If this is to be believed (I haven't tried verifying it myself), then they've committed the most ancient web browser vulnerability I know of (accepting a URL into a fixed size buffer).
well, more accurately they would need to compromise the node immediately adjacent to you and a node near the sender for the attack you're describing (even if they're using multiple encryptions for the transfer like onion routing (which i don't know) you could still have a reasonable guess based on amounts of traffic, despite not having compromised some of the intervening nodes)
Personally, I didn't switch over to Linux until I had a computer that was purely Linux. I had a dual boot machine for a while, but simply never ended up using the Linux partition, except the first time it was installed. Rather than the dual boot helping me learn, it just sat there. The better learning experience was probably doing things for school on the command line over ssh (via putty).
I eventually simply had to make the plunge, and have been very happy with Linux since.
I don't know; when I was in high school, the major reasons I would do what my parents said were, rather than respect, a combination of irrational fear and rational desire to continue to be fed. (but my case was quite atypical)
i personally disagree with the idea that you can have 'freedom of speech' combined with the threat of lawsuits for said speech. if that were the case, china isn't that different. while i don't think that one should be allowed to yell at people, for example, communication between consenting parties should be allowed regardless of its content.
in china, for example, you have (some) freedom to go onto a website and talk about tiananmen square. however, i hope you're ready to take "responsibility" four your speech.
i'm exaggerating of course, but that's not too different from having to take "responsibility" for a comment. a difference, you could say, is whether the speaker is on the side of truth or not, but in china, the tiananmen square massacre is generally not known to have happened.
anyway, the legal proceedings surrounding a lawsuit (or pretty much anything involving a courtroom) are quite a punishment. even if the accusation is thrown out, there is nontrivial inconvenience caused.
because of the difficulty of ascertaining what is 'true' in many cases (not to mention that i hope people will eventually learn to take things with grains of salt), i think that 'freedom of speech' should include 'freedom to lie'. it might seem convenient to live in a world where people never lie, that just isn't possible -- and our current implementation means that one's ability to speak depends on anonymity... or money to spend on lawyers.
so, the danger is radiation, and you are given the choice between two humans to send in. why can't we send in my super mutant buddy? he is immune to radiation... and there's a ghoul you can get as a bodyguard too.
government issued incorporation-time signatures -- would this perhaps help?
we already have to trust the government on documents of incorporation. could we add an extra field to the paperwork to include a public key's fingerprint?
number 2 is _not_ a significant improvement over number 1, simply because from a security standpoint, you have gained almost no security by encrypting if you don't know whether you're communicating between the person you want to or perhaps some fake site that looks similar, or a man-in-the-middle attack.
the only improvement is in the case of a purely-passive eavesdropper -- not much of an improvement at all. For eavesdropping purposes, if you can passively eavesdrop, you can probably actively eavesdrop and interrupt or manipulate the connections, because you've got physical access to some wires or routers or just have a laptop running airsnort software in a cafe.
furthermore, having people get used to using self-signed certificates is bad, because it lends man-in-the-middle attacks more apparent legitimacy. so of course eve couldn't fake the signature of the real key, but if any signature will do...
i don't like the existing certificate authorities ($50-$100 per year for a row in a table? sheesh!) much either, but they're needed to have trust between people who have not met before.
i'm a big fan of dance-dance-revolution (or stepmania), but never got a decent pad for home use, and never did it regularly. can anyone comment on it as exercise?
uhg. don't listen to that other guy. anyway. in case you are really curious, consider that (apart from the issues of users and programs and operating systems leaking info accidentally) the servers that run tor nodes are few and have no real system of determining who is trustworthy enough. they put some effort in, for example making sure you don't use nodes too close to one another in your route, but it's not perfect.
an excellent attack that someone with a large-ish amount of money could perform on tor would be to simply host a _lot_ of nodes, and in many different locations. the total number of tor servers is in the mere thousands, i believe. so, if you're willing to spend, say, a few tens of thousands of dollars, you could use hosting services to run your own corrupt nodes. if you control, say, one half of existing tor nodes, there is a 1/2 chance that you can read exit traffic (if you just wanted to get a feel of what tor users are doing), and a (1/2)^3=1/8 chance of both getting knowledge of who the client and server are. in the case of hidden services, it's (1/2)^6, but same deal.
now, if you are, say, at&t, or someone who has access to spying on at&t and other isp's, you don't really even need to break any cryptography or interfere in any way; you just time when someone connects to some server, followed by that server connecting to another, etc, and have a reasonable idea of who is connecting to whom. there's a publicly available list of tor servers to help you test, even:)
in the non-expensive category are such silly things as asking people for their password, or website cookie issues, all of which sound unimportant but of course will give you away.
if you are really interested in such things, i recommend reading whatever papers you feel are interesting from this page:
you have to consider 'tangible things' to mean an object including its structure; taken to an extreme, consider that 'gold' or 'diamonds' are really just useful or rare configurations of atoms or subatomic particles. but anyway...
patents have a number of weird implications. in the practice we have now in the usa, there are issues with ambiguity whether another idea is covered by a patent (the whole 'claims' system is pretty much built on ambiguity). furthermore, just because the patent is open, the patents are often worded intentionally poorly, so that the ideas don't get out there--and there still exist rather nasty non-disclosure agreements despite the fact that we have a patent system. patents usually don't cover the time consuming process of developing an idea into a product. for most ideas, there's a lot of tough testing, coding, prototyping, or engineering in general that's necessary to make it work; work that is specific to one implementation rather than general like science. there's also the question of authenticity as to who came up with an idea first, or who got to the office first (depending on a country's system), and the ever-looming potential danger of a patent office's corruption or incompetence, which are all possibilities.
even outside of these immediate practical issues, it is very, very difficult to determine what would be 'patentworty'; if we have a group of smart folks who all want to solve the same problem, it's not unlikely that at least a few of them will come up with the same solution. certainly few inventions that would deserve the temporary monopoly under a patent situation are so groundbreaking that noone other than the patenting inventor could think of it. if patents are awarded to someone for an idea that others could have thought of, then the others are disadvantaged rather than benefited by the patent, since they are given information that is not especially ingenious to them, but restricts what they are allowed to do/build/create.
and on a more fundamental level (i'm showing my anti-ip and/or libertarian colors here, heh), a patent system is one which requires a government that can tell someone not to do something, even though his/her doing that thing would not harm someone else except rather indirectly. while the patent system is supposed to be able to protect the little guy from the big evil guy, even if it worked nicely in practice there, it also can harm the little guy.
you say that ideas have value, and i agree with you wholeheartedly. however, we can consider the various intellectual property policies as an optimization problem, where we are trying to maximize the rate of technological advancement as well as minimize the restrictions on freedom. you can think of this in terms of societies in general or individuals, which could change things but the concepts stay the same. it is my opinion that the patent system, as currently implemented and as most people seem to want to implement it, is both far too limiting on freedoms and far too damaging to the advancement of technology.
now, on another note, one patent system that someone here on slashdot mentioned (i wish i could remember who, sorry) is to only award patents to inventors whose idea has been feasible using existing technology for a significant amount of time (the post i heard it in suggested 20 years, though i think that might be too long), but has not been thought of yet, thus showing that it is sufficiently unique an idea. i don't think i'd much mind this sort of system, because even though it conflicts with my generally anti-ip ideology, since it would not involve much damage to the freedom i value so highly while still giving a boost in technological advancement rate over a completely patent-free.
on a side note: consider the values in the house that you mentioned: architectural design, man hours in putting the thing together, stuff like that is not patent related really, and in a completely free system without intellectual property, those things would still be profitable activitie
that's n log(n) comparisons in a comparison sort; we can get around the limitation by, for example, using radix sort, where we do something different from comparison sorts, or by using many many processors, thereby spreading the comparisons around in clever ways. if we go the route of multiple processors, we can achieve very nifty speedups if we have, like, n of them, but even if we only have a few processors, we can get nice speedup from a not-big-oh perspective.
so, basically, n log(n) is not the final word on sorting.
dunno. i am of the opinion that it should be pretty much impossible for an anonymous person to slander on the internet -- at least, it would sort of make sense that if you are being told something by someone you don't know you shouldn't consider it fact very easily.
i believe that slander, libel, defamation, etc are... perhaps outdated concepts. it is probably better for people to check their sources rather than pretend that it is safe to assume what you hear is true. i personally believe that the freedom to lie should not be restricted, even though lying is certainly a bad thing. this is partially because of how awkward cases for slander and libel and defamation can be.
many people, such as yourself, might define 'freedom of speech' differently from how i define it for myself -- and the law certainly has a different view of it than i do. but that's my opinion, and i think that absolute freedom of communication would work. (specifically, i mean allowing consenting parties to communicate whatever they want, not absolute freedom of speech which might be considered to include yelling into an unsuspecting person's ear)
or, to put it another way, if a mere pseudonym is slandering me, i might just ask, "why trust this person?". if people can learn how easy it is to be lied to, then they might learn to check their references, and slandering will become much more difficult. (of course, i do have significant doubts that people will learn to do this... but if people are sheltered from simple communication, then they might never learn.)
well, i think that was the point of the ambiguous coward, that if it actually made some non-government person or organization angry, that person or organization could perhaps have a way to request an appeal. ie, it requires that some person have an interest in the case. 'the government' would have to at least do something creative like astroturf or whatever to get it appealed, if nobody outside of it disliked the lesser court's opinion.
again, i don't know how practical that is, but it is a neat idea.
i'm curious; i've heard stuff about it before and am considering switching. does it have anything like enigmail for encrypting/decrypting stuff with gpg?
hi, i'm perhaps not as zeal-ful as mr. shield wolf, but i agree with his position:
in any case, there aren't many differences between government organizations, corporations, or other organizations; it seems that the larger something gets the poorer its management is. it's certainly true that government is inefficient, i just don't think that corporations are a significant improvement.
(as a side note, if i had to describe my political leanings, i'd say libertarian also. in fact, so libertarian that i'd argue against copyright and patent law, but i that's a story for another day)
in any case, there are various cases where the government has contributed money to advancing various things that have worked out decently. for example, the french give money to artists or something, though i don't know the specifics there. for us us-ians, there's the nsf, which gives money based on proposals to scientists/researchers/professors who will do generically interesting stuff. the main ingredient for the (relative to the typical government organization) success of them is that they don't really seem to try to manipulate who they give funding to. people just submit proposals, and they have some small chance of succeeding. no, it's not perfect: for example, many people get less funding if they work on a project that has less chance of success but potentially a great benefit. it's kind of arbitrary, but it works. i wish they'd spend less money on the war and more on science; the nsf's funding is relatively small compared to, well, most other things we hear about.
also, many people interested in advancing the state of the art of the community/planet get patrons (universities) to pay them more than decent wages, even if the competition for those jobs is tough.
in any case, the people doing research aren't paid like government workers, since they aren't, really. they're more like contractors or consultants, and they have to keep demonstrating their smarts or they won't get any more money.
i know you mention that a lot of smart people will move to working on closed source stuff for the money -- hey, it happens, but many people who are really dedicated to their field would rather have the freedom (yes, freedom) of not being part of a corporation. in many fields, it seems that more generally good research comes from the universities rather than the corporations, since the corporations are too busy trying to outmarket each other and lobby the gov (or just too short-sighted) to research general stuff outside of a monopoly situation (and one could argue that they would only do general research then because raising the water level raises them, and almost only them, up). it comes up on/. once in a while regarding pharmaceuticals and other things.
a lot of the great research coming from corporations is more like the universities, where those employees are paid to do general research and thus advance the name of the company -- it's not research that will directly go to profit, and it usually doesn't happen unless the company has a lot of market share. the famous example is bell labs, and more recently microsoft is acquiring many smart researchers who will just work on their pet projects, and at&t or microsoft benefit from them. doing so requires the ability to spend money for the long term, which usually most feasible when you're on top in a market.
actually google's a funny example: they're a company which runs pretty much on pixie dust and unicorn farts. they generate a decent amount of revenue, but their main source of money is stock market related; since people keep buying google's stock, google gets a lot of capital to spend on research (one day a week, have fun on a pet project that is unlikely to go prime-time) and fun/cool purchases like youtube or (more recently) attempts at airwaves. ok, talking about google was a bit of a digression:)
so, in summary, art, research, and to some extent, coding, are subjects that just don't benefit mankind as well if done with corporations and the free market, and some kind of socializing of that would make sense. (i'd also argue that it shouldn't be a thing limited to our country; ideas made in one country are just as useful in another)
it could work for the same reason email between username@hotmail.com and username@yahoo.com works. or nearly the same reason. or very much like openid. i could make anonymous brave guy@slashdot a friend of my blog on wherever else, and so the server that hosts my blog would, assuming i told it so, only tell someone who can authenticate as you (ie, you, assuming your site isn't hacked and you didn't give out a password etc) my personal info.
similarly, it would have the benefit of being relatively spamless, if my blog doesn't accept comments from non-friends and none of my friends got hacked.
mmm, i feel awkward replying to a reply like that, but anyway, it's matt blaze; i'd say it's pretty credible, and also was quoted in bruce schneier's blog. blaze is a reasonably well known security and cryptography guy. as far as the psychic powers thing goes, i think you just aren't getting his brand of humor (i have met him in real life, and he's kind of awkward sometimes, but funny)
actually, it appears that all the voting machines that were audited in california were pretty bad, full of 'garden variety' mistakes and security flaws.
well, by being 'tamper evident' as you say, you are in fact tamper proof, so long as the data is well stored (and tape drives, cd or dvd jukeboxes, etc can do a good job of this). an iron-clad 'tamper-proof' box is not, in fact, tamper proof if one can simply substitute another iron-clad box in its place. this is the reason that only having a dvd jukebox wouldn't be secure (though again, i don't know what the regulation's requirements are). a nefarious company could simply juxtapose dvd's. remember that the ones who would be interested in tampering with the data are also the same folks who are storing and maintaining it.
i don't know much about the laws/regulations in question here, but yes, there isn't anything stopping someone from making a new 'worm' storage device and claiming it to be new unless there's a third party who will remember identifying information on the data.
if i really wanted to make sure my archives weren't tampered with, i'd bring my data (in whatever medium, the 'worm' thing wouldn't be necessary to ensure non-tampering, though it'd be good for storage purposes) to a trustworthy and hopefully vaguely computer savvy notary. then, i and the notary would hash the data, write up a form that says "i, name here, declare that on this date data with this hash value, some hexadecimal, was filed. signed, signature".
storage aside, this means that for someone to tamper with it they'd have to either bribe/coerce/kill people who saw this form (difficult) or reverse a cryptographic hash (even more difficult). so, pick a good notary (or submit the hash value to the gov maybe?) and a good hash function (like a larger sha or whirlpool) and i think you're tamperproof.
of course, i don't know the regulation so i don't know if this matches the needs of the article.
from what i understand, more or less everyone except for chinese citizens know about it.
in a very informal questioning (aka, discussion over dinner) by me regarding the great firewall of china with two chinese engineering interns doing a summer thing over here in the usa, one knew about tor and had used it and other proxies regularly to access wikipedia back when it was banned, and the other gave me a condescending grin and said basically sanitation of lies is good.
i wonder if i should have asked about the 'event', but discussions on table tennis seemed more appropriate to conversation.
i was a little surprised to see someone who knew about tor, considering how few amongst my fellow engineering college students know about it. but i guess different situations call for different tools.
Slashdot Mirror
http://www.cse.umich.edu/~jhalderm/pub/gd/
If this is to be believed (I haven't tried verifying it myself), then they've committed the most ancient web browser vulnerability I know of (accepting a URL into a fixed size buffer).
well, more accurately they would need to compromise the node immediately adjacent to you and a node near the sender for the attack you're describing (even if they're using multiple encryptions for the transfer like onion routing (which i don't know) you could still have a reasonable guess based on amounts of traffic, despite not having compromised some of the intervening nodes)
Personally, I didn't switch over to Linux until I had a computer that was purely Linux. I had a dual boot machine for a while, but simply never ended up using the Linux partition, except the first time it was installed. Rather than the dual boot helping me learn, it just sat there. The better learning experience was probably doing things for school on the command line over ssh (via putty).
I eventually simply had to make the plunge, and have been very happy with Linux since.
I don't know; when I was in high school, the major reasons I would do what my parents said were, rather than respect, a combination of irrational fear and rational desire to continue to be fed. (but my case was quite atypical)
i personally disagree with the idea that you can have 'freedom of speech' combined with the threat of lawsuits for said speech. if that were the case, china isn't that different. while i don't think that one should be allowed to yell at people, for example, communication between consenting parties should be allowed regardless of its content.
in china, for example, you have (some) freedom to go onto a website and talk about tiananmen square. however, i hope you're ready to take "responsibility" four your speech.
i'm exaggerating of course, but that's not too different from having to take "responsibility" for a comment. a difference, you could say, is whether the speaker is on the side of truth or not, but in china, the tiananmen square massacre is generally not known to have happened.
anyway, the legal proceedings surrounding a lawsuit (or pretty much anything involving a courtroom) are quite a punishment. even if the accusation is thrown out, there is nontrivial inconvenience caused.
because of the difficulty of ascertaining what is 'true' in many cases (not to mention that i hope people will eventually learn to take things with grains of salt), i think that 'freedom of speech' should include 'freedom to lie'. it might seem convenient to live in a world where people never lie, that just isn't possible -- and our current implementation means that one's ability to speak depends on anonymity... or money to spend on lawyers.
y'know what's really ridiculous about the ending?
(spoiler)
so, the danger is radiation, and you are given the choice between two humans to send in. why can't we send in my super mutant buddy? he is immune to radiation... and there's a ghoul you can get as a bodyguard too.
(end spoiler)
government issued incorporation-time signatures -- would this perhaps help?
we already have to trust the government on documents of incorporation. could we add an extra field to the paperwork to include a public key's fingerprint?
number 2 is _not_ a significant improvement over number 1, simply because from a security standpoint, you have gained almost no security by encrypting if you don't know whether you're communicating between the person you want to or perhaps some fake site that looks similar, or a man-in-the-middle attack.
the only improvement is in the case of a purely-passive eavesdropper -- not much of an improvement at all. For eavesdropping purposes, if you can passively eavesdrop, you can probably actively eavesdrop and interrupt or manipulate the connections, because you've got physical access to some wires or routers or just have a laptop running airsnort software in a cafe.
furthermore, having people get used to using self-signed certificates is bad, because it lends man-in-the-middle attacks more apparent legitimacy. so of course eve couldn't fake the signature of the real key, but if any signature will do...
i don't like the existing certificate authorities ($50-$100 per year for a row in a table? sheesh!) much either, but they're needed to have trust between people who have not met before.
i'm a big fan of dance-dance-revolution (or stepmania), but never got a decent pad for home use, and never did it regularly. can anyone comment on it as exercise?
uhg. don't listen to that other guy. anyway. in case you are really curious, consider that (apart from the issues of users and programs and operating systems leaking info accidentally) the servers that run tor nodes are few and have no real system of determining who is trustworthy enough. they put some effort in, for example making sure you don't use nodes too close to one another in your route, but it's not perfect.
an excellent attack that someone with a large-ish amount of money could perform on tor would be to simply host a _lot_ of nodes, and in many different locations. the total number of tor servers is in the mere thousands, i believe. so, if you're willing to spend, say, a few tens of thousands of dollars, you could use hosting services to run your own corrupt nodes. if you control, say, one half of existing tor nodes, there is a 1/2 chance that you can read exit traffic (if you just wanted to get a feel of what tor users are doing), and a (1/2)^3=1/8 chance of both getting knowledge of who the client and server are. in the case of hidden services, it's (1/2)^6, but same deal.
now, if you are, say, at&t, or someone who has access to spying on at&t and other isp's, you don't really even need to break any cryptography or interfere in any way; you just time when someone connects to some server, followed by that server connecting to another, etc, and have a reasonable idea of who is connecting to whom. there's a publicly available list of tor servers to help you test, even :)
in the non-expensive category are such silly things as asking people for their password, or website cookie issues, all of which sound unimportant but of course will give you away.
if you are really interested in such things, i recommend reading whatever papers you feel are interesting from this page:
http://freehaven.net/anonbib/topic.html
you have to consider 'tangible things' to mean an object including its structure; taken to an extreme, consider that 'gold' or 'diamonds' are really just useful or rare configurations of atoms or subatomic particles. but anyway...
patents have a number of weird implications. in the practice we have now in the usa, there are issues with ambiguity whether another idea is covered by a patent (the whole 'claims' system is pretty much built on ambiguity). furthermore, just because the patent is open, the patents are often worded intentionally poorly, so that the ideas don't get out there--and there still exist rather nasty non-disclosure agreements despite the fact that we have a patent system. patents usually don't cover the time consuming process of developing an idea into a product. for most ideas, there's a lot of tough testing, coding, prototyping, or engineering in general that's necessary to make it work; work that is specific to one implementation rather than general like science. there's also the question of authenticity as to who came up with an idea first, or who got to the office first (depending on a country's system), and the ever-looming potential danger of a patent office's corruption or incompetence, which are all possibilities.
even outside of these immediate practical issues, it is very, very difficult to determine what would be 'patentworty'; if we have a group of smart folks who all want to solve the same problem, it's not unlikely that at least a few of them will come up with the same solution. certainly few inventions that would deserve the temporary monopoly under a patent situation are so groundbreaking that noone other than the patenting inventor could think of it. if patents are awarded to someone for an idea that others could have thought of, then the others are disadvantaged rather than benefited by the patent, since they are given information that is not especially ingenious to them, but restricts what they are allowed to do/build/create.
and on a more fundamental level (i'm showing my anti-ip and/or libertarian colors here, heh), a patent system is one which requires a government that can tell someone not to do something, even though his/her doing that thing would not harm someone else except rather indirectly. while the patent system is supposed to be able to protect the little guy from the big evil guy, even if it worked nicely in practice there, it also can harm the little guy.
you say that ideas have value, and i agree with you wholeheartedly. however, we can consider the various intellectual property policies as an optimization problem, where we are trying to maximize the rate of technological advancement as well as minimize the restrictions on freedom. you can think of this in terms of societies in general or individuals, which could change things but the concepts stay the same. it is my opinion that the patent system, as currently implemented and as most people seem to want to implement it, is both far too limiting on freedoms and far too damaging to the advancement of technology.
now, on another note, one patent system that someone here on slashdot mentioned (i wish i could remember who, sorry) is to only award patents to inventors whose idea has been feasible using existing technology for a significant amount of time (the post i heard it in suggested 20 years, though i think that might be too long), but has not been thought of yet, thus showing that it is sufficiently unique an idea. i don't think i'd much mind this sort of system, because even though it conflicts with my generally anti-ip ideology, since it would not involve much damage to the freedom i value so highly while still giving a boost in technological advancement rate over a completely patent-free.
on a side note: consider the values in the house that you mentioned: architectural design, man hours in putting the thing together, stuff like that is not patent related really, and in a completely free system without intellectual property, those things would still be profitable activitie
hey, don't forget justice scalia.
http://en.wikipedia.org/wiki/Antonin_Scalia#On_the_Eighth_Amendment_In_Regards_To_Torture
that's n log(n) comparisons in a comparison sort; we can get around the limitation by, for example, using radix sort, where we do something different from comparison sorts, or by using many many processors, thereby spreading the comparisons around in clever ways. if we go the route of multiple processors, we can achieve very nifty speedups if we have, like, n of them, but even if we only have a few processors, we can get nice speedup from a not-big-oh perspective.
so, basically, n log(n) is not the final word on sorting.
dunno. i am of the opinion that it should be pretty much impossible for an anonymous person to slander on the internet -- at least, it would sort of make sense that if you are being told something by someone you don't know you shouldn't consider it fact very easily.
i believe that slander, libel, defamation, etc are... perhaps outdated concepts. it is probably better for people to check their sources rather than pretend that it is safe to assume what you hear is true. i personally believe that the freedom to lie should not be restricted, even though lying is certainly a bad thing. this is partially because of how awkward cases for slander and libel and defamation can be.
many people, such as yourself, might define 'freedom of speech' differently from how i define it for myself -- and the law certainly has a different view of it than i do. but that's my opinion, and i think that absolute freedom of communication would work. (specifically, i mean allowing consenting parties to communicate whatever they want, not absolute freedom of speech which might be considered to include yelling into an unsuspecting person's ear)
or, to put it another way, if a mere pseudonym is slandering me, i might just ask, "why trust this person?". if people can learn how easy it is to be lied to, then they might learn to check their references, and slandering will become much more difficult. (of course, i do have significant doubts that people will learn to do this... but if people are sheltered from simple communication, then they might never learn.)
well, i think that was the point of the ambiguous coward, that if it actually made some non-government person or organization angry, that person or organization could perhaps have a way to request an appeal. ie, it requires that some person have an interest in the case. 'the government' would have to at least do something creative like astroturf or whatever to get it appealed, if nobody outside of it disliked the lesser court's opinion.
again, i don't know how practical that is, but it is a neat idea.
i'm curious; i've heard stuff about it before and am considering switching. does it have anything like enigmail for encrypting/decrypting stuff with gpg?
you mean like the committee on redundancy committee?
hi, i'm perhaps not as zeal-ful as mr. shield wolf, but i agree with his position:
/. once in a while regarding pharmaceuticals and other things.
:)
in any case, there aren't many differences between government organizations, corporations, or other organizations; it seems that the larger something gets the poorer its management is. it's certainly true that government is inefficient, i just don't think that corporations are a significant improvement.
(as a side note, if i had to describe my political leanings, i'd say libertarian also. in fact, so libertarian that i'd argue against copyright and patent law, but i that's a story for another day)
in any case, there are various cases where the government has contributed money to advancing various things that have worked out decently. for example, the french give money to artists or something, though i don't know the specifics there. for us us-ians, there's the nsf, which gives money based on proposals to scientists/researchers/professors who will do generically interesting stuff. the main ingredient for the (relative to the typical government organization) success of them is that they don't really seem to try to manipulate who they give funding to. people just submit proposals, and they have some small chance of succeeding. no, it's not perfect: for example, many people get less funding if they work on a project that has less chance of success but potentially a great benefit. it's kind of arbitrary, but it works. i wish they'd spend less money on the war and more on science; the nsf's funding is relatively small compared to, well, most other things we hear about.
also, many people interested in advancing the state of the art of the community/planet get patrons (universities) to pay them more than decent wages, even if the competition for those jobs is tough.
in any case, the people doing research aren't paid like government workers, since they aren't, really. they're more like contractors or consultants, and they have to keep demonstrating their smarts or they won't get any more money.
i know you mention that a lot of smart people will move to working on closed source stuff for the money -- hey, it happens, but many people who are really dedicated to their field would rather have the freedom (yes, freedom) of not being part of a corporation. in many fields, it seems that more generally good research comes from the universities rather than the corporations, since the corporations are too busy trying to outmarket each other and lobby the gov (or just too short-sighted) to research general stuff outside of a monopoly situation (and one could argue that they would only do general research then because raising the water level raises them, and almost only them, up). it comes up on
a lot of the great research coming from corporations is more like the universities, where those employees are paid to do general research and thus advance the name of the company -- it's not research that will directly go to profit, and it usually doesn't happen unless the company has a lot of market share. the famous example is bell labs, and more recently microsoft is acquiring many smart researchers who will just work on their pet projects, and at&t or microsoft benefit from them. doing so requires the ability to spend money for the long term, which usually most feasible when you're on top in a market.
actually google's a funny example: they're a company which runs pretty much on pixie dust and unicorn farts. they generate a decent amount of revenue, but their main source of money is stock market related; since people keep buying google's stock, google gets a lot of capital to spend on research (one day a week, have fun on a pet project that is unlikely to go prime-time) and fun/cool purchases like youtube or (more recently) attempts at airwaves. ok, talking about google was a bit of a digression
so, in summary, art, research, and to some extent, coding, are subjects that just don't benefit mankind as well if done with corporations and the free market, and some kind of socializing of that would make sense. (i'd also argue that it shouldn't be a thing limited to our country; ideas made in one country are just as useful in another)
it could work for the same reason email between username@hotmail.com and username@yahoo.com works. or nearly the same reason. or very much like openid. i could make anonymous brave guy@slashdot a friend of my blog on wherever else, and so the server that hosts my blog would, assuming i told it so, only tell someone who can authenticate as you (ie, you, assuming your site isn't hacked and you didn't give out a password etc) my personal info.
similarly, it would have the benefit of being relatively spamless, if my blog doesn't accept comments from non-friends and none of my friends got hacked.
http://ubuntusatanic.org/
i've been using ubuntu satanic edition. it's fast, slick and secure, but i have to sacrifice virgins once in a while.
mmm, i feel awkward replying to a reply like that, but anyway, it's matt blaze; i'd say it's pretty credible, and also was quoted in bruce schneier's blog. blaze is a reasonably well known security and cryptography guy. as far as the psychic powers thing goes, i think you just aren't getting his brand of humor (i have met him in real life, and he's kind of awkward sometimes, but funny)
actually, it appears that all the voting machines that were audited in california were pretty bad, full of 'garden variety' mistakes and security flaws.
http://www.crypto.com/blog/ca_voting_report/
well, by being 'tamper evident' as you say, you are in fact tamper proof, so long as the data is well stored (and tape drives, cd or dvd jukeboxes, etc can do a good job of this). an iron-clad 'tamper-proof' box is not, in fact, tamper proof if one can simply substitute another iron-clad box in its place. this is the reason that only having a dvd jukebox wouldn't be secure (though again, i don't know what the regulation's requirements are). a nefarious company could simply juxtapose dvd's. remember that the ones who would be interested in tampering with the data are also the same folks who are storing and maintaining it.
i don't know much about the laws/regulations in question here, but yes, there isn't anything stopping someone from making a new 'worm' storage device and claiming it to be new unless there's a third party who will remember identifying information on the data.
if i really wanted to make sure my archives weren't tampered with, i'd bring my data (in whatever medium, the 'worm' thing wouldn't be necessary to ensure non-tampering, though it'd be good for storage purposes) to a trustworthy and hopefully vaguely computer savvy notary. then, i and the notary would hash the data, write up a form that says "i, name here, declare that on this date data with this hash value, some hexadecimal, was filed. signed, signature".
storage aside, this means that for someone to tamper with it they'd have to either bribe/coerce/kill people who saw this form (difficult) or reverse a cryptographic hash (even more difficult). so, pick a good notary (or submit the hash value to the gov maybe?) and a good hash function (like a larger sha or whirlpool) and i think you're tamperproof.
of course, i don't know the regulation so i don't know if this matches the needs of the article.
from what i understand, more or less everyone except for chinese citizens know about it.
in a very informal questioning (aka, discussion over dinner) by me regarding the great firewall of china with two chinese engineering interns doing a summer thing over here in the usa, one knew about tor and had used it and other proxies regularly to access wikipedia back when it was banned, and the other gave me a condescending grin and said basically sanitation of lies is good.
i wonder if i should have asked about the 'event', but discussions on table tennis seemed more appropriate to conversation.
i was a little surprised to see someone who knew about tor, considering how few amongst my fellow engineering college students know about it. but i guess different situations call for different tools.