If a terrorist used commercial encryption without an escrowed key, or used non-standard encryption, that could be detected via automatic monitoring eqipment - getting them quickly detected, arrested for illegal encryption use, and investigated. Note that under current law, this could only be done for international traffic - domestic traffic would still require a court order even to record it.
What you are proposing is impossible. You are telling me that JKHDSDFD and EHOQWSW, two encrypted messages, one made using legal crypto with backdoors, the other made using illegal crypto without, that these two message can be distinguished, by computer, without human intervention? What if JKHDSDFD decrypts to ALITALIA, and the computer, not knowing anything about Italian Airlines, flags that erronously as an unencryptable? Or worse,
it decrypts to "HAM AND EGGS", which looks innocuous, but has a steganographically encoded message within it?
You are right, and I don't disagree at all. But I just wanted to point out one futility in this plans:
Thus the primary purpose of the proposed legislation is not to
allow law-enforcement personnel to read terrorists' communications --
terrorists will continue to use unreadable, strong cryptography -- but
rather to narrow the search space that law-enforcement personnel must
examine when hunting for suspected criminals.
This "narrowing of the search space" is no longer viable, now that SSH is out there, RSA's patent has run out, Blowfish, and so on are all widely, freely available. To now advocate putting backdoors on encryption programs would be a step back.
Is the GPL parasitic and restrictive? Yes! So what?!?!?! If you don't like GPL software, don't use it!
Becareful there. The GPL explicitly disclaims any USE of the software from being covered under its terms. USING the GPL'ed code to make other products is fine. But you should not DISTRIBUTE GPLed software as yours. You should not defraud others by claiming that only you have written the software and hence, is entitled to profit entirely and solely from it.
It seems that the debate has suddenly taken on a moralistic tone that has neatly sidestepped the various issues.
But before we go there - let us first join hands in praise to tell MS that this is a right step in that direction. There are lots of responses we could take, and LISTEN UP: We don't have to jump into anything. We all have to compromise to reach a solution, but we shouldn't have to bet the farm on this. The compromise can take various forms.
So what is the issue? The question concerns technical issues of the Hailstorm protocol. It is not just about who is in control.
In other words, let us take the "white paper" approach. Can MS do that? One that allows us to review and alllow the security experts to scrutinize the technical details and design of the whole setup? If MS can take this step, then I should like to say that would remove most of the security concerns of Hailstorm.
And for that debate, I would like to ask the first question. What is the point of Hailstorm? How is Hailstorm different from say, the Mozilla Personal Security Manager, wherein, the user stores his data on his computer, and has simplified but yet customizable controls as to who receives what data?
Secondly, isn't aggregating these data a security flaw itself? Remember that security is not one issue itself, but encompasses issues of authentication, identity, integrity and all that. Given this setup, itn't the chance of idenity theft greater? Part of the security of setup we have is that no one single company knows everything about an arbitrary person. They may know your credit card n umber and hence your financial records, but they may not know your hair color. Meanwhile, some government agency may have your bloodtype, but they don't have your financial information. Isn't Passport a step in the wrong direction, in such a case?
Yes, you are right. Since it is impossible to actually make criminials use backdoored crypto, you have to wonder how much attention you should pay to an argument like "If it was possioble, I'd do it".
If you are talking about logic, then the argument is thus: (A -> B. ~A.) What does this say? From a logical standpoint, it says nothing.
Dude, worms may spread via Unix systems, but they won't be so lame as to use email as one of the ways to propagate itself.
The last time there was a widespread Unix worm was the days of the Morris worm. That was more than ten years ago - an eon in Internet time. Since then, the dangers of buffer overrun exploits have been well documented, and bugs of this sort have been fixed and are continually being fixed. MS is merely a johnny come lately to this game, and it looks like Johnny didn't bother to learn from those that came before him.
I see. So if newspapers ran an untruthful account of you doing something borderline illegal, you writing in to correct them have no grounds to complain if they refuse to publish your rebuttal becuase the newspaper is not the government, and it isn't censorship.
You would mind, if you had to drop the one you are holding...
Re:Change the rules, be realistic about conflict
on
More On Tragedy
·
· Score: 2
Hopefully in the future, nations will look at the treatment "host" nations get and give them pause. They may also step up efforts to suppress terrorists internally before they act.
You said it yourself - hopefully. What seems to be more likely is that the terrorists and their leaders will go into hiding, and your host countries will just be more surreptious about their dealings with these terrorists.
Which goes to show that the DVD Consortium thinks about YOUR copyrights. They are allowed to use CSS to scramble their disks for their "copyright protection", but someone who wants to protect their own creation must pay up and join in their cartel. Why?
When there are other accounts with > 50 karma available?
Buy from me! You have an account that was in effect before there was the Karma Kap! Get an account where you can troll for much longer than the 50 karma ones!
Of course. All programs run with permisions set to read-all and write-all in Windows 9x.
Now for the obligatory aergument by analogy:
The Linux filesystem and user permision are like a government. What they set up is a something akin to a "legal system" in the computer. Sure, malicious programs can try subvert that (which this program TRIES TO BE, BUT IS NOT SUBTLE ENOUGH). When such a rogue program is detected, this system can help you to diagnose programs, isolate the infected binaries and "jail" them. In Windows 9x, there is no government, there is only chaos.
And no, I am not missing the point. You want to equivocate over whether "marketing" equals "forcing". It doesn't. I will restate for: any consumer who chooses to be informed with readily see that MS isn't the only show in town.
Sorry, but that not what I am arguing about. Marketing may or may not include second order coercion effects. Coke marketing coke has no influence on what I drink. There is no such effect. For software, there is, becuase I have to exhchange files with friends (a transaction having nothing to do with MS, but MS, through anticompetitive practices, is trying to force me to switch to MS).
I have plenty of examples of MS's sleazy business practices. Whether you consider them OK or not, is your business. They may even be legal. So what, those examples all show detriment to the consumer.
Examples like the IBM-MS OS/2 breakup, the sneaky error message of incompatitbility with DRDOS, when there is no incompatibility, the use of IE as a pawn to get rid of Netscape. The Palm OS incident.
Maybe they waiting for even one other company to be long-term succesful with Linux?
This is very funny. Long before MS was on the scene, DEC was selling Unix workstations. If MS actually wanted to do ports, there were planty of platforms to port to.
MS's problem is that they only want to code for the x86 processor. Sure they considered PowerPC, and Alpha, but as a software company, they weren't in the game to establish their applications monopoly. Believe it or not, that would have benefitted both consumers and them, but they didn't.
I am sorry, but if competitive business practices causes harm to consumers and developers, then it cannot be justified on those grounds.
In the OS/2 case, developers were looking at the IBM-MS collaboration, and planning a switch of platforms to OS/2. MS instead sold them on that inferior product which is Win3.1. We could have a good OS with properly pre-emptive multitasking. But we didn't.
As for the assertion that Windows NT is not based on OS/2 but VMS, that is just wrong. Windows NT was definitely spun off from OS/2, the development of which was based on VMS. Those VMS engineers were from IBM!
Second, the question of whether MS is a monopoly. Ask yourself, is there more competition is desktop OS' today than ten years ago? How is that so if MS is a monopoly? Its not.
Yes, there is more competition. From Linux (counting only x86 platforms). The point that the BeOS guy makes remains - technically superior OSes never had a chance to penetrate the market, all thanks to MS's anticompetitive practices.
You miss the point yet again. To "choose to be ignorant" is not the same as "ignorant of choices". MS makes use of the people who are ignorant of choices, by marketing to them, taking their money and using that to encroach upon others who choose otherwise.
For example: MS Word or Excel does not exist for Unix systems. If MS was only a software applications company, they would have seriously considered expanding their market. Even if they determined that the market was too insignificant for them there is an opportunity for them to license a port like Loki does of Civilization, for example. But they do not, which makes you wonder why they do not want the extra business.
You misunderstand me if you think I was attacking you. I am attacking your idea. The simple-minded suggestion that merely not using MS products is the solution to MS's continuing abuse and hegemony over their customers. For many people, this is simply not an option, because of second-order coercion effects!
The presence of conversion programs is all well and good. They are all there, in spite of MS's attempts not to document their formats. Who was the first to publish their Word document formats? I was developing programs, and I made an extensive check back in 1991+. Third parties who reverse-engineered their document format supplied doucmentation, not MS. (MS Developer net was not on the internet then.)
Even now, the conversion is not perfect. Not becuase it cannot be done, but becuase the MS document format was not designed to specifications, but specifications written to suit the code, which is hidden.
There is every evidence of poor design in MS's products. Yet they persue an agenda to dominate the software market not by excellence, but by monopolist action.
You see, you've turned the argument into a personal one. These things are solutions for me, but should they not be solutions for others too? Can one not turn that the second order coercion towards weaning consumers from inferior products? Or should merely apologizing for MS's monopolist actions be the order of the day?
OS/2 was an IBM/Microsoft collaborative effort to produce a good, modern OS after Windows 3.0. But Microsoft played a dastardly trick. They convinced developers to develop for Windows 3.1 while OS/2 was being developed, giving the reason that OS/2 would run Windows 3.1 applications. But half-way through, MS walked away from the collaboration. IBM's hopes of sharing the market with Microsoft evaporated, while Microsoft got a better kernel, which they slapped a GUI on and called it Windows NT. In time, this kernel became Windows2K, while the other kernel based off Win3.1 became Win95, then Win98 and finally WinME (and no more).
It is true that the lack of response IN GENERAL is not a proof. But in many specific contexts, the lack of response make be suggestive circumstantial evidence. To only way to refute circumstantial evidence is to present real evidence, or disprove it soundly. Why is Microsoft not interested in doing so?
One thing MS could do, should this happen, is not to affirm that the released documents is indeed the true license. A few phone calls, and Bill could get Micheal to shut up too. Then all we would have is hearsay to go by.
Slashdot Mirror
Actually, doing such things very likely makes the scheme vulnarable to crytanalysis.
What you are proposing is impossible. You are telling me that JKHDSDFD and EHOQWSW, two encrypted messages, one made using legal crypto with backdoors, the other made using illegal crypto without, that these two message can be distinguished, by computer, without human intervention? What if JKHDSDFD decrypts to ALITALIA, and the computer, not knowing anything about Italian Airlines, flags that erronously as an unencryptable? Or worse,
it decrypts to "HAM AND EGGS", which looks innocuous, but has a steganographically encoded message within it?
This "narrowing of the search space" is no longer viable, now that SSH is out there, RSA's patent has run out, Blowfish, and so on are all widely, freely available. To now advocate putting backdoors on encryption programs would be a step back.
Becareful there. The GPL explicitly disclaims any USE of the software from being covered under its terms. USING the GPL'ed code to make other products is fine. But you should not DISTRIBUTE GPLed software as yours. You should not defraud others by claiming that only you have written the software and hence, is entitled to profit entirely and solely from it.
But before we go there - let us first join hands in praise to tell MS that this is a right step in that direction. There are lots of responses we could take, and LISTEN UP: We don't have to jump into anything. We all have to compromise to reach a solution, but we shouldn't have to bet the farm on this. The compromise can take various forms.
So what is the issue? The question concerns technical issues of the Hailstorm protocol. It is not just about who is in control.
In other words, let us take the "white paper" approach. Can MS do that? One that allows us to review and alllow the security experts to scrutinize the technical details and design of the whole setup? If MS can take this step, then I should like to say that would remove most of the security concerns of Hailstorm.
And for that debate, I would like to ask the first question. What is the point of Hailstorm? How is Hailstorm different from say, the Mozilla Personal Security Manager, wherein, the user stores his data on his computer, and has simplified but yet customizable controls as to who receives what data?
Secondly, isn't aggregating these data a security flaw itself? Remember that security is not one issue itself, but encompasses issues of authentication, identity, integrity and all that. Given this setup, itn't the chance of idenity theft greater? Part of the security of setup we have is that no one single company knows everything about an arbitrary person. They may know your credit card n umber and hence your financial records, but they may not know your hair color. Meanwhile, some government agency may have your bloodtype, but they don't have your financial information. Isn't Passport a step in the wrong direction, in such a case?
If you are talking about logic, then the argument is thus: (A -> B. ~A.) What does this say? From a logical standpoint, it says nothing.
Well, that person reading your mail - are you sure it must be the government?
Sorry. Since the Morris worm happened in the 1980's, it is a 20 year headstart.
I believe him. He is after all, Bruce Perens. I can see why people would email him with their gripes.
The last time there was a widespread Unix worm was the days of the Morris worm. That was more than ten years ago - an eon in Internet time. Since then, the dangers of buffer overrun exploits have been well documented, and bugs of this sort have been fixed and are continually being fixed. MS is merely a johnny come lately to this game, and it looks like Johnny didn't bother to learn from those that came before him.
I see. So if newspapers ran an untruthful account of you doing something borderline illegal, you writing in to correct them have no grounds to complain if they refuse to publish your rebuttal becuase the newspaper is not the government, and it isn't censorship.
You would mind, if you had to drop the one you are holding ...
You said it yourself - hopefully. What seems to be more likely is that the terrorists and their leaders will go into hiding, and your host countries will just be more surreptious about their dealings with these terrorists.
Which goes to show that the DVD Consortium thinks about YOUR copyrights. They are allowed to use CSS to scramble their disks for their "copyright protection", but someone who wants to protect their own creation must pay up and join in their cartel. Why?
Buy from me! You have an account that was in effect before there was the Karma Kap! Get an account where you can troll for much longer than the 50 karma ones!
Now for the obligatory aergument by analogy:
The Linux filesystem and user permision are like a government. What they set up is a something akin to a "legal system" in the computer. Sure, malicious programs can try subvert that (which this program TRIES TO BE, BUT IS NOT SUBTLE ENOUGH). When such a rogue program is detected, this system can help you to diagnose programs, isolate the infected binaries and "jail" them. In Windows 9x, there is no government, there is only chaos.
And no, I am not missing the point. You want to equivocate over whether "marketing" equals "forcing". It doesn't. I will restate for: any consumer who chooses to be informed with readily see that MS isn't the only show in town.
Sorry, but that not what I am arguing about. Marketing may or may not include second order coercion effects. Coke marketing coke has no influence on what I drink. There is no such effect. For software, there is, becuase I have to exhchange files with friends (a transaction having nothing to do with MS, but MS, through anticompetitive practices, is trying to force me to switch to MS).
I have plenty of examples of MS's sleazy business practices. Whether you consider them OK or not, is your business. They may even be legal. So what, those examples all show detriment to the consumer.
Examples like the IBM-MS OS/2 breakup, the sneaky error message of incompatitbility with DRDOS, when there is no incompatibility, the use of IE as a pawn to get rid of Netscape. The Palm OS incident.
This is very funny. Long before MS was on the scene, DEC was selling Unix workstations. If MS actually wanted to do ports, there were planty of platforms to port to.
MS's problem is that they only want to code for the x86 processor. Sure they considered PowerPC, and Alpha, but as a software company, they weren't in the game to establish their applications monopoly. Believe it or not, that would have benefitted both consumers and them, but they didn't.
In the OS/2 case, developers were looking at the IBM-MS collaboration, and planning a switch of platforms to OS/2. MS instead sold them on that inferior product which is Win3.1. We could have a good OS with properly pre-emptive multitasking. But we didn't.
As for the assertion that Windows NT is not based on OS/2 but VMS, that is just wrong. Windows NT was definitely spun off from OS/2, the development of which was based on VMS. Those VMS engineers were from IBM!
Yes, there is more competition. From Linux (counting only x86 platforms). The point that the BeOS guy makes remains - technically superior OSes never had a chance to penetrate the market, all thanks to MS's anticompetitive practices.
For example: MS Word or Excel does not exist for Unix systems. If MS was only a software applications company, they would have seriously considered expanding their market. Even if they determined that the market was too insignificant for them there is an opportunity for them to license a port like Loki does of Civilization, for example. But they do not, which makes you wonder why they do not want the extra business.
The presence of conversion programs is all well and good. They are all there, in spite of MS's attempts not to document their formats. Who was the first to publish their Word document formats? I was developing programs, and I made an extensive check back in 1991+. Third parties who reverse-engineered their document format supplied doucmentation, not MS. (MS Developer net was not on the internet then.)
Even now, the conversion is not perfect. Not becuase it cannot be done, but becuase the MS document format was not designed to specifications, but specifications written to suit the code, which is hidden.
There is every evidence of poor design in MS's products. Yet they persue an agenda to dominate the software market not by excellence, but by monopolist action.
You see, you've turned the argument into a personal one. These things are solutions for me, but should they not be solutions for others too? Can one not turn that the second order coercion towards weaning consumers from inferior products? Or should merely apologizing for MS's monopolist actions be the order of the day?
So who says MS only wrote one OS?
It is true that the lack of response IN GENERAL is not a proof. But in many specific contexts, the lack of response make be suggestive circumstantial evidence. To only way to refute circumstantial evidence is to present real evidence, or disprove it soundly. Why is Microsoft not interested in doing so?
One thing MS could do, should this happen, is not to affirm that the released documents is indeed the true license. A few phone calls, and Bill could get Micheal to shut up too. Then all we would have is hearsay to go by.