Wow, is it just me, or did you just announce the death of homebrew software, freeware and OSS on the respective OS?
Not if the operating system allows allows end users (or at least sysadmins) to add their own CAs to the trusted list. With this in place, an OSS author can set up their own CA using OpenSSL, and ask the users of their software to install the root cert before running the SW (or can get the SW signed by some other OSS CA. IMHO, if Microsoft's driver signing requirements allowed me to add my own root certs, there would be no problems with the system.
This whole list is a damn abomination to the constitution. I hope King George W. Bush is proud of the way he tore our freedoms up like one would a piece of paper. What next, national gun ownership registration lists?
As far as I can tell, the No Fly List is there to prevent some government official from getting in trouble for allowing a known terrorist onto a plane, where said terrories then does something nasty. Remember the post 9/11 reports that at least some of the hijackers were already on government watch lists, and if we had been able to keep them off the planes, the attacks would not have happened. Thus, the whole list serves no purpose beyond CYA.
On the other hand, the list seems to be a law enforcement nightmare. While it may make it a little less convenient for an individual on a watch list to board an aircraft, it will also alert the person that the law is onto them, and allow them to swap in a new terrorist who is less known. In this way, the investigation is compromised, and the target is given warning. I'm sure that it would be much more effective if the terrorist does not know that the government is watching them until they are handcuffed.
Likewise, from a civil liberties point of view, it would be preferable to arrest those on list rather than denying them the right to travel. An arrest is a far more invasive and expensive procedure for all involved, and so is less likely to be abused on a large scale. In this way, the government will be forced to limit its resources on those who are a genuine threat, and it raises the stakes for a false positive match.
One final though: why does airport security even care about who is passing through the checkpoint. All they really need to worry is what is going through. The TSA screeners should limit themselves to insuring that no weapons or other dangerous items pass the checkpoint, and not worry at all about who is flying.
RMS would be amazing as he is only interested in software
Actually, that is not true. While he does serve as president of the FSF and spends most of his time on software activism, his personal home page reveals his involvement and activism in many progressive causes.
Yeah, and we see how well this has worked with obama. millions donated but he still voted for telco immunity. I wonder what he values more: your campaign contributions or the slush money and support of the telco industry?
I suspect that Obama voted for telco immunity, not because of any campaign contribution coming from AT&T and their ilk, but rather due to the brainwashing that the population has been exposed to in the post 9/11 paranoia. Had Obama voted for the immunity, the conservatives would have been able to paint him as soft on terrorism, in what already appears to be a very close election.
It really pains me to see how the population as a whole is willing to sacrifice the constitutional rights of everyone, for the sake of feeling safe. This is one area that the "Law and Order" types always seem to win the hearts and minds of the majority of the people. For the most part, it seems that for the most part: white, middle class folks (of which I am one) do not see any of the recient injustices coming out of Washington as effecting them, and so they are tolerated, as long it is only them (e.g. someone else) that are victimized by overzealous government.
If the ISP is messing with the DNS service, the best thing to do is to use a different service.
For Linux/Unix users, you can just run a caching-only server on the desktop system, and it will issue its own name requests from the root on down. I've been doing a slightly more complex version of this at home for VPN purposes. (Forward requests to my employer's net to the private internal DNS server (through the VPN), while querying the public internet for all other servers.)
I don't know it a similar option is available for Windows users w/o shelling out big bucks, but it is technically feasible
If you cannot run a caching-only server, another option is to use a third-party DNS server. The only problem here is that it would not be automagically configured by DHCP, and would have to be manually set up.
It's the Democrat party, not the Democratic party, but that's a common mistake people make. Ironic that the party that claims to champion Democracy relies on party elders to choose their Presidential Candidate (Superdelegates).
You are wrong. The official name of the party is The Democratic Party, as can be seen on the headers (not the URL) of the DNC Web Site. The only place where the party (as opposed to its members) has been referred to as the Democrat Party has been in conservative propoganda.
The immunity offered by this bill is retroactive only; it does not extend into the future. People who say Obama is pro-warrantless-wiretapping don't know WTF they're talking about; he's supporting a bill which will make it illegal in the future, but the only way to get that bill passed for the future (with a President who's sworn to veto anything w/o the provision and a Republican party with enough votes to prevent that veto from being overridden) is to forgive what happened in the past.
Why does congress need to pass any bill with an immunity provision? Wait for the next president, and then pass the law. It is only six months away (Thank God!) Whoever it is, the next president will be an improvement over W. Deal with any other FISA issues that may need to be handled (although IMHO FISA is fine as is, if anything, the standards for getting a wiretap need to be tightened, but I'm not holding out hope for that in the current climate of fear.)
Another important issue is that someone needs to be held accountable for the illegal wiretapping. It is it not the telcos, then it should be the NSA and DOJ. Make the agency directors who pressured the telcos (and possibly the White House officials who ordered them to do so criminally responsible for abuse of power and for creating illegal wiretaps. Then and only then can the telcos be let off the hook.
In other words, someone need to be held accountable.
Mods, please mod parent down, and do not click the link. It leads to
http://www.raygoldmodels.com/
which is impossible to exit short of killing your web browser due to endless message popups.
(On a related note does anyone know of a way to deal with web pages that begin spewing endless modal dialogs, one after another?)
The thing about messing with border guards is that they can say "no, you can't come in".
If they see a bunch of "random" data they can demand a password from you. No password, no entry.
This is only true for aliens. For US citizens have an absolute right to enter the country. Of course until someone clears customs they can do whatever they want in terms of searching the person, but if the person is a citizen, they cannot be turned back. (They could, however be send directly to jail.)
And that is exactly why we need to declare a war on global warning.
No one will be hurt, and we (and future generations) may all come out better in the long run.
According to the article, the IRS is only asking the banks to report the IDs of those receiving money from credit card transactions. Your purchases are not reported, only the aggregate of all the purchases of a business. This information will help to locate tax cheats. I would have a serious problem if the IRS got a list of where every consumer made a CC transaction, but that is not the case here.
The privacy issue is not a concern either. Even if it is a small business using the owner's SSN the IRS already has that info on tax forms, W2s, and other data they get from banks. This personal information will not be shared with anyone outside the IRS anymore than one's 1040 is.
"I don't like them pawing through my database" makes me think that you're embarrassed by the database structure, and don't want people to see how screwed up it is. If that's the reason, then maybe it's time to fix things.
I do not know what the underlying issue is -- you may be right the asker does not want to provide access to the DB because s/he does not want the customer to see the schema.
If could be due the an old, crufty schema which is an embarrassment; however it may the the exact opposite.
There could be an elegant, efficient, normalized schema underlying the DB, which is quite not the easiest format to generate ad hoc queries against. Perhaps the fear is that the customer will insist that the schema be changes to something less elegant and more "user friendly"
The reason such services should only be used where actually necessary, like in
print
or when verbally relaying a URL, is that they are a good way to hide the site. It is a newspaper's website, so there is likely a printed version of the article.
However, you have a good point, and Bruce may have been better off putting a like to his own web site (schneier.com) and putting the link, or a redirect there.
When China is talking about sovereignty, and "national interests and national dignity" they are really talking about having Taiwan (and maybe Tibet as well) labeled as independent nations.
Basically, they do not want any maps to be available on the Net to their own people (or anyone else, but that is impossible) which contain such counter-revolutionary ideas such as an independent Taiwan(even if only de facto).
I agree with your statement, and with the parent, but there is one other piece which has I have not seen addressed anywhere.
It seems that Microsoft has convinced a number of organizations, that unless OOXML is approved, governments will be unable to used the MS Office software which they have been dependent on for years. Add in training costs, and user resistance to anything new IT organizations within (and without) various governments are convinced that they need ISO approval for OOXML so that they can continue to use MS Office.
Of course MS could, if they wanted to, add an ODF filter to office, and make it as good as the native format. They could propose a TC (ISO speak: technical corregendium) to include missing features, but it is better for them not to do so and instead threaten IT organizations around the world with losing a piece of software they depend on (due to a potential requirement to use open / standard file formats), and in that way have recruited them to the MS cause.
The only legitimate reason for reserving a domain is to protect a buyer who is purchasing multiple, related domain names (e.g. foo.com, foo.net, and foo-xxx.com, and wants to be certain that all the domains can be obtained. If they cannot, the buyer would choose a different value.
To support this usage model without the kind of abuse we are seeing, reservation should be limited to one hour and should cost the registrar a small amount (maybe 1-20 cents) per reservation. If the customer eventually purchases the domain, the cost of the reservation will not have a ssignificant inpact on the profitability of the transaction.
A simple no refund policy will eliminate the domain kiting scams that are getting happening.
The other place where abuse can occur is when a domain expires. I would propose the following procedure to insure that nobody can lost their domain without really trying:
Once the domain expires, the DNS record is removed from the top level server. After this happens, the (former) owner will have the exclusive right to renew the domain for a period of 45 days. This renewal will be at the normal price, but will start at the expiration date, and not the renewal date. (Thus you lose the time that the DNS was disables.) The 45 days will allow the domain owner to notice that something is wrong, and should be plenty of time for a domain holder to notice their web site or email address no longer works.
After the 45 days, the domain becomes available via an auction which will last at least 15 days. The reserve price of that auction is the normal domain registration fee, with the domain's registrar receiving the proceeds of the auction (to encourage them to not game the system) The auction should have some mechanism to avoid ebay style sniping -- maybe the auction does not close until 1 full day after the last bid is received.
If the auction fails, then the domain returns to the pool, and is available on a first-come first-served as any unregistered domain is.
Slashdot Mirror
Wow, is it just me, or did you just announce the death of homebrew software, freeware and OSS on the respective OS?
Not if the operating system allows allows end users (or at least sysadmins) to add their own CAs to the trusted list. With this in place, an OSS author can set up their own CA using OpenSSL, and ask the users of their software to install the root cert before running the SW (or can get the SW signed by some other OSS CA. IMHO, if Microsoft's driver signing requirements allowed me to add my own root certs, there would be no problems with the system.
This whole list is a damn abomination to the constitution. I hope King George W. Bush is proud of the way he tore our freedoms up like one would a piece of paper. What next, national gun ownership registration lists?
As far as I can tell, the No Fly List is there to prevent some government official from getting in trouble for allowing a known terrorist onto a plane, where said terrories then does something nasty. Remember the post 9/11 reports that at least some of the hijackers were already on government watch lists, and if we had been able to keep them off the planes, the attacks would not have happened. Thus, the whole list serves no purpose beyond CYA.
On the other hand, the list seems to be a law enforcement nightmare. While it may make it a little less convenient for an individual on a watch list to board an aircraft, it will also alert the person that the law is onto them, and allow them to swap in a new terrorist who is less known. In this way, the investigation is compromised, and the target is given warning. I'm sure that it would be much more effective if the terrorist does not know that the government is watching them until they are handcuffed.
Likewise, from a civil liberties point of view, it would be preferable to arrest those on list rather than denying them the right to travel. An arrest is a far more invasive and expensive procedure for all involved, and so is less likely to be abused on a large scale. In this way, the government will be forced to limit its resources on those who are a genuine threat, and it raises the stakes for a false positive match.
One final though: why does airport security even care about who is passing through the checkpoint. All they really need to worry is what is going through. The TSA screeners should limit themselves to insuring that no weapons or other dangerous items pass the checkpoint, and not worry at all about who is flying.
The article mentions that the authorities met with the students and Ron Rivest (e.g. the "R" in the RSA crypto system).
It would be interesting to see what his involvement with this project is.
RMS would be amazing as he is only interested in software
Actually, that is not true. While he does serve as president of the FSF and spends most of his time on software activism, his personal home page reveals his involvement and activism in many progressive causes.
Yeah, and we see how well this has worked with obama. millions donated but he still voted for telco immunity. I wonder what he values more: your campaign contributions or the slush money and support of the telco industry?
I suspect that Obama voted for telco immunity, not because of any campaign contribution coming from AT&T and their ilk, but rather due to the brainwashing that the population has been exposed to in the post 9/11 paranoia. Had Obama voted for the immunity, the conservatives would have been able to paint him as soft on terrorism, in what already appears to be a very close election.
It really pains me to see how the population as a whole is willing to sacrifice the constitutional rights of everyone, for the sake of feeling safe. This is one area that the "Law and Order" types always seem to win the hearts and minds of the majority of the people. For the most part, it seems that for the most part: white, middle class folks (of which I am one) do not see any of the recient injustices coming out of Washington as effecting them, and so they are tolerated, as long it is only them (e.g. someone else) that are victimized by overzealous government.
If the ISP is messing with the DNS service, the best thing to do is to use a different service.
For Linux/Unix users, you can just run a caching-only server on the desktop system, and it will issue its own name requests from the root on down. I've been doing a slightly more complex version of this at home for VPN purposes. (Forward requests to my employer's net to the private internal DNS server (through the VPN), while querying the public internet for all other servers.)
I don't know it a similar option is available for Windows users w/o shelling out big bucks, but it is technically feasible
If you cannot run a caching-only server, another option is to use a third-party DNS server. The only problem here is that it would not be automagically configured by DHCP, and would have to be manually set up.
It's the Democrat party, not the Democratic party, but that's a common mistake people make. Ironic that the party that claims to champion Democracy relies on party elders to choose their Presidential Candidate (Superdelegates).
You are wrong. The official name of the party is The Democratic Party, as can be seen on the headers (not the URL) of the DNC Web Site. The only place where the party (as opposed to its members) has been referred to as the Democrat Party has been in conservative propoganda.
The immunity offered by this bill is retroactive only; it does not extend into the future. People who say Obama is pro-warrantless-wiretapping don't know WTF they're talking about; he's supporting a bill which will make it illegal in the future, but the only way to get that bill passed for the future (with a President who's sworn to veto anything w/o the provision and a Republican party with enough votes to prevent that veto from being overridden) is to forgive what happened in the past.
Why does congress need to pass any bill with an immunity provision? Wait for the next president, and then pass the law. It is only six months away (Thank God!) Whoever it is, the next president will be an improvement over W. Deal with any other FISA issues that may need to be handled (although IMHO FISA is fine as is, if anything, the standards for getting a wiretap need to be tightened, but I'm not holding out hope for that in the current climate of fear.)
Another important issue is that someone needs to be held accountable for the illegal wiretapping. It is it not the telcos, then it should be the NSA and DOJ. Make the agency directors who pressured the telcos (and possibly the White House officials who ordered them to do so criminally responsible for abuse of power and for creating illegal wiretaps. Then and only then can the telcos be let off the hook.
In other words, someone need to be held accountable.
Bend Over Here It Comes Again
Mods, please mod parent down, and do not click the link. It leads to http://www.raygoldmodels.com/ which is impossible to exit short of killing your web browser due to endless message popups.
(On a related note does anyone know of a way to deal with web pages that begin spewing endless modal dialogs, one after another?)
The thing about messing with border guards is that they can say "no, you can't come in".
If they see a bunch of "random" data they can demand a password from you. No password, no entry.
This is only true for aliens. For US citizens have an absolute right to enter the country. Of course until someone clears customs they can do whatever they want in terms of searching the person, but if the person is a citizen, they cannot be turned back. (They could, however be send directly to jail.)
And that is exactly why we need to declare a war on global warning. No one will be hurt, and we (and future generations) may all come out better in the long run.
Chances are they are already on file.
The privacy issue is not a concern either. Even if it is a small business using the owner's SSN the IRS already has that info on tax forms, W2s, and other data they get from banks. This personal information will not be shared with anyone outside the IRS anymore than one's 1040 is.
Doesn't even need to start with L as long as it contains all the other letters.
"I don't like them pawing through my database" makes me think that you're embarrassed by the database structure, and don't want people to see how screwed up it is. If that's the reason, then maybe it's time to fix things.
I do not know what the underlying issue is -- you may be right the asker does not want to provide access to the DB because s/he does not want the customer to see the schema. If could be due the an old, crufty schema which is an embarrassment; however it may the the exact opposite. There could be an elegant, efficient, normalized schema underlying the DB, which is quite not the easiest format to generate ad hoc queries against. Perhaps the fear is that the customer will insist that the schema be changes to something less elegant and more "user friendly"The reason such services should only be used where actually necessary, like in
print
or when verbally relaying a URL, is that they are a good way to hide the site. It is a newspaper's website, so there is likely a printed version of the article.However, you have a good point, and Bruce may have been better off putting a like to his own web site (schneier.com) and putting the link, or a redirect there.
Basically, they do not want any maps to be available on the Net to their own people (or anyone else, but that is impossible) which contain such counter-revolutionary ideas such as an independent Taiwan(even if only de facto).
It seems that Microsoft has convinced a number of organizations, that unless OOXML is approved, governments will be unable to used the MS Office software which they have been dependent on for years. Add in training costs, and user resistance to anything new IT organizations within (and without) various governments are convinced that they need ISO approval for OOXML so that they can continue to use MS Office.
Of course MS could, if they wanted to, add an ODF filter to office, and make it as good as the native format. They could propose a TC (ISO speak: technical corregendium) to include missing features, but it is better for them not to do so and instead threaten IT organizations around the world with losing a piece of software they depend on (due to a potential requirement to use open / standard file formats), and in that way have recruited them to the MS cause.
To support this usage model without the kind of abuse we are seeing, reservation should be limited to one hour and should cost the registrar a small amount (maybe 1-20 cents) per reservation. If the customer eventually purchases the domain, the cost of the reservation will not have a ssignificant inpact on the profitability of the transaction.
A simple no refund policy will eliminate the domain kiting scams that are getting happening.
The other place where abuse can occur is when a domain expires. I would propose the following procedure to insure that nobody can lost their domain without really trying:
Once the domain expires, the DNS record is removed from the top level server. After this happens, the (former) owner will have the exclusive right to renew the domain for a period of 45 days. This renewal will be at the normal price, but will start at the expiration date, and not the renewal date. (Thus you lose the time that the DNS was disables.) The 45 days will allow the domain owner to notice that something is wrong, and should be plenty of time for a domain holder to notice their web site or email address no longer works.
After the 45 days, the domain becomes available via an auction which will last at least 15 days. The reserve price of that auction is the normal domain registration fee, with the domain's registrar receiving the proceeds of the auction (to encourage them to not game the system) The auction should have some mechanism to avoid ebay style sniping -- maybe the auction does not close until 1 full day after the last bid is received.
If the auction fails, then the domain returns to the pool, and is available on a first-come first-served as any unregistered domain is.