR: Illegally obtaining confidential IP is theft; illegally using IP (secret or not) is infringement.
Ion Thrusters are interesting, but they're not a purely electric propulsion medium. They still rely on a propellant, xenon usually, which is expelled at high speeds. They're much more fuel efficient than chemical propellants, but they still need to carry fuel, which limits the usefulness for deep space exploration. They also tend to generate very low thrust, but by the time that we really need better thrusters that might no longer be true.
That EM drive, though.... I really hope that it's not just a mistake, and it does operate the way people think.
They could do that; as an ISP they could intercept any https requests, and act as a MitM proxy, decrypting and re-encrypting traffic in both directions. That would be troublesome if https was only about encryption. What they would not be able to do would be perfectly disguise the traffic as coming from the original source. They would need to automatically create certs for each site that a user requests. They could make these certs appear to be from the site in question, maybe even well enough to fool the browser, but they would not be identical to the certs provided by the site, and they would all be able to traced back to a single CA. When every https site in the world is suddenly using the same CA... Well, let's just say people will notice, and there will be an uproar. See the Lenovo/Superfish fiasco.
This type of MitM attack is untenable on a wide scale, particularly if you need to keep it quiet. Targeted attacks on less savvy individuals, however...
For anyone who is worried that using https will require trusting a third-party, there is a way around that. It's not all that difficult to run a CA yourself, many Enterprises do so for encrypting internal web applications. Certs usually cost money not because of some technical cost of encryption, but because of the man-hours that are required for the CA to verify that you are who you claim to be. You can cut out the middle man by running your own CA (you implicitly trust you, right?). The downside is that the certs you create won't be trusted by default (and the hoops you would have to jump through to do so are... untenable). Clients would need to install your root cert onto their machine, which is easy to do, and then any certs you create are trusted.
If that's too much to worry about, you can always forgo a CA entirely and use self-signed certs. No one will be able to trust them, but it's the easiest way to get encryption running. The problem with https/ssl is it's playing double duty as data encryption and identity verification. Providing encryption is cheap and easy, and solves most (though not all) of the concerns about modern web browsing. Unfortunately, encryption is caught up in identity verification/trust authority, which is difficult and expensive (though progress is being made on that front by EFF/Cloudflare/others). I'd love to see a protocol somewhere between http and https, that negotiates and encrypts traffic, but doesn't rely on a trust framework. It obviously wouldn't be as secure as https (MitM attacks would be much easier), so https would still need to be used for things like ecommerce, but it would be much better than http, and without the costs/difficulties of https.
Not the only one, no. Plenty of folks are mildly disinterested in the game even though they completely understand it. Myself, beyond interest in the world building algorithms and the possibilities of the in-game logic circuits (though the former is less about playing the game than it is interest in the mechanics, and there are better examples than Minecraft of the latter, e.g., Little Big Planet, Space Engineers), I find it rather dull.
That said, I completely understand why so many people enjoy it. The best analogy really is an endless set of legos; Minecraft allows for an enormous amount of creative expression. But, then, I never did enjoy legos as a kid. They always felt... pointless. Instead, I spent weekends and holidays building complex engineering feats (for a kid, anyway) out of K'nex. Less about making pretty structures than seeing what you could build, struggling against gravity, structural stability, load distribution (I think I figured out the awesomeness of the lowly triangle at about 6 or 7), etc. Throw some motors in the mix, and things start to get really fun. I remember spending a lot of time messing with a remote control motor, building various vehicles.
I guess I'm trying to explain that I'm creative, but not artistic, and that I that I think Minecraft appeals to those with an artistic tendency. Since allowing kids to explore their artistic side is laudable, I have a hard time understanding why anyone with a touch of sense would think Minecraft is bad for kids.
Isn't Bill O'Reilly registered as an Independent? Conservative, certainly, but not a Republican. Seems to me like you took two random examples on the failings of rigid, dogmatic ideologies, and interpreted it as a personal attack.
Do you have a persecution complex, or are you posting flamebait for the hell of it? I am inclined to believe the former, though your last statement gives me doubts, so correct me if I'm mistaken.
Techdirt should really know better. This is tabloid (or cable news) level bullshit. The only revelation here is that the campaign website uses Cloudflare. Good for them, Cloudflare knows what they're doing. The SSL certs used by CF often serve multiple websites. That's all that's going on here. It has nothing to do with Ted Cruz, and little to do with Cloudflare.
Cisco's plan makes a lot of assumptions about the NSA's capabilities, most of which aren't particularly sound...
I don't agree. Cisco is well aware of NSA capabilities, and they know that this plan isn't enough to prevent tampering en route. With enough tracking/surveillance/infiltration of Cisco operations/personnel, the NSA can and likely will still find, intercept, and tamper with intended targets.
In that case, why did Cisco bother? Two reasons. First, which was touched on in the article, is to simply make a statement. They are proclaiming to the world and to the NSA that they're not willing to sit idly by while the surveillance state drives their reputation (and their bottom line) into the ground. This is a symbolic protest as much as an actual mitigation.
Second, yes, this is a mitigation. These precautions won't make it impossible for resourceful (in both meanings) third parties to intercept equipment, but they will make it more difficult, and thus costlier. Even the NSA only has so many man-hours it can direct. If it now takes twice as many man-hours (an over-estimation, I'm sure, but no matter) in order to backdoor a router en route, then they are only able to do so half as often.
Cisco, or any US based company, can only do so much to thwart the surveillance state. Any pushback, however minor or symbolic, is to be applauded. On the same note, any willful collusion should be considered a betrayal of their customers, and the public at large.
Though, I'd like to point out that the first parenthetical in his post follows a full stop, and encapsulates a discrete sentence. In informal grammar, this indicates an aside, a thought tangentially related to the current topic, but not fitting in the paragraph flow. (Yes, in case you were wondering, I am enjoying myself.) It is perfectly valid, though, again, less than formal.
The main performance bottleneck on encrypting these devices is caused be the lack of a dedicated hardware encryption chip. That costs money, and necessitates a major hardware redesign. So they tried software FDE, which has performance costs. The performance drag was too great, so they complained to Google.
Google quietly backpedaled their encryption requirement. Not permanently (at least according to them), but just an extension to give the manufacturers more time to meet the requirement.
So... disappointing is the word. Especially how Google loudly boasted about always on encryption, but was nearly silent about pushing back the requirement.
It is certainly feasible that the NSA did not need access to the firmware source code in order to pull off these kind of attacks. Ars Technica has an article explaining. These drives use standard debugging interfaces, and, with a bit of work, anybody with the right skill set can reverse engineer the firmware.
That's not to say that the NSA didn't have access to the firmware source. They certainly could get at it if they wanted. Just that they did not necessarily need the source in order to write this kind of malware.