Don't blame the platform leaders if someone else doesn't develop a new file system.
Huh? Everybody else *HAS* developed new filesystems, and worked damn hard to make it easy for them to interoperate.
Microsoft and Apple are the johnny-come-latelys here, not Unix. I'm blaming them for what they've failed to do, not any perceived failures of others, as you are mischaracterizing.
Hell, recent versions of MacOS include basic encryption features already - built into the OS.
Yep, and so does Windows 2000. Both of them incompatible with each other, and with the previously-existing standards.
Microsoft doesn't follow *ANY* standard fully. They don't even follow RFC 1521 properly in Outlook Express, their most popular email product.
They sure as hell don't do NFS without pulling teeth, and their "enhancements" make it just short of impossible for anybody else to make a properly-encrypted filesystem. Oh, you can make one that will protect the files from being read if the hard drive is removed, but you can't protect files from other users on the same server at all.
Only Microsoft (or somebody they've licensed the source to) can write that, and they won't follow any standards when they do; just roll their own, so it'll be incompatible with everything else, so they can embrace, extend, and extinguish. Business as usual.
They've been convicted of it again for the second time in 6 years. How many more will it take before you see it?
That's BS and you know it. Both MS and Apple's OSes have publicly documented interfaces for custom filesystem modules.
What does that have to do with the fact that they don't *INCLUDE* any such filesystems with their OSes?
Or the fact that their documented interfaces are wildly different than those used by the majority of other OSes, making it a real PITA to code for them?
It's not BS, and I know it.
Fact: Microsoft could choose to work with the Unix world to support a standard.
Fact: They choose not to.
Fact: They change their own interfaces so often that not even the Microsoft-world encrypted filesystems (such as SFS) can keep up.
If you really want encrypted access to your files from Microsoft, Apple, and Unix, you basically have one choice:
NFS over secure tunnels. SSH is probably good enough, IPSEC is better. There are other options, but they're even more expensive.
I didn't make it that way, it just is.
If it wasn't, there'd BE a cheap cross-platform standard, because so many people want one. Microsoft would NEVER package such a standard, however, because it goes against their strategy of trying to get people to switch their whole networks to NT.
If you could access your encrypted Unix filesystems from NT clients with out-of-the-box, supported-by-Microsoft tools, you'd have less impetus to switch those servers to NT, and Microsoft would never allow that.
That's why they don't support standards worth a flip, it's why they try to break Samba every couple of service packs, and it's even why their telnet client sucks big green donkey dicks.
That's true, but the internet has no impact on that freedom. Barring you access to internet has no more affect on your right to free speech than a publisher refusing to publish your book.
That depends upon who's doing the barring.
I assure you, if the government ordered ALL publishers to refuse to publish your book, that would be viewed as an unConstitutional violation of your freedom of speech and of the press.
If each and every single publisher decided seperately to refuse you, that's not a violation of your freedom, it's an indictment of your writing ability.:-)
There is a cross-platform standard for reading a disk on every OS; it's called "tar".
Microsoft has chosen to make it difficult for you to use this standard, but free tools exist to allow it. You could carry them on a 2nd disk.
Said files could be encrypted with PGP or any other tool; you'd probably want to carry that on a disk too, since privacy-enhancing tools aren't considered important by the OS manufacturers either.
There is no cross-platform encrypted filesystem that works on everything; your best bet would be to carry your files around in tar format, decrypt them on the local disk when you need them, and securely wipe them off the local disk when you're done with them.
BTW, the primary obstacles to such a filesystem are Microsoft and Apple.
Again, we have the privelege of being able to use encryption to prevent snooping.
No, actually, that one's a right; Freedom of Speech.
Nowhere does our Constitution guarantee "freedom of speech, but only in English". We have an absolute right for that speech to be gobbledigook, or to merely seem like gobbledigook until the proper key is applied.
We desperately need a constitutional amendment guaranteeing us a right to privacy, including encryption and control of our data.
Assume they log everything, for purposes of guaranteeing your own privacy.
Assume they log nothing, for purposes of maintaining your own documentation.
Because the fact is, they probably don't log what you need them to log, and log all sorts of crap you wouldn't want them to.
What they should log, IMHO, is everything they can, but only keep it for a couple of weeks.
Having made use of everything from error logs to snooped IRC traffic to bust intruders on my systems, I recognize both the value of such logs, and the potential for abuse.
Doing a brief search on two law databases shows that in the most obvious cases of this nature, the company doing the reading won their case 17 times to every 1 that they lost.
What that statistic doesn't show you is that in the vast majority of such cases, they settle out of court, because they know they're on shaky ground.
You're just seeing the cases where they weren't on shaky ground, and took it to court.
My ex-employer folded like a house of cards 'cause they knew I had 'em by the short and curlies.
They better hope they do nothing to jeopardize that; it's the only thing that prevents them from being liable for the content of every email that passes through their system, like your employer is.
Last time this happened, I looked at the headers of the usenet reply, went to the usenet newsgroup in question, and asked the person to not use my domain for nospam email addresses. The person, rather embarassed, was nice about it and changed his fake email address.
Nobody's used my domain for that purpose yet, but if they do, I'll check usenet, find out their actual address, and then set up a forwarding rule so they get their mail.:-)
Yahoo can do whatever it wants with your electronic mail; its sitting there on their servers, after all.
Nope. Yahoo is a carrier, not your employer.
Read the ECPA. That provision has never been ruled unconstitutional, it's been sitting there quietly in effect since 1986.
Only U.S. Postal Service mail is protected with the felony mail tampering law.
Different law.
However, I mention this because it brings up an interesting point; FedEx and UPS packages aren't mail, and aren't subject to that law. Keep that one in mind...
Your employer is well within their rights to look at your browsing habits while on company time, inspect the contents of the perimeter web cache, and even read whatever is on their hard drive(s). (They can also inspect every packet inside their network.) Anything entering or leaving the company can be subject to inspection. (sad isn't it.)
That's not what the top-rated law firm in the state told them, and it's not what my home-town lawyer told me.
If the contents of those packets are private email, it's a felony to read them unless they're in the company's email system. The fact that they're traversing the company's network doesn't change that, according to all the research everybody involved did.
Registrant: Mike O'Connor (BAR-DOM) 2168 W. Hoyt Ave. St. Paul, MN 55108
Domain Name: BAR.COM
Administrative Contact, Technical Contact, Zone Contact, Billing Contact: O'Connor, Mike (MO35) mike@HAVEN.COM O'Connor Company of St Paul 2168 W. Hoyt Ave St Paul, MN 55108 651-647-6109
Record last updated on 21-Apr-2000. Record expires on 23-Apr-2001. Record created on 22-Apr-1994. Database last updated on 8-Jul-2000 18:43:43 EDT.
Actually, yahoo can do what they want with your email, including letting anybody they want read it. Since it's on servers they own, technically, they own all the email, even users private email.
That has been incorrect since 1986. There is a specific law against it in the United States, and it is a seperate felony count for *EACH* email.
Just like at work, you're employer has rights to read and do what they want with your email since it's on their equipment.
That is a specific exception in the law; your employer can read email that exists in their mail system, and they can prohibit you from accessing your private mail from work (and fire you if you do), but they can't look at your private email even if you access it from their equipment.
Trust me on this one; it's what my last employer's lawyers told them shortly before I left.:-)
That's why I don't use "@nospam.com" for that stuff.
I use billg@microsoft.com if I don't care who reads it, and an alias that is procmailed into/dev/null if I want it as private as possible. Sucks up a little of my bandwidth, but I have an OC3 on that box...
Get a free Yahoo account, and then never check it and just let 'em delete it for you when it fills up. Since it's actually your account, it'd be a felony for Yahoo to reveal the contents of the email, so you're set.
The problem is not that the database is central by nature, it is meant to be distributed. The problem is that the authority over those databases is central.
What is really needed is a distributed authority and a protocol to support that.
It's thirteen different servers now for the root, and millions once you go below the TLD. How distributed do you want it?
BTW, those thirteen are not owned by a single company. They're owned by companies, and military sites, and government sites.
Salesperson: Well, if you feel you really have to leave, you can climb that ladder into the rafters, walk across that I-beam to the far side of the store, and shimmy down the drainage pipe. But then you'd be missing our sale on OS/4 Impulse for Dishwashers...
What one does in that situation in the real world, if the exit door is sufficiently difficult to reach, is demand a manager and then begin one's next sentence with "open this fucking door now or..."
That can be acheived quite nicely in the Internet world with an email, although I recommend leaving out the profanity since email is so easily deleted.
(Whereas, to delete you in person requires ejecting you from the building, which is what you wanted to acheive anyway.)
What about a distributed search engine type of approach?
Let's see, how would that work.
First, you'd have to have some way of knowing where to start searching. Say, a file listing the sites that knew the further info. There could be several of them, say 13 of them for redundancy.
Then, you'd need a standard protocol for talking to them.
You could type a name into a search tool, and it'd use that standard protocol to go get the information.
Each of those sites would have enough information to know where to go for the next part.
You could break it up by words; so that, for instance, all of the 13 core servers would know where to go for information about.com, and then the servers that new.com would know who knew about.microsoft.com, and then that server or servers would know about support.microsoft.com.
That would let you have as little or as much redundancy at each stage as you cared to.
We already have a distributed search engine approach to DNS. It has to be deterministic, however; you don't want somebody typing the address you gave them on your business card and getting your competitor's page.
Or, worse; sending email to your email address and having it go to somebody else.
"Here's your password for online ordering using your credit; we're sending it to what our search engine says is your address. Order away!"
Many products are like this. Retailers aren't allowed to split up their family-size packages of.. say, shampoo(ie 2 bottles shrink wrapped together, and sold as a unit), and sell them individually, why should this be different for software?
Don't mistake "the package says" for "not legally allowed to".
You'll note that most of them don't say "this package may not be resold" anymore; most of them say "not labelled for individual sale" and have no UPC code, which makes things hard for a retailer who wants to sell them.
Before we all get on the "France is standing up to government intrusion" bandwagon, let's remember that France is well-known for "borrowing" travelling executives' laptops at customs, long enough to copy the entire hard drive. And they have, at least once, completely trashed the hotel rooms of major aerospace executives during the Paris airshow to gather information.
Hell, they took a privacy-killing concept we invented and have repeatedly discarded as a bad idea, and implemented it as law. Fix that before you bitch about us, France.
EPIC has called France's encryption policies "perhaps the most restrictive in the world next to Russia".
They require a license to *IMPORT* crypto, and even DES keys are required to be deposited with the government.
Slashdot Mirror
Don't blame the platform leaders if someone else doesn't develop a new file system.
Huh? Everybody else *HAS* developed new filesystems, and worked damn hard to make it easy for them to interoperate.
Microsoft and Apple are the johnny-come-latelys here, not Unix. I'm blaming them for what they've failed to do, not any perceived failures of others, as you are mischaracterizing.
Hell, recent versions of MacOS include basic encryption features already - built into the OS.
Yep, and so does Windows 2000. Both of them incompatible with each other, and with the previously-existing standards.
Microsoft doesn't follow *ANY* standard fully. They don't even follow RFC 1521 properly in Outlook Express, their most popular email product.
They sure as hell don't do NFS without pulling teeth, and their "enhancements" make it just short of impossible for anybody else to make a properly-encrypted filesystem. Oh, you can make one that will protect the files from being read if the hard drive is removed, but you can't protect files from other users on the same server at all.
Only Microsoft (or somebody they've licensed the source to) can write that, and they won't follow any standards when they do; just roll their own, so it'll be incompatible with everything else, so they can embrace, extend, and extinguish. Business as usual.
They've been convicted of it again for the second time in 6 years. How many more will it take before you see it?
--
Actually, after reading Reid v. Covert, 354 U.S. 1 (1957), it appears that you are indeed correct.
:-)
Serves me right for dropping out of pre-law before we got to that.
--
That's BS and you know it. Both MS and Apple's OSes have publicly documented interfaces for custom filesystem modules.
What does that have to do with the fact that they don't *INCLUDE* any such filesystems with their OSes?
Or the fact that their documented interfaces are wildly different than those used by the majority of other OSes, making it a real PITA to code for them?
It's not BS, and I know it.
Fact: Microsoft could choose to work with the Unix world to support a standard.
Fact: They choose not to.
Fact: They change their own interfaces so often that not even the Microsoft-world encrypted filesystems (such as SFS) can keep up.
If you really want encrypted access to your files from Microsoft, Apple, and Unix, you basically have one choice:
NFS over secure tunnels. SSH is probably good enough, IPSEC is better. There are other options, but they're even more expensive.
I didn't make it that way, it just is.
If it wasn't, there'd BE a cheap cross-platform standard, because so many people want one. Microsoft would NEVER package such a standard, however, because it goes against their strategy of trying to get people to switch their whole networks to NT.
If you could access your encrypted Unix filesystems from NT clients with out-of-the-box, supported-by-Microsoft tools, you'd have less impetus to switch those servers to NT, and Microsoft would never allow that.
That's why they don't support standards worth a flip, it's why they try to break Samba every couple of service packs, and it's even why their telnet client sucks big green donkey dicks.
--
That's true, but the internet has no impact on that freedom. Barring you access to internet has no more affect on your right to free speech than a publisher refusing to publish your book.
:-)
That depends upon who's doing the barring.
I assure you, if the government ordered ALL publishers to refuse to publish your book, that would be viewed as an unConstitutional violation of your freedom of speech and of the press.
If each and every single publisher decided seperately to refuse you, that's not a violation of your freedom, it's an indictment of your writing ability.
--
There is a cross-platform standard for reading a disk on every OS; it's called "tar".
Microsoft has chosen to make it difficult for you to use this standard, but free tools exist to allow it. You could carry them on a 2nd disk.
Said files could be encrypted with PGP or any other tool; you'd probably want to carry that on a disk too, since privacy-enhancing tools aren't considered important by the OS manufacturers either.
There is no cross-platform encrypted filesystem that works on everything; your best bet would be to carry your files around in tar format, decrypt them on the local disk when you need them, and securely wipe them off the local disk when you're done with them.
BTW, the primary obstacles to such a filesystem are Microsoft and Apple.
--
Again, we have the privelege of being able to use encryption to prevent snooping.
No, actually, that one's a right; Freedom of Speech.
Nowhere does our Constitution guarantee "freedom of speech, but only in English". We have an absolute right for that speech to be gobbledigook, or to merely seem like gobbledigook until the proper key is applied.
We desperately need a constitutional amendment guaranteeing us a right to privacy, including encryption and control of our data.
We just need for the US government to choose to sign the Universal Declaration of Human Rights and recognize it as a treaty; it would then override the Constitution itself per Article VI.
--
Assume they log everything, for purposes of guaranteeing your own privacy.
Assume they log nothing, for purposes of maintaining your own documentation.
Because the fact is, they probably don't log what you need them to log, and log all sorts of crap you wouldn't want them to.
What they should log, IMHO, is everything they can, but only keep it for a couple of weeks.
Having made use of everything from error logs to snooped IRC traffic to bust intruders on my systems, I recognize both the value of such logs, and the potential for abuse.
--
Doing a brief search on two law databases shows that in the most obvious cases of this nature, the company doing the reading won their case 17 times to every 1 that they lost.
What that statistic doesn't show you is that in the vast majority of such cases, they settle out of court, because they know they're on shaky ground.
You're just seeing the cases where they weren't on shaky ground, and took it to court.
My ex-employer folded like a house of cards 'cause they knew I had 'em by the short and curlies.
--
Look for "Electronic Communications Privacy Act".
Yahoo is a carrier.
They better hope they do nothing to jeopardize that; it's the only thing that prevents them from being liable for the content of every email that passes through their system, like your employer is.
--
Last time this happened, I looked at the headers of the usenet reply, went to the usenet newsgroup in question, and asked the person to not use my domain for nospam email addresses. The person, rather embarassed, was nice about it and changed his fake email address.
:-)
Nobody's used my domain for that purpose yet, but if they do, I'll check usenet, find out their actual address, and then set up a forwarding rule so they get their mail.
--
Yahoo can do whatever it wants with your electronic mail; its sitting there on their servers, after all.
Nope. Yahoo is a carrier, not your employer.
Read the ECPA. That provision has never been ruled unconstitutional, it's been sitting there quietly in effect since 1986.
Only U.S. Postal Service mail is protected with the felony mail tampering law.
Different law.
However, I mention this because it brings up an interesting point; FedEx and UPS packages aren't mail, and aren't subject to that law. Keep that one in mind...
--
Your employer is well within their rights to look at your browsing habits while on company time, inspect the contents of the perimeter web cache, and even read whatever is on their hard drive(s). (They can also inspect every packet inside their network.) Anything entering or leaving the company can be subject to inspection. (sad isn't it.)
That's not what the top-rated law firm in the state told them, and it's not what my home-town lawyer told me.
If the contents of those packets are private email, it's a felony to read them unless they're in the company's email system. The fact that they're traversing the company's network doesn't change that, according to all the research everybody involved did.
--
Well, I usually use 'foo@bar.com'...
Registrant:
Mike O'Connor (BAR-DOM)
2168 W. Hoyt Ave.
St. Paul, MN 55108
Domain Name: BAR.COM
Administrative Contact, Technical Contact, Zone Contact, Billing Contact:
O'Connor, Mike (MO35) mike@HAVEN.COM
O'Connor Company of St Paul
2168 W. Hoyt Ave
St Paul, MN 55108
651-647-6109
Record last updated on 21-Apr-2000.
Record expires on 23-Apr-2001.
Record created on 22-Apr-1994.
Database last updated on 8-Jul-2000 18:43:43 EDT.
Domain servers in listed order:
NS.GOFAST.NET 209.46.63.1
NS.MR.NET 137.192.240.5
--
Actually, yahoo can do what they want with your email, including letting anybody they want read it. Since it's on servers they own, technically, they own all the email, even users private email.
:-)
That has been incorrect since 1986. There is a specific law against it in the United States, and it is a seperate felony count for *EACH* email.
Just like at work, you're employer has rights to read and do what they want with your email since it's on their equipment.
That is a specific exception in the law; your employer can read email that exists in their mail system, and they can prohibit you from accessing your private mail from work (and fire you if you do), but they can't look at your private email even if you access it from their equipment.
Trust me on this one; it's what my last employer's lawyers told them shortly before I left.
--
That's why I don't use "@nospam.com" for that stuff.
/dev/null if I want it as private as possible. Sucks up a little of my bandwidth, but I have an OC3 on that box...
I use billg@microsoft.com if I don't care who reads it, and an alias that is procmailed into
Get a free Yahoo account, and then never check it and just let 'em delete it for you when it fills up. Since it's actually your account, it'd be a felony for Yahoo to reveal the contents of the email, so you're set.
--
Alternic didn't "break" things by itself, it worked pretty well. I used to administrate an ISP, and we used it.
The problem was, their founder engaged in some questionable activities that effectively destroyed their credibility.
The other problem was, hardly anybody used it, so there was little incentive for anybody except 31337 h@X0r's to use it.
--
The problem is not that the database is central by nature, it is meant to be distributed. The problem is that the authority over those databases is central.
What is really needed is a distributed authority and a protocol to support that.
It's thirteen different servers now for the root, and millions once you go below the TLD. How distributed do you want it?
BTW, those thirteen are not owned by a single company. They're owned by companies, and military sites, and government sites.
They're not even all in the United States.
--
Salesperson: Well, if you feel you really have to leave, you can climb that ladder into the rafters, walk across that I-beam to the far side of the store, and shimmy down the drainage pipe. But then you'd be missing our sale on OS/4 Impulse for Dishwashers...
What one does in that situation in the real world, if the exit door is sufficiently difficult to reach, is demand a manager and then begin one's next sentence with "open this fucking door now or..."
That can be acheived quite nicely in the Internet world with an email, although I recommend leaving out the profanity since email is so easily deleted.
(Whereas, to delete you in person requires ejecting you from the building, which is what you wanted to acheive anyway.)
--
What about a distributed search engine type of approach?
.com, and then the servers that new .com would know who knew about .microsoft.com, and then that server or servers would know about support.microsoft.com.
Let's see, how would that work.
First, you'd have to have some way of knowing where to start searching. Say, a file listing the sites that knew the further info. There could be several of them, say 13 of them for redundancy.
Then, you'd need a standard protocol for talking to them.
You could type a name into a search tool, and it'd use that standard protocol to go get the information.
Each of those sites would have enough information to know where to go for the next part.
You could break it up by words; so that, for instance, all of the 13 core servers would know where to go for information about
That would let you have as little or as much redundancy at each stage as you cared to.
Then you would have to fully document that standard according to currently-accepted Internet documentation standards.
Would that do the trick?
(serious mode on)
We already have a distributed search engine approach to DNS. It has to be deterministic, however; you don't want somebody typing the address you gave them on your business card and getting your competitor's page.
Or, worse; sending email to your email address and having it go to somebody else.
"Here's your password for online ordering using your credit; we're sending it to what our search engine says is your address. Order away!"
--
Many products are like this. Retailers aren't allowed to split up their family-size packages of.. say, shampoo(ie 2 bottles shrink wrapped together, and sold as a unit), and sell them individually, why should this be different for software?
Don't mistake "the package says" for "not legally allowed to".
You'll note that most of them don't say "this package may not be resold" anymore; most of them say "not labelled for individual sale" and have no UPC code, which makes things hard for a retailer who wants to sell them.
--
How long have you been waiting to use that title, Taco? :-)
--
At this rate freedom on the net in America will become a myth by the end of the decade.
That's mighty pessimistic, since the decade ends in less than 6 months.
--
You could use sticky keys to enter ctrl-alt-combinations..
You keep doing all that one-handed typing, and you're gonna have sticky keys...
--
Hey, is NT still using the same TCP stack as Windows 95?
--
Before we all get on the "France is standing up to government intrusion" bandwagon, let's remember that France is well-known for "borrowing" travelling executives' laptops at customs, long enough to copy the entire hard drive. And they have, at least once, completely trashed the hotel rooms of major aerospace executives during the Paris airshow to gather information.
Further, their "invading our citizens' privacy" complaints are ironic in light of their own law requiring private encryption keys to be held by third parties so the government can snoop.
Hell, they took a privacy-killing concept we invented and have repeatedly discarded as a bad idea, and implemented it as law. Fix that before you bitch about us, France.
EPIC has called France's encryption policies "perhaps the most restrictive in the world next to Russia".
They require a license to *IMPORT* crypto, and even DES keys are required to be deposited with the government.
Yeah, big on privacy, those French.
--