"And yet everyone says security by obscurity isn't security at all."
Obscurity is not security, but can be complementary. In the VoIP example the security would be the encryption of your signal, the obscurity would be the addition of meaningful UDP packets.
Obscurity is helpful when dealing with cursory inspections, but doesn't actually increase security because being secure requires more than being non-obvious.
Think of contraband transportation. Driving around with illegal contraband in plain sight - say sitting on your passenger seat of your car - is just as insecure as putting the contraband in your glove compartment... any investigation into what you are doing and the jig is up. Putting the contraband in your glove compartment simply reduces the chance that questions about what you are doing will arise which is helpful, but not secure.
"they were too slippery and would move about the floor."
For my friends and I the powerpad on a slippery surface was the only way to go, but we were a pretty violent bunch even as youngsters.
There was a whole new excitement to playing when you knew that sooner or later that pad was going to get ripped out from under you - just as you were landing a hurdle - sending you slamming to the floor.
After a while we decided a player would automatically win the game if they were able to jump off the pad without falling when another player tried to spring this on them.
Actually, now that I think about it... after a while we all feared getting on that fucking powerpad, but no one wanted to be the pussy who admitted it and backed out of the game.
"Be your own news source, instead of settling for second-hand sensationalism."
So you are suggesting that once we succeed at being our own news source we keep that info to ourselves? If I chose Rolling Stone to disseminate the information I gathered firsthand it would immediately be devalued?
The RS article is old news, all of which I have seen reported elsewhere in recent weeks, but I fail to see how it is counterproductive to publicize the evolution of surveillance states.
On a side note, Rolling Stone being a glossy mag came about as a nod to the power of photojournalism in popular culture. There are anthologies published of RS photos and they hold significant historical and artistic value. As a disclaimer, I haven't been interested enough in pop culture to actually pick up an issue in years, but that doesn't mean the value isn't still there for others.
"... what ramifications does ISO's decision actually have?"
A brief summary:
Storing data in an open document format will ensure the accessibility of that data moving forward, regardless of software vendor, changes in the software ecosystem, etc... because anyone will be able to implement their own version of the standard for retrieving the stored data should that become necessary.
With this in mind, governments and institutions around the world are looking at ways they can ensure the accessibility of their documents unconditionally moving into the future. The impact of these new open document format policies will be huge on software purchasing decisions, as any software package used to generate, modify, or read documents will need to comply with the open document format.
Enter MS and OOXML, a document standard that has now been validated by and internationally accepted ISO review procedure.
There are questions about the way the standard was written, whether it can actually be implemented, whether any implementation would require dependence on proprietary MS technology, and whether the dominant MS products would adhere to the strict letter of the standard or break compatibility with non-MS implementations as has happened in other instances with MS implementations.
Finally, there are questions about whether bribery and other underhanded tactics were used to secure a fast track process and passing vote through the ISO process.
If OOXML is allowed to stand there are concerns that MS will effectively achieve lock-in with the governments that opt for OOXML technology, because access to data stored in OOXML documents will remain dependent on MS.
"Also I don't know if I would say the NES Power Pad was a failure, a lot of people I know had it and we all had a blast playing Track and Field."
Track and Field w/the power pad was a huge phenomenon in my neighborhood. I can see how anyone old enough to recognize how funny they looked while using it would consider it a failure though. My friends and I were probably at just the right age to be able to get into the concept without feeling silly.
The publisher in question was different from most Vanity Presses in that they advertised for submissions, provided super-positive feedback from 'real critics,' and only after leading the authors to believe they were about to strike it rich would they ask for money to subsidize the publishing.
The sci-fi authors were outing the scam.
It was kinda like those Nigerian guys who need your account info, only the money they are going to give you is going to come from your soon to be bestseller instead of a disused slush account.
"I can stand on a public street corner and say "George W. Bush sucks big hairy donkey dicks!" all I want..."
Uh, no you can't. There are still obscenity laws, and they are enforced when complaints are made, especially if minors are within earshot.
I knew a guy who was charged for shouting an obscene comment to a buddy while they were kayaking near a swimming area. The Christian youth group that was having an outing on the shore apparently called the police who were waiting when my friend came ashore. He ended up with ten hours of community service or some such nonsense, probably because the church members showed up at the court en masse as some sort of statement.
"Particularly one that's practically indistinguishable from Java, which runs perfectly on both Windows and Linux by design."
Except that Java doesn't run perfectly on Windows and Linux. Many people see C# as a language that set out to be a better Java than Java, and many people feel that on the Windows platform it succeeds. Combine that with the existing Windows install base and you have a pretty compelling reason to develop in C# over Java.
Ten years down the line, however, I could see C# facing extinction if it does not become truly cross platform.
Stone is getting out of the micro category. I've seen it being peddled in some New England liquor outlets, which is wide distribution for a microbrew.
That being said, their third anniversary bash was the most satisfying brew trip I have taken... I still have the green and gold bottle from their anniversary recipe sitting on a shelf in my workspace.
"Anybody found to have a zombied computer should have their Internet connection cut off immediately and it should only be restored when they can demonstrate that they have removed the offending operating system and either installed a free and secure alternative, or bought a Mac"
You really want ISPs making these decisions? Perhaps you are suggesting some new governmental agency decides when and where to summarily terminate someone's connection?
The only probable result is that marketing campaigns will seem even more boorish and annoying to demographic outliers as the campaigns become tuned to the desires of core members of the target demographic.
No skin off my back... I haven't actually paid attention to a commercial for years, and I only read print ads that are in scientific and tech related publications.
While on the subject, I have often thought it would be nice if ads were filled with enough technical data about a product to perform a comparative evaluation against similar product ads. I doubt that will ever happen, though.
"Wake me when there's actual information to fight totalitarian governments being spread on Freenet, instead of just child porn and UFO conspiracy theories (I guess they'd be WTC conspiracy theories now)."
This kinda strikes me as an 'if you build it they will come' situation.
The types of sharing networks this tool provides are already useful to certain types of people.
Unless there are some serious reversals in governmental surveillance policies, tools like this will only become more valuable.
Somewhat O/T, but I just finished the book Strange Angel by George Pendle, which chronicles the origins of professional rocketry programs in the U.S. I have a whole new appreciation for how far we have come now that I know more about where things started.
The book reveals some truly bizarre goings on with the founders of the rocketry movement and includes appearances by Alistair Crowley, cultists, famous sci-fi authors, communists, and a swindling L. Ron Hubbard prior to the founding of Scientology.
I thought I was fairly well versed in the origins of the U.S. space program, but it turns out I didn't know the first thing.
The main problem with revolution is finding enough people you can trust after the conflict. If you win then there is all this power to be distributed... and if you lose then there is a wicked manhunt.
In my entire life I have met two people I would trust enough to rise up with and take the consequences (win or lose) afterwards.
Back on-topic: Space exploration joins progress in art and literature on my list of indicators that a civilization is truly prospering. Space exploration, much like astronomy, lacks the utilitarian nature of many other branches of science, and I have always considered it to be one of the brightest signs of our progress as thinking beings. Our continuing withdrawal from funding space related endeavors strikes me as a sad indicator of where we are headed.
Unfortunately such a withdrawal of OSI participants in response to MS involvement would be a PR victory for MS.
One of the most common perceptions I find among my MS clients is that open source and zealotry go hand in hand. If MS appears to be embracing the community and the community rejects them the concept of the open source community as a collection of immature idealists (read not corporate America ready) would be cemented in many minds.
When MS does begin their full force campaign to infiltrate the OSS community it should be met with carefully considered diplomacy, not blunt force resistance. Anything else will be a victory for MS.
The really funny part of the story is how much free publicity Apple gets every time the iPhone gets 'hacked.'
Hacking the iPhone does not damage credibility the way hacking a software package does. Instead, these hacks are beckoning people to the platform with the promise of previously unattainable functionality on a handheld.
If I were launching a new device I would follow Apple's lead on this one... possibly even setting up a dark proxy org to regularly hack my device.
No, it wasn't. It was a device that deviated from what what the TSA workers considered normal.
Ignoring the fact that the TSA foot soldiers are charged with the impossible task of assessing the threat potential of every unidentified device removes the culpability from the people who charged the TSA workers with this impossible task.
When the screening personnel miss firearms feel free to diss on them...
"The airport "security" is just silly "security theatre" and does nothing to improve safety."
I think you need to re-read my post. My entire point was that the current security schemes will only work against obvious conventional threats, nothing more.
And yet we have built this egregiously cumbersome security mechanism... which will most likely fail against the first unconventional threat that comes its way.
And who will be blamed for that failure? Surely not the architects of the system, because they will clearly point to all the measures they have taken, and the immense budgets they have alloted to secure flights. Therefore it must be the TSA grunts who failed to perform their appointed duties...
Maybe I needed to state my point more concisely in the original post. The system will fail and the point of failure will not be identified correctly.
"It really boils down to the technically ignorant doing work that requires at some point a certain minimum level of technical competence. Kind of like a PHB making computer and networking decisions."
I don't think you are being fair.
Protecting travelers from new attack vectors in real time based on an x-ray and basic visual inspection is not a job that can be performed reliably with any standard skill set. What the TSA actually appears to be aiming for is people who can identify a gun/knife/conventionally designed incendiary device, so that nobody has to stand in front of the cameras after an incident and explain how we missed the conventional threat during screening.
Unconventional threats cannot reliably be prevented through the methods the TSA is currently employing, but no one wants to admit this and pierce the illusion of security that these measures provide the average traveler.
Instead of relating TSA grunts to PHBs making decisions they are not qualified to make you could keep it simple and call it what it is: Politicians fronting like they have solutions, and average citizens (TSA workers) set up to take the blame when those flimsy solutions fail.
Slashdot Mirror
"And yet everyone says security by obscurity isn't security at all."
Obscurity is not security, but can be complementary. In the VoIP example the security would be the encryption of your signal, the obscurity would be the addition of meaningful UDP packets.
Obscurity is helpful when dealing with cursory inspections, but doesn't actually increase security because being secure requires more than being non-obvious.
Think of contraband transportation. Driving around with illegal contraband in plain sight - say sitting on your passenger seat of your car - is just as insecure as putting the contraband in your glove compartment... any investigation into what you are doing and the jig is up. Putting the contraband in your glove compartment simply reduces the chance that questions about what you are doing will arise which is helpful, but not secure.
"they were too slippery and would move about the floor."
For my friends and I the powerpad on a slippery surface was the only way to go, but we were a pretty violent bunch even as youngsters.
There was a whole new excitement to playing when you knew that sooner or later that pad was going to get ripped out from under you - just as you were landing a hurdle - sending you slamming to the floor.
After a while we decided a player would automatically win the game if they were able to jump off the pad without falling when another player tried to spring this on them.
Actually, now that I think about it... after a while we all feared getting on that fucking powerpad, but no one wanted to be the pussy who admitted it and backed out of the game.
"Be your own news source, instead of settling for second-hand sensationalism."
So you are suggesting that once we succeed at being our own news source we keep that info to ourselves? If I chose Rolling Stone to disseminate the information I gathered firsthand it would immediately be devalued?
The RS article is old news, all of which I have seen reported elsewhere in recent weeks, but I fail to see how it is counterproductive to publicize the evolution of surveillance states.
On a side note, Rolling Stone being a glossy mag came about as a nod to the power of photojournalism in popular culture. There are anthologies published of RS photos and they hold significant historical and artistic value. As a disclaimer, I haven't been interested enough in pop culture to actually pick up an issue in years, but that doesn't mean the value isn't still there for others.
"... what ramifications does ISO's decision actually have?"
A brief summary:
Storing data in an open document format will ensure the accessibility of that data moving forward, regardless of software vendor, changes in the software ecosystem, etc... because anyone will be able to implement their own version of the standard for retrieving the stored data should that become necessary.
With this in mind, governments and institutions around the world are looking at ways they can ensure the accessibility of their documents unconditionally moving into the future. The impact of these new open document format policies will be huge on software purchasing decisions, as any software package used to generate, modify, or read documents will need to comply with the open document format.
Enter MS and OOXML, a document standard that has now been validated by and internationally accepted ISO review procedure.
There are questions about the way the standard was written, whether it can actually be implemented, whether any implementation would require dependence on proprietary MS technology, and whether the dominant MS products would adhere to the strict letter of the standard or break compatibility with non-MS implementations as has happened in other instances with MS implementations.
Finally, there are questions about whether bribery and other underhanded tactics were used to secure a fast track process and passing vote through the ISO process.
If OOXML is allowed to stand there are concerns that MS will effectively achieve lock-in with the governments that opt for OOXML technology, because access to data stored in OOXML documents will remain dependent on MS.
"Also I don't know if I would say the NES Power Pad was a failure, a lot of people I know had it and we all had a blast playing Track and Field."
Track and Field w/the power pad was a huge phenomenon in my neighborhood. I can see how anyone old enough to recognize how funny they looked while using it would consider it a failure though. My friends and I were probably at just the right age to be able to get into the concept without feeling silly.
"Goodbye ISO."
From a more optimistic slant:
ISO is being forced to address certain issues for the first time, and the outcome could be a more robust and impartial standardization process.
I'm not predicting a better future for ISO, just refusing to believe that all is lost.
The story you link to is completely different from the account I relayed.
The publisher in question was different from most Vanity Presses in that they advertised for submissions, provided super-positive feedback from 'real critics,' and only after leading the authors to believe they were about to strike it rich would they ask for money to subsidize the publishing.
The sci-fi authors were outing the scam.
It was kinda like those Nigerian guys who need your account info, only the money they are going to give you is going to come from your soon to be bestseller instead of a disused slush account.
"I can stand on a public street corner and say "George W. Bush sucks big hairy donkey dicks!" all I want..."
Uh, no you can't. There are still obscenity laws, and they are enforced when complaints are made, especially if minors are within earshot.
I knew a guy who was charged for shouting an obscene comment to a buddy while they were kayaking near a swimming area. The Christian youth group that was having an outing on the shore apparently called the police who were waiting when my friend came ashore. He ended up with ten hours of community service or some such nonsense, probably because the church members showed up at the court en masse as some sort of statement.
"Particularly one that's practically indistinguishable from Java, which runs perfectly on both Windows and Linux by design."
Except that Java doesn't run perfectly on Windows and Linux. Many people see C# as a language that set out to be a better Java than Java, and many people feel that on the Windows platform it succeeds. Combine that with the existing Windows install base and you have a pretty compelling reason to develop in C# over Java.
Ten years down the line, however, I could see C# facing extinction if it does not become truly cross platform.
Stone is getting out of the micro category. I've seen it being peddled in some New England liquor outlets, which is wide distribution for a microbrew.
That being said, their third anniversary bash was the most satisfying brew trip I have taken... I still have the green and gold bottle from their anniversary recipe sitting on a shelf in my workspace.
"Anybody found to have a zombied computer should have their Internet connection cut off immediately and it should only be restored when they can demonstrate that they have removed the offending operating system and either installed a free and secure alternative, or bought a Mac"
You really want ISPs making these decisions? Perhaps you are suggesting some new governmental agency decides when and where to summarily terminate someone's connection?
Freedom should not be sacrificed so trivially.
I'm sorry, but what the hell are you talking about?
The real question is what the hell do the other 60% know that makes them so smug and secure?
Why don't we put on the paranoia pants and walk down that path, huh?
The only probable result is that marketing campaigns will seem even more boorish and annoying to demographic outliers as the campaigns become tuned to the desires of core members of the target demographic.
No skin off my back... I haven't actually paid attention to a commercial for years, and I only read print ads that are in scientific and tech related publications.
While on the subject, I have often thought it would be nice if ads were filled with enough technical data about a product to perform a comparative evaluation against similar product ads. I doubt that will ever happen, though.
"And both of them have epic class A freakouts when someone smart enough to see through them tries to outsmart them."
Or tries to start online businesses that challenge their dominance. I was making bank in online poker tourneys for a while there... oh well.
Hardware is one thing. Software, and the BSA, is another.
Your shop may be small enough to avoid attention, but allowing users to install their own software could put a company in hot water fast.
"Wake me when there's actual information to fight totalitarian governments being spread on Freenet, instead of just child porn and UFO conspiracy theories (I guess they'd be WTC conspiracy theories now)."
This kinda strikes me as an 'if you build it they will come' situation.
The types of sharing networks this tool provides are already useful to certain types of people.
Unless there are some serious reversals in governmental surveillance policies, tools like this will only become more valuable.
Somewhat O/T, but I just finished the book Strange Angel by George Pendle, which chronicles the origins of professional rocketry programs in the U.S. I have a whole new appreciation for how far we have come now that I know more about where things started.
The book reveals some truly bizarre goings on with the founders of the rocketry movement and includes appearances by Alistair Crowley, cultists, famous sci-fi authors, communists, and a swindling L. Ron Hubbard prior to the founding of Scientology.
I thought I was fairly well versed in the origins of the U.S. space program, but it turns out I didn't know the first thing.
This guy is the main focus of the book: http://en.wikipedia.org/wiki/John_Whiteside_Parsons
Definitely worth a read if only for insight into L. Ron's past, but hearing about the meager beginnings of JPL among others was fascinating.
Happy reading.
"anyone want to start a revolution with me?"
The main problem with revolution is finding enough people you can trust after the conflict. If you win then there is all this power to be distributed... and if you lose then there is a wicked manhunt.
In my entire life I have met two people I would trust enough to rise up with and take the consequences (win or lose) afterwards.
Back on-topic: Space exploration joins progress in art and literature on my list of indicators that a civilization is truly prospering. Space exploration, much like astronomy, lacks the utilitarian nature of many other branches of science, and I have always considered it to be one of the brightest signs of our progress as thinking beings. Our continuing withdrawal from funding space related endeavors strikes me as a sad indicator of where we are headed.
Unfortunately such a withdrawal of OSI participants in response to MS involvement would be a PR victory for MS.
One of the most common perceptions I find among my MS clients is that open source and zealotry go hand in hand. If MS appears to be embracing the community and the community rejects them the concept of the open source community as a collection of immature idealists (read not corporate America ready) would be cemented in many minds.
When MS does begin their full force campaign to infiltrate the OSS community it should be met with carefully considered diplomacy, not blunt force resistance. Anything else will be a victory for MS.
The really funny part of the story is how much free publicity Apple gets every time the iPhone gets 'hacked.'
Hacking the iPhone does not damage credibility the way hacking a software package does. Instead, these hacks are beckoning people to the platform with the promise of previously unattainable functionality on a handheld.
If I were launching a new device I would follow Apple's lead on this one... possibly even setting up a dark proxy org to regularly hack my device.
"Dude? It was a laptop."
No, it wasn't. It was a device that deviated from what what the TSA workers considered normal.
Ignoring the fact that the TSA foot soldiers are charged with the impossible task of assessing the threat potential of every unidentified device removes the culpability from the people who charged the TSA workers with this impossible task.
When the screening personnel miss firearms feel free to diss on them...
"The airport "security" is just silly "security theatre" and does nothing to improve safety."
I think you need to re-read my post. My entire point was that the current security schemes will only work against obvious conventional threats, nothing more.
And yet we have built this egregiously cumbersome security mechanism... which will most likely fail against the first unconventional threat that comes its way.
And who will be blamed for that failure? Surely not the architects of the system, because they will clearly point to all the measures they have taken, and the immense budgets they have alloted to secure flights. Therefore it must be the TSA grunts who failed to perform their appointed duties...
Maybe I needed to state my point more concisely in the original post. The system will fail and the point of failure will not be identified correctly.
If we are not in agreement please let me know.
"It really boils down to the technically ignorant doing work that requires at some point a certain minimum level of technical competence. Kind of like a PHB making computer and networking decisions."
I don't think you are being fair.
Protecting travelers from new attack vectors in real time based on an x-ray and basic visual inspection is not a job that can be performed reliably with any standard skill set. What the TSA actually appears to be aiming for is people who can identify a gun/knife/conventionally designed incendiary device, so that nobody has to stand in front of the cameras after an incident and explain how we missed the conventional threat during screening.
Unconventional threats cannot reliably be prevented through the methods the TSA is currently employing, but no one wants to admit this and pierce the illusion of security that these measures provide the average traveler.
Instead of relating TSA grunts to PHBs making decisions they are not qualified to make you could keep it simple and call it what it is: Politicians fronting like they have solutions, and average citizens (TSA workers) set up to take the blame when those flimsy solutions fail.