The old standby goes -- there's no one security measure that's perfect, but you can make it a lot easier.
The first and most obvious layer is physical access. Don't leave your laptop visible in your car when you park. Lock your office doors. Don't leave it at a coffee house when you go to the bathroom.
The second is physical security. Invest in a laptop leash and chain it down if you work in a shared office space environment.
The third layer is physical deterrence. Customize the heck out of your computer. A big engraved security mark (be it your driver's license #, your name, your cell #, your email address, whatever) will turn off thieves. Same if you've got anything else that's obviously unique and can't easily be removed.
The fourth layer is electronic deterrence. A boot password and a screensaver password will deter unskilled theives. There are plenty of skilled thieves who plan to reformat the drives, but a few will be deterred by not being able to sell the laptop on the corner without a password. (If you don't believe me, hang out in midtown NYC long enough and you can get offers to sell hot laptops in the $100 range).
The fifth layer is tracking. Things like LoJack and all the other services. If they boot your laptop it'll contact the network and you can at least have a shot at getting it back. (Note, some of these are not compatible with a boot password). Of course, record your Windows serial # (if you run Windows) and your Dell quick service code (if you use a Dell) or the equivalent for your system. These are uploaded.
The sixth layer is luck. Sometimes people catch theives by webcam, sometimes by stupid emails, sometimes by pure random encouters. You gotta get lucky.
No one of these layers is sufficient and it's silly to talk about LoJack for Laptops if you leave your laptop sitting in the open for somebody to grab it. LoJack is most useful to break open crime rings, not to actually get your laptop back -- by the time the police get around to subpoenaing the ISPs your laptop is gone, but the thieves might not be. I run it, but I don't expect it to save my butt.
The problem is professors who REQUIRE class attendance even if you fully understand the material.
This is about a law school. In law school, "fully understanding the material" means a lot more than just knowing the names of important cases or what a lawyer's ethical duties are. Law school is designed to train students to be able to argue their positions and to deal with competing positions. It's not enough to be able to regurgitate material on an exam, law students are taught to engage in a "socratic dialouge" with other students, in effect practicing their argument skills.
Even if you know the material well enough to pass a test on it, you aren't going to be prepared to be a lawyer if you skip class or don't pay attention. After all, a big part of being a lawyer is standing up in court and arguing a position. Often, you won't know what you need to argue until the other side has said something. Watching other students learn how to forumalate arguments on-the-fly, and then practicing the same, is the best preparation to be a real lawyer.
Contrary to common belief on/., there's a lot more to success in real life than just knowing a lot of facts. Real life requires persuading others and communicating. Law school classes are designed to hone that skill.
You're going to see the ads anyway, why not see ads targeted towards products you're interested in?
It's one thing to see targeted ads. It's another if companies keep data on you, virtually forever. Disk space is basically free, but years worth of demographic data is incredibly valuable. I have no problem with Google serving context ads to me, but I have a big problem if information about every website I've visted in the last 5 years is only a subpeona away from anybody out to embarass me or drag my name through the mud. Even if Google does nothing wrong, somebody else can still get at that data through legal process or security breaches.
There's a reason there are so many privacy services springing up. It's basically free for data brokers to store data about you forever, but it costs you a lot when that data comes back to haunt you.
They're going to do the same programming and science work, whether they are here or in India/Romania/Singapore/etc. We can get them to pay US taxes and buy other goods and services in the US, or we can just ship our money overseas and let other countries take a lead in high-tech. Smart students exist overseas; the question is whether we can get them to come here and benefit us, or let them work elsewhere and allow the US to decline.
Your plan to force Microsoft to update Windows sounds good as long as Windows is the only operating system with problems.
But what happens when a Linux distro has a security hole? (Yes, it can happen.) Who, exactly, does the government force to update it? If it's Ubuntu then it's easy enough, but what about CentOS/Debian? How do you force volunteer developers with a non-heirarchical structure to update code?
And do we really want the government to get to define what a "security hole" is? I think there are some governments that think it's a "security hole" if the government doesn't have a backdoor into all users' data...
Not all botnets are the fault of insecure operating systems. People who exclaim "Oh, look, somebody I don't know emailed me a file called CutePuppies.exe! I think I'll click on it!" pretty well destroy any sort of security scheme. Vista tried to solve that by preventing users from running programs (under the guise of User Account Control) but that just led to rebellion because people don't want to have to explicitly grant access to every program that wants to read to disk or connect to the Internet. When I install the new Firefox I don't want to have to authorize each and every operation it performs (write to disk, read from disk, connect to Internet, etc).
"Jeeves, I think I left the stove on. Can you turn it off?"
Sounds convinient to me. Too bad X10 had to run such horrible ads and turn consumers off to the technology.
Speaking of "messing with" the sensors, do they not have squirrels, rats, and cats at this facility?
Good luck trying to tune hundreds of motion sensors to be sensitive enough to capture a slow-moving human but still not alert for a wild animal.
With that plan, a lot of people are going to tell you, perhaps in a few more words, "you can pry my cigarette out of my cold, dead hands."
Good luck getting Americans (or any culture, for that matter) to give up unhealthy habits. The Americans get mocked for obseity, but Europeans smoke far more, and Chinese more still. (~70% of Chinese men smoke, comepared to ~38% of German men and ~24% of US men.)
This isn't about spam and Google groups. It's about preventing a malicious cracker from accessing the vast quantities of data that Google has about every single Google user.
These days, a full identity (SSN + bank account) sells on the black market for $14-$18, depending.
Google has tens of millions of users. Not all of them have their SSNs in their Gmail, but I'll bet that a fair bit have at least one credit card number or bank password in their email archives, their search history, or elsewhere within Google's control.
Plus, think of the blackmail possibilities if there were a full-scale data breach? Remember the AOL search history breach? A full-scale crack of Google's security would be several times worse.
Search engines are more of a concern because they hold so much data that is so concentrated. Sure, any given website might know your IP address and when you visited, but Google knows _all_ of the things you searched for, all of the sites you visited (if you have the toolbar or clicked search links), all of your emails (if you use Gmail), all of your chats (if you use Gchat), etc.
One subpoena by a government to Google can reveal more data than 50 to other websites. And Google can mine that data for far more than slashdot ever could.
It makes a lot of sense to worry most about Google / Yahoo / Microsoft.
Well, you've actually hit on one of the main creationist talking points -- "what are the odds that we'd all have left-handed amino acids, instead of a random mix that wouldn't work?"
I'd be intersted to hear how they respond. I'd imagine with the same response as always (God put it here), but who knows. A good theory of why left-handeness is preferred (at least among amino acids) is a pretty big deal.
Anything you said might make sense if the students were actually suing the RIAA or filing an anti-SLAPP lawsuit.
But the students are moving to quash a subpeona, not suing the RIAA for malicious prosecution.
The fact that the judge has already called it a close question, in effect, by issuing this ruling means that the judge is extremely unlikely to, on her own, decide to turn this into an anti-suit injunction.
The only court that can eliminate RIAA suits across the country is the Supreme Court. This case is in a trial court. The powers of a trial court are MUCH more limited.
A trial-level court can only make decisions that are binding in the case that it is hearing. Right now the case is in the federal court for the District of Massachusetts. The RIAA could just as easily file a suit against different college students in a different federal court and get a different outcome.
The next stop for this case would be an apellate court. The federal Court of Appeals for the First Circuit is the appellate court that would hear the appeal. If the appellate court rules in favor of the students, then all of the trial courts in a limited geographic area (Maine, Mass, New Hampshire, Rhode Island) are bound. If the RIAA filed outside that area then a different court could come up with a different outcome.
The next stop from the First Circuit would be the Supreme Court. The Supreme Court's interpretation of the laws is binding nationwide. But, the Supreme Court hears less than 1% of the cases that people appeal. The odds of this case setting a national precedent are VERY low.
Of course, other judges can be pursuaded by the reasoning in this case, but there's nothing binding about it.
But there's another gravy train pulling up right behind: reputation management companies that clean up the messes left behind by data breaches. Maybet hat's the real "synergy" the grandparent was talking about?
Basic hosting doesn't come with the interactive feaures -- you can't easily see what your friends are up to, browse pictures of events you attended, etc. Yes, it's possible to remember/bookmark the URL of each of your friends' home pages, and then click from each one to each page to see if it's changed, but Facebook/MySpace/Xanga/Orkut(deadpool?) does all that for you. You can easily see which friends have added pictures, see the "status" messages (the modern.plan for all the terminal warriors out there) and all that. Yeah, it's "possible", but Facebook is popular for the same reason that LiveJournal/Blogspot/Blogger replaced manual HTML editing of the first-generation blogs -- it's easier and more interactive.
Say someone halfway down the globe is running a smear campaign against you
Seems like there's a bigger problem that we're letting people halfway around the globe get away with that. In the US there are laws against libel and slander (and I think there are stronger laws in the EU and particularly the UK). But they're near-impossible to enforce online because people can hide behind (in the US) a law (communciations decency act) that makes websites not responsible for what they publish. Even if the websites know they're doing bad, they're not repsonsible.
What about people who are jealous of you, or just hate you for no reason, and post your real name, real photos, and slanderous lies about you without your permission? There are laws saying the webhost isn't responsible, and it's impossible to track down anonymous cowards.
But what about people who get dragged into the spotlight through no fault of their own?
The Washington Post article about some of the same events describes some pretty bad stuff:
The chats sometimes include photos taken from women's Facebook pages, and in the Yale student's case, one person threatened to sexually violate her. Another participant claimed to be the student, making it appear that she was taking part in the discussion.
What's important is that the victims were not participating in the forum before they had their names, photos, and alleged sexual preferences splashed all over the web. Somebody thought it'd be a good idea to have a "beauty contest" with unwilling contestants, and some of the organizers of the "contest" went over the top.
Right now the law doesn't really provide a remedy for that sort of thing. It's gross that a student had her private photos splayed all over the public Internet, and that somebody else impersonated her to make her look like a bi***, but there's no way to solve the problem right now. Telling people to grow thicker skin doesn't help when people are threatening to stalk and rape out of the blue.
Probably not for the Mitniks nor the Scientologists of the world either.
But what about the people who are falsely accused of being Scientologists? That guy has had his name, address, phone and SSN splashed all over the web, through no fault of his own. Seems like he could use some reputation management to clean up all of that info. Or, if it can't be cleaned-up, then to bury it in positive Google-karma.
According to the complaint, one defendant gave the girl's contact information out and encouraged others to stalk her at the gym and take cell-phone pictures. Apparently, one defendant also emailed the entire Yale faculty with the false claim that she'd bribed her way into the school. That's some serious stuff right there.
Or to not threaten to stalk and rape, or to not make outrageous claims that somebody bribed their way into law school and is having a lesbian affair with an administrator. It seems like the defendants have made their bed by making comments that made their way into real-life and affected real people; I can't have too much sympathy for them having to lay in it.
Slashdot Mirror
"if it ain't broke..."
To summarize the change they made in a form Slashdot would understand:
s/st/qu
The old standby goes -- there's no one security measure that's perfect, but you can make it a lot easier.
The first and most obvious layer is physical access. Don't leave your laptop visible in your car when you park. Lock your office doors. Don't leave it at a coffee house when you go to the bathroom.
The second is physical security. Invest in a laptop leash and chain it down if you work in a shared office space environment.
The third layer is physical deterrence. Customize the heck out of your computer. A big engraved security mark (be it your driver's license #, your name, your cell #, your email address, whatever) will turn off thieves. Same if you've got anything else that's obviously unique and can't easily be removed.
The fourth layer is electronic deterrence. A boot password and a screensaver password will deter unskilled theives. There are plenty of skilled thieves who plan to reformat the drives, but a few will be deterred by not being able to sell the laptop on the corner without a password. (If you don't believe me, hang out in midtown NYC long enough and you can get offers to sell hot laptops in the $100 range).
The fifth layer is tracking. Things like LoJack and all the other services. If they boot your laptop it'll contact the network and you can at least have a shot at getting it back. (Note, some of these are not compatible with a boot password). Of course, record your Windows serial # (if you run Windows) and your Dell quick service code (if you use a Dell) or the equivalent for your system. These are uploaded.
The sixth layer is luck. Sometimes people catch theives by webcam, sometimes by stupid emails, sometimes by pure random encouters. You gotta get lucky.
No one of these layers is sufficient and it's silly to talk about LoJack for Laptops if you leave your laptop sitting in the open for somebody to grab it. LoJack is most useful to break open crime rings, not to actually get your laptop back -- by the time the police get around to subpoenaing the ISPs your laptop is gone, but the thieves might not be. I run it, but I don't expect it to save my butt.
The problem is professors who REQUIRE class attendance even if you fully understand the material.
/., there's a lot more to success in real life than just knowing a lot of facts. Real life requires persuading others and communicating. Law school classes are designed to hone that skill.
This is about a law school. In law school, "fully understanding the material" means a lot more than just knowing the names of important cases or what a lawyer's ethical duties are. Law school is designed to train students to be able to argue their positions and to deal with competing positions. It's not enough to be able to regurgitate material on an exam, law students are taught to engage in a "socratic dialouge" with other students, in effect practicing their argument skills.
Even if you know the material well enough to pass a test on it, you aren't going to be prepared to be a lawyer if you skip class or don't pay attention. After all, a big part of being a lawyer is standing up in court and arguing a position. Often, you won't know what you need to argue until the other side has said something. Watching other students learn how to forumalate arguments on-the-fly, and then practicing the same, is the best preparation to be a real lawyer.
Contrary to common belief on
You're going to see the ads anyway, why not see ads targeted towards products you're interested in? It's one thing to see targeted ads. It's another if companies keep data on you, virtually forever. Disk space is basically free, but years worth of demographic data is incredibly valuable. I have no problem with Google serving context ads to me, but I have a big problem if information about every website I've visted in the last 5 years is only a subpeona away from anybody out to embarass me or drag my name through the mud. Even if Google does nothing wrong, somebody else can still get at that data through legal process or security breaches. There's a reason there are so many privacy services springing up. It's basically free for data brokers to store data about you forever, but it costs you a lot when that data comes back to haunt you.
They're going to do the same programming and science work, whether they are here or in India/Romania/Singapore/etc. We can get them to pay US taxes and buy other goods and services in the US, or we can just ship our money overseas and let other countries take a lead in high-tech. Smart students exist overseas; the question is whether we can get them to come here and benefit us, or let them work elsewhere and allow the US to decline.
Your plan to force Microsoft to update Windows sounds good as long as Windows is the only operating system with problems. But what happens when a Linux distro has a security hole? (Yes, it can happen.) Who, exactly, does the government force to update it? If it's Ubuntu then it's easy enough, but what about CentOS/Debian? How do you force volunteer developers with a non-heirarchical structure to update code? And do we really want the government to get to define what a "security hole" is? I think there are some governments that think it's a "security hole" if the government doesn't have a backdoor into all users' data...
Not all botnets are the fault of insecure operating systems. People who exclaim "Oh, look, somebody I don't know emailed me a file called CutePuppies.exe! I think I'll click on it!" pretty well destroy any sort of security scheme. Vista tried to solve that by preventing users from running programs (under the guise of User Account Control) but that just led to rebellion because people don't want to have to explicitly grant access to every program that wants to read to disk or connect to the Internet. When I install the new Firefox I don't want to have to authorize each and every operation it performs (write to disk, read from disk, connect to Internet, etc).
"Jeeves, I think I left the stove on. Can you turn it off?" Sounds convinient to me. Too bad X10 had to run such horrible ads and turn consumers off to the technology.
Speaking of "messing with" the sensors, do they not have squirrels, rats, and cats at this facility? Good luck trying to tune hundreds of motion sensors to be sensitive enough to capture a slow-moving human but still not alert for a wild animal.
With that plan, a lot of people are going to tell you, perhaps in a few more words, "you can pry my cigarette out of my cold, dead hands." Good luck getting Americans (or any culture, for that matter) to give up unhealthy habits. The Americans get mocked for obseity, but Europeans smoke far more, and Chinese more still. (~70% of Chinese men smoke, comepared to ~38% of German men and ~24% of US men.)
This isn't about spam and Google groups. It's about preventing a malicious cracker from accessing the vast quantities of data that Google has about every single Google user. These days, a full identity (SSN + bank account) sells on the black market for $14-$18, depending. Google has tens of millions of users. Not all of them have their SSNs in their Gmail, but I'll bet that a fair bit have at least one credit card number or bank password in their email archives, their search history, or elsewhere within Google's control. Plus, think of the blackmail possibilities if there were a full-scale data breach? Remember the AOL search history breach? A full-scale crack of Google's security would be several times worse.
Search engines are more of a concern because they hold so much data that is so concentrated. Sure, any given website might know your IP address and when you visited, but Google knows _all_ of the things you searched for, all of the sites you visited (if you have the toolbar or clicked search links), all of your emails (if you use Gmail), all of your chats (if you use Gchat), etc. One subpoena by a government to Google can reveal more data than 50 to other websites. And Google can mine that data for far more than slashdot ever could. It makes a lot of sense to worry most about Google / Yahoo / Microsoft.
Well, you've actually hit on one of the main creationist talking points -- "what are the odds that we'd all have left-handed amino acids, instead of a random mix that wouldn't work?" I'd be intersted to hear how they respond. I'd imagine with the same response as always (God put it here), but who knows. A good theory of why left-handeness is preferred (at least among amino acids) is a pretty big deal.
Anything you said might make sense if the students were actually suing the RIAA or filing an anti-SLAPP lawsuit. But the students are moving to quash a subpeona, not suing the RIAA for malicious prosecution. The fact that the judge has already called it a close question, in effect, by issuing this ruling means that the judge is extremely unlikely to, on her own, decide to turn this into an anti-suit injunction.
A trial-level court can only make decisions that are binding in the case that it is hearing. Right now the case is in the federal court for the District of Massachusetts. The RIAA could just as easily file a suit against different college students in a different federal court and get a different outcome.
The next stop for this case would be an apellate court. The federal Court of Appeals for the First Circuit is the appellate court that would hear the appeal. If the appellate court rules in favor of the students, then all of the trial courts in a limited geographic area (Maine, Mass, New Hampshire, Rhode Island) are bound. If the RIAA filed outside that area then a different court could come up with a different outcome.
The next stop from the First Circuit would be the Supreme Court. The Supreme Court's interpretation of the laws is binding nationwide. But, the Supreme Court hears less than 1% of the cases that people appeal. The odds of this case setting a national precedent are VERY low.
Of course, other judges can be pursuaded by the reasoning in this case, but there's nothing binding about it.
But there's another gravy train pulling up right behind: reputation management companies that clean up the messes left behind by data breaches. Maybet hat's the real "synergy" the grandparent was talking about?
Basic hosting doesn't come with the interactive feaures -- you can't easily see what your friends are up to, browse pictures of events you attended, etc. Yes, it's possible to remember/bookmark the URL of each of your friends' home pages, and then click from each one to each page to see if it's changed, but Facebook/MySpace/Xanga/Orkut(deadpool?) does all that for you. You can easily see which friends have added pictures, see the "status" messages (the modern .plan for all the terminal warriors out there) and all that. Yeah, it's "possible", but Facebook is popular for the same reason that LiveJournal/Blogspot/Blogger replaced manual HTML editing of the first-generation blogs -- it's easier and more interactive.
Seems like there's a pretty big difference between whistle-blowing and threatening to rape somebody.
What about people who are jealous of you, or just hate you for no reason, and post your real name, real photos, and slanderous lies about you without your permission? There are laws saying the webhost isn't responsible, and it's impossible to track down anonymous cowards.
Probably not for the Mitniks nor the Scientologists of the world either.
But what about the people who are falsely accused of being Scientologists? That guy has had his name, address, phone and SSN splashed all over the web, through no fault of his own. Seems like he could use some reputation management to clean up all of that info. Or, if it can't be cleaned-up, then to bury it in positive Google-karma.
Whatever, I think Windows is a well- [alt-tab]
[alt-tab alt-tab]
What was I saying?
Nevermind.
According to the complaint, one defendant gave the girl's contact information out and encouraged others to stalk her at the gym and take cell-phone pictures. Apparently, one defendant also emailed the entire Yale faculty with the false claim that she'd bribed her way into the school. That's some serious stuff right there.
Or to not threaten to stalk and rape, or to not make outrageous claims that somebody bribed their way into law school and is having a lesbian affair with an administrator. It seems like the defendants have made their bed by making comments that made their way into real-life and affected real people; I can't have too much sympathy for them having to lay in it.