So why do you say that? What have I said that has led you to believe I "got too much talk" and that I'm "stone fucking stupid"? Are you interested in actually interacting with people in this discusison or do you just get your rocks off acting like an anonymous dick on/.?
Oh God forbid you drag your asses out of your parents' basements and go somewhere to practice your hobby.
I'm sorry it's such a huge fucking inconvenience to engage those torpid flippers and move yourselves to and fro. I thought hams were so fucking important in an emergency. If just leaving the house is so traumatic what will you do "in a disaster"? Curl up into a little ball, blubber and cry and blame your failings on big, bad BPL? Whatever gets you through the day, I guess.
I had a great laugh over this post. Thanks, it really made my day:)
Oh and btw: I'm the commander of my local sheriff's office search and rescue team, and currently the only one on the team certified in high angle ropes rescue. I'll be sure to "get out of my mom's basement more":)
I was responsing to the AC and taking the position against BPL, so I'm not sure I understand who your post is directed at...
One more thing, don't knock amateur radio HAMS.
I don't, I'm KB3LYB
Most amateur radio operators know exactly how their stuff works - especially if you ever meet one who builds from scratch.
I do, which is pretty much what got me into the hobby in the first place. Talking on the radio is ok, I personally enjoy having the excuse to build stuff more though. I haven't designed anything myself yet, but I have built a lot of Ten Tec kits.
Yes, you are quite the intelligent one. So you believe in the event of an emergency all the Hams will spring to life and use their radio gear now that BPL is down. You honestly believe people are going to spend money on gear, set it up, and wait for a day when it might be usable. Do you want the first "test" of this gear to be during an emergency?
Sure, fuck ham. However they are a small population of spectrum users who would be affected (they just happen to be the group who complained publically). Police, coast guard, other emergency services, etc. all regiatered complaints to the FCC regarding BPL.
Appearently they do not care that you were easily mislead by debunked "cheap broadband" claims that anyone with a freshman level EE knowledge could see through. I'm sorry you were so gullible, fortunatly it seems the rest of the world isn't.
Finkployd
Re:The Convention on the Rights of a Child
on
Revamping Freenet
·
· Score: 1
Oh course, the "Child" is not defined, kinda defeating the purpose.
The FAQ lists "Child" as "anyone up to 18 years old" but that is uselessly non specific and still does not apply everywhere.
Change it so that people can choose what to support, and those items/issues/groups that deserve support will get more of it than they ever will under the all or nothing flag of freenet.
The problem is that doing so would completely break freenet. The idea is that you have parts of encrypted files on your pc. I do not believe you can decrypt a part without having the whole thing, so how would you make a value judgement with just a part of a file, let alone an encrypted part?
Designing a system that is "uncrackable by design" (such as necessitating an inordinate amount of processing power) is ultimately the same thing as security through obscurity, as it depends on the cracker not knowing *how* to garner that much processing power.
Well, within reason. Any encryption can be brute forced for example, but the processing power to do it is so far out of our hands as to make it insanely unlikely. Security is always a matter of tradeoffs, however to make intelligent decisions you need to know what your enemy's capabilities are...(more on this later)
To them, Freenet is a "network" and is thus a "haven" for bad activity. Do you agree that they think this way?
I think the thinking is more that Freenet is fringe while PGP is pretty mainstream. 10-15 years ago this was not the case and if you read any of the writings of law enforcement and government officials during this time they seem as negative, if not more, about PGP than today about freenet. PGP grew up and became legit, with a company behind it and a society that think encryption is an ok think for the general public to have. The NSA was not long ago claiming they "own" the concept of cryptography in the US and can classify any patent, research into it, or papers explaining it that they want to.
Will freenet grow up? I don't know, I suspect it would require a good legit use case. PGP relied heavily on the concept of freedom fighters and political underground movements in communist countries to gain public acceptance over its threat of misuse. I don't know how freenet could do the same. Nor do I think PGP would be able to do the same this day and age given our recent preoccupation with terrorists.
I wonder. Did you ever read _Digital Fortress_ by Dan Brown?
Yes, and I thought it sucked. DiVinci Code and Angels and Demons were much better, despite all three having basically the same formula. His next book better not have the "elder expert on some topic who seems to be helping the main character while secretly pulling the strings as the main bad guy in the background". I knew the end of Digital Fortress about 5 chapters into it.
In it, he claims that the NSA builds a super-super-super computer called TRNSLATR which can crack any PGP in a matter of seconds. Fiction, of course, but what, exactly, does the NSA do? Brown claims that the NSA wants the public to think that PGP is secure -- even from the NSA. I can see why such a lie would be in the NSA's interest to perpetuate. (No, I have no interest in conspiracy theories.)
Having said it sucked, this is one of the most interesting ideas in it, and certainly logical. In the NSA's position, had I have broken public key crypto somehow and wanted to get the most "bang for my buck" would I tell the world I broke it? Then everyone knows it is broken and avoids it and either creates a better cryptosystem or alternative method of message passing. Or do I keep it a secret while waging a public war on public key cryptography claiming that because I can't break it, it must be outlawed and tightly controlled by me for the public safety. I have to admit, their MASSIVE Clipper campaign against public key crypto was dropped a little TOO easily and forgotten.
I have a big problem with the government inconveniencing innocent citizens in the name of the "war on terror," but I also have no problem with the government putting extra scrutiny on foreign, male, muslim students coming from the Middle East.
I have no problem with profiling (everyone does it, all the time, whether they admit it or not). Nor do I have a problem using all available data for profiling. You never hear the public outcry over the FBI saying that most serial killers are white males, and that they must focus on black women just as much in those investigations.
I DO have a problem with the government ignoring its own rules for how investigations must happen and what disclosures must happen. This whole "secret investigation, evidence, and court" nonsence has got to go.
I argue that Freenet, by its nature, draws the eyes of law enforcement and, hence, I can't use it. I believe it may have the *reverse* effect of increasing privacy by increasing scrutiny.
This is a quite a good point and underscores the importance of the system being designed without vulnerabilities to ever work how they intend it to. Of course that goal is nearly impossible and we see now that freenet perhaps has some serious problems in that regard.
There's no way to avoid the value judgement in this case. By saying, "We don't care what you send over our encrypted network," they say, "terrorists and pedophiles are at home here," and that is a value judgement.
The same arguement can be made about anonymous remailers. Or PGP, or any encryption software for that matter. None of them are doing anything to stop so are they making a value judgement to support them?
What privacy have I gained if I start encrypting all of my messages and the FBI responds by putting a surveillance team on my house?
Depends. If nobody else is doing it you stand out like a sore thumb. If it picks up steam and a significant number of people use it then perhaps you have gained quite a lot of security. I would venture that enough people encrypt (PGP or S/MIME) email that the feds do not follow up on EVERYONE who uses it, that would be impossible.
You'd be stunned at what the FBI has the right to photograph or videotape without "invading your privacy" (as defined by law).
I work at a University which has a significant number of exchange students as well as US students of middle eastern descent in a "post PATRIOT ACT" world. Nothing will stun me:)
I think the point is that every government draws the line somewhere else. In some places a naked 16 year old is child porn, in other places it is not. One man's terrorist is another man's freedom fighter.
There is not a universal code of what is acceptable to everyone, there is just your own personal code. This may fit the mold of where you live or it may not. The question is not "Should a line be drawn?", everyone would agree there is a line. However "Where do you draw the line on issue X?" is something that cannot be answered globally. The freenet people have taken the approach that since the line cannot be drawn in a specific place, let's just ignore it altogether and let anything go. Interesting experiment if you ask me. I'm not interested in using it, but I am not morally opposed to it just because it does not stop those I disagree with from communicating. As a user of PGP that would be damn hypocritical of me wouldn't it?
Depending on where you live, there is no right to anything, including life. However many consider anonymous speech to be a right they wish to have, including many of the founders of the US, and the Supreme Court (which has ruled in favor of it). Nobody has a RIGHT to encryption either, but state granted or not, we can certainly take it, so long as it is not outlawed. And even then many will.
Finkployd
Re:Is Freenet doomed to failure by design?
on
Revamping Freenet
·
· Score: 1
Also, I *like* the idea of being able to have my communications remain private. My relationships are my business, and I don't have to subject them to any other *human's* supervision because I don't trust that the supervisor is any more virtuous than I am.
I'll bet terrorists and pedophiles feel EXACTLY the same way. So how do you create a system that instinctivly knows where the line is drawn, especially when as a society we do not even know where the line is drawn. Pedophiles means something vastly different depending on what state and/or country you are in, and one man's freedom fighter is another man's terrorist.
Freenet seems to have taken the only POSSIBLE approach, which is to say it does not try to make value judgements. Unfortunately there is no other way to have true anonymous speech than to accept that some of it will be distasteful.
Students who demonstrate intelligence beyond their years or insight into problems which the teacher cannot comprehend are VERY threatening to the teacher.
True, but in this case I think the punishment is coming due to a flagrant violation of school policy and the law. Given the recent identity theft stories and the fact that is becoming a very serious problem, I question how "gifted" these students actually were to not have seen this coming.
More to your point, I think the problem is that gifted children often feel that demonstrating their intelligence is a key to social acceptance (which if course, it is not). I don't know if I am gifted or not, but I learned along the way that basically "nobody likes a know it all". There are certain peers, teachers, etc. along the way that encouraged me and I gravitated toward them. I would think that any gifted person should be able to apply their mind to social situations like any other problem and observe reactions to certain behaviors and respond accordingly.
Yes, in fact, you are. Try reading the specs instead of listening to ignorant rantings on/.
You cannot install device driver which looks like an audio board (to rip DRM "enabled" audio).
Yes, you can. Care to back up this insane statement?
The OS will just not use your device driver, no matter which certificates you decide to accept.
This is perhaps true with MS Window's TCPA software (Palladium, or whatever they call it this week) but I can assure that Linux's TCPA will not work this way. If it does I will just rewrite it, sign the kernel myself and off we go.
Again, please actually read the TCPA specs rather than spouting uninformed horror stories.
How do you know it is diverting resources or they are just hiring new people? Or shifting people from some other defunct project?
They have scarce resources, any resources allocated to project A are not allocated to project B. So while they may not be taking people away from their bug fixing team, they are not adding these people to it. It is their company and they can run it as they please and I can complain about it as I please.
Flight Simulators:) You liked this?
Yeah, it worked and had no major bugs when I last tried it. Plus when it "crashed" there was less swearing on my part.
They didn't design this, they bought it from Giant for 80 million. And it is actually much better then spybot or adaware.
I and many many others disagree, but that is subjective. I've tried all three and was least impressed with Microsoft's.
I think this is irrelevant and moot. Obviously Norton is not offering an OS. But MS is not offering a virus. They are offering a program to fight them.
I do not. I am aware MS is not offering viruses, but they are offering the software with the flaws that viruses exploit. (note: I am not talking about trojans). You seem to think I do not understand the difference between the virus author and the author of the software the virus exploits. I do, and I assign some blame to both. More to the virus writer but some to the software provider, especially if the response to the vulnerability is poor.
And they are trying to fix mistakes. At some point we need to get over it.
Agreed, but I am not so quick to wipe the slate clean and blindly assume they are a whole new company. They have done some good with 2003 (specifically the default install is not longer a nightmare of poor security choices). They show promise with IE in that at least they are no longer completely ignoring it like they did for years. There is reason to believe that the next version of Windows will be an improvement over XP. Hurray, but that does not mean I still not view them with a healthy amount of skepticism, which they most certainly earned.
Essentially, a TCPA compatible computer will refuse to run all code which hasn't been pre-approved by some "trusted" organisation. This would make not-for-profit software development almost impossible.
Essentially, like seemingly most slashdotters, you are 100% wrong on this and I do not feel like retyping why. Read this for what TCPA is and what the real danger of it is.
Every time they release a patch/update they are trying to make their OS more secure. So I do not understand what you are trying to imply.
My implication is that now they are diverting resources that could be used to improve what is a fairly abysmal track record involving their response to security vulnerabilities to a new project designed to make money protecting against said vulnerabilities.
Now why can't they hire more people and do extra things?
They are free to do it, and I am free to question it. It seems a conflict of interest to me.
Microsoft's largest product is WIndows, but it is not their only product - nor do I think it "should" be.
Neither do it, if I had my say they would truly focus on what they do REALLY well. Flight Simulators:)
MS is not profiting from these vulnerabilities. First they anti-spyware program that they spent $80 million for and they are giving it away for free.
For now it is free. How sad is it that they spend 80 million designing something that does not work nearly as well as Spybot or Adaware. That is somewhat telling (albeit totally off topic) If they were really interested in making a dent in the spyware problem they would fix (or scrap) ActiveX.
Second they patch holes for free - when was the first or last time Windows Update asked you to pay for the patches?
The joker in me wants to answer "Windows 98" but that would be immature:)
You keep bringing this up as though I am supposed to be impressed by it. I am not. Who DOESN'T fix their own security holes for free?
Third They didn't write the viruses - evil hackers did.
Yes, but in many cases, those viruses would not be possible (or at least as devastating) had MS not done so poorly on security. It almost sounds as if you believe the security vulnerabilities that have plagued MS were totally inevitable. I am certainly not going to assert that it is possible to create something as complex as Windows and have it free of security holes, but they certainly could have done a better job over the years. Some of the hundreds of exploits they have been plagued with have been inexcusable, and the result of poor cooding/qa, irresponsible marketing driven decisions, and the like.
They are working to prevent these evil hackers and they have a right to make a profit on it - just like McAfee, Norton, Computer Associates, etc.
The only difference is that none of these companies are providing the software that suffers from the vulnerabilities these evil hackers exploit.
Without turning to a trollish fighting (i prefer debating points) but in this case it seems you are just attacking MS because of who they are.
Nope, because of what they do. I'm not talking about this exact moment in time, but their history over the years regarding security. If you believe them to be a responsible, security aware company that has done a good job in this arena then there is really nothing more we can debate. I am not writing a thesis on their history of problems in this space. I suppose I could refer to to pretty much any computer publication or security expert for a better view. Hell, even MS itself has at times publicly admitted to having a poor history regarding this.
If part of their attempt to turn themselves around and repair the problem that they bear some responsibility for involves making money off their own mistakes, that is where I take exception.
Linux virus scanners are generally (only?) used to scan for Windows viruses on file servers that are running on Linux, or scan email in real time that is passing through a Linux based mail server.
And I don't know many OSX users running virus scanners.
Perhaps its intent? If you can run "any code you want", you can run trojans, worms, pirated software and software designed to circumvent copyright.
No, if I can run any code I want then I can run any binaries I sign (or people/companies I have decided to trust sign). I assure you I do not want to run trojans, worms, etc so I will not sign those. Or do you think for some reason I will not be able to specify which software signers I trust, including myself. If so I invite you to research the TCPA. Preferably not relying on uninformed rantings on/.
Of course as a side effect, you can't run free hippie operating systems unless and until their code is certified to be corporate-friendly.
Sure I can, corporations do not control which digital certificates I accept, I do.
Since I took the day off and frankly have nothing better to do right now, I will explain to you how this works. Let me start by saying I am not a fan of the TCPA, but not for the reasons you think.
Under the TCPA the user has complete control over which binaries he wants to run. Or it is possible to just turn off the thing altogether. I can say I only want my system to run binaries signed by Redhat, or Debian, or me, or GNU, or any combination of signers. I can limit my system to only running Microsoft binaries if I want, or IBM, whoever. I can run binaries signed by Kazaa and Limewire if I so desire. This is something of a major misconception by people who hate the TCPA without actually understanding it. The reality is a bit less evil, but much more subtle and (to me) frightening because it can slowly be introduced, like boiling a frog.
Which brings us to the two words at the core of this: Remote Attestation. Without getting too technical let's just say that remote attestation means that a client (or server, or peer, anything communicating over the network) can verify who siged the binary that it is communicating with on the remote machine. The obvious use case for this is media players. Hollywood wants to release movies on the internet but wants to make damn sure you are only viewing them in a media player that will respect it's DRM wishes, like not saving the stream, etc. With remote attestation they can be sure that the only client software that can connect to it is Windows Media Player running on a trusted Windows platform. The protocol can be completely open and documented, and it will not matter because to fake out the server, something like xine will have to be able to effectivly break RSA digital certificates to remotely attest itself as something signed by Microsoft.
Now if you are like me, the first thing you think about is Samba. Suddenly MS can comply with everyone demanding they open their protocols. They just make Windows so that it can only do file and print sharing with other Windows machines. Samba will not be able to fake it out like today. Now sure MS would not do this, it would piss off way too many people. But if their market share suddenly declines, and their stock goes down, it would be fiscially irresponsible of them not to leverage their advantages wouldn't it?
Another scary though is IIS servers that only respond to IE. Fake the browser string all you want, it will not help. This also works both ways if you run an Apache server and want to piss off IE users:)
There was talk a while ago that MS wanted to create their own TCP/IP like stack that was propritary to Windows, remote attestation is basically it when you think about it.
So recapping, while TCPA does not enforce what binaries you run on your system, it can be used by services to enforce who is talking to them over the internet.
Fortunately things have been changing a bit lately. Samba is much more widly deployed and legit, being used by plenty of well known companies both internally and as part of their product lines. Firefox has taken some of the lock that IE has on the web browser market, forcing many online banks and other historically
Slashdot Mirror
How so? I brought it up in an afternoon to just play around with. Granted PSU has a lot of money and resources, but I didn't use any of them :)
Finkployd
It's easy enough to check on...
/.?
So why do you say that? What have I said that has led you to believe I "got too much talk" and that I'm "stone fucking stupid"? Are you interested in actually interacting with people in this discusison or do you just get your rocks off acting like an anonymous dick on
Finkployd
How is holding regular tests of emergency communications the same as never testing or using equipment until an actual emergency situation?
Finkployd
Oh God forbid you drag your asses out of your parents' basements and go somewhere to practice your hobby.
:)
:)
I'm sorry it's such a huge fucking inconvenience to engage those torpid flippers and move yourselves to and fro. I thought hams were so fucking important in an emergency. If just leaving the house is so traumatic what will you do "in a disaster"? Curl up into a little ball, blubber and cry and blame your failings on big, bad BPL? Whatever gets you through the day, I guess.
I had a great laugh over this post. Thanks, it really made my day
Oh and btw: I'm the commander of my local sheriff's office search and rescue team, and currently the only one on the team certified in high angle ropes rescue. I'll be sure to "get out of my mom's basement more"
Finkployd
I was responsing to the AC and taking the position against BPL, so I'm not sure I understand who your post is directed at...
One more thing, don't knock amateur radio HAMS.
I don't, I'm KB3LYB
Most amateur radio operators know exactly how their stuff works - especially if you ever meet one who builds from scratch.
I do, which is pretty much what got me into the hobby in the first place. Talking on the radio is ok, I personally enjoy having the excuse to build stuff more though. I haven't designed anything myself yet, but I have built a lot of Ten Tec kits.
Finkployd
Yes, you are quite the intelligent one. So you believe in the event of an emergency all the Hams will spring to life and use their radio gear now that BPL is down. You honestly believe people are going to spend money on gear, set it up, and wait for a day when it might be usable. Do you want the first "test" of this gear to be during an emergency?
Finkployd
Sure, fuck ham. However they are a small population of spectrum users who would be affected (they just happen to be the group who complained publically). Police, coast guard, other emergency services, etc. all regiatered complaints to the FCC regarding BPL.
Appearently they do not care that you were easily mislead by debunked "cheap broadband" claims that anyone with a freshman level EE knowledge could see through. I'm sorry you were so gullible, fortunatly it seems the rest of the world isn't.
Finkployd
Oh course, the "Child" is not defined, kinda defeating the purpose.
The FAQ lists "Child" as "anyone up to 18 years old" but that is uselessly non specific and still does not apply everywhere.
Finkployd
Change it so that people can choose what to support, and those items/issues/groups that deserve support will get more of it than they ever will under the all or nothing flag of freenet.
The problem is that doing so would completely break freenet. The idea is that you have parts of encrypted files on your pc. I do not believe you can decrypt a part without having the whole thing, so how would you make a value judgement with just a part of a file, let alone an encrypted part?
Finkployd
Designing a system that is "uncrackable by design" (such as necessitating an inordinate amount of processing power) is ultimately the same thing as security through obscurity, as it depends on the cracker not knowing *how* to garner that much processing power.
Well, within reason. Any encryption can be brute forced for example, but the processing power to do it is so far out of our hands as to make it insanely unlikely. Security is always a matter of tradeoffs, however to make intelligent decisions you need to know what your enemy's capabilities are...(more on this later)
To them, Freenet is a "network" and is thus a "haven" for bad activity. Do you agree that they think this way?
I think the thinking is more that Freenet is fringe while PGP is pretty mainstream. 10-15 years ago this was not the case and if you read any of the writings of law enforcement and government officials during this time they seem as negative, if not more, about PGP than today about freenet. PGP grew up and became legit, with a company behind it and a society that think encryption is an ok think for the general public to have. The NSA was not long ago claiming they "own" the concept of cryptography in the US and can classify any patent, research into it, or papers explaining it that they want to.
Will freenet grow up? I don't know, I suspect it would require a good legit use case. PGP relied heavily on the concept of freedom fighters and political underground movements in communist countries to gain public acceptance over its threat of misuse. I don't know how freenet could do the same. Nor do I think PGP would be able to do the same this day and age given our recent preoccupation with terrorists.
I wonder. Did you ever read _Digital Fortress_ by Dan Brown?
Yes, and I thought it sucked. DiVinci Code and Angels and Demons were much better, despite all three having basically the same formula. His next book better not have the "elder expert on some topic who seems to be helping the main character while secretly pulling the strings as the main bad guy in the background". I knew the end of Digital Fortress about 5 chapters into it.
In it, he claims that the NSA builds a super-super-super computer called TRNSLATR which can crack any PGP in a matter of seconds. Fiction, of course, but what, exactly, does the NSA do? Brown claims that the NSA wants the public to think that PGP is secure -- even from the NSA. I can see why such a lie would be in the NSA's interest to perpetuate. (No, I have no interest in conspiracy theories.)
Having said it sucked, this is one of the most interesting ideas in it, and certainly logical. In the NSA's position, had I have broken public key crypto somehow and wanted to get the most "bang for my buck" would I tell the world I broke it? Then everyone knows it is broken and avoids it and either creates a better cryptosystem or alternative method of message passing.
Or do I keep it a secret while waging a public war on public key cryptography claiming that because I can't break it, it must be outlawed and tightly controlled by me for the public safety. I have to admit, their MASSIVE Clipper campaign against public key crypto was dropped a little TOO easily and forgotten.
I have a big problem with the government inconveniencing innocent citizens in the name of the "war on terror," but I also have no problem with the government putting extra scrutiny on foreign, male, muslim students coming from the Middle East.
I have no problem with profiling (everyone does it, all the time, whether they admit it or not). Nor do I have a problem using all available data for profiling. You never hear the public outcry over the FBI saying that most serial killers are white males, and that they must focus on black women just as much in those investigations.
I DO have a problem with the government ignoring its own rules for how investigations must happen and what disclosures must happen. This whole "secret investigation, evidence, and court" nonsence has got to go.
I argue that Freenet, by its nature, draws the eyes of law enforcement and, hence, I can't use it. I believe it may have the *reverse* effect of increasing privacy by increasing scrutiny.
:)
This is a quite a good point and underscores the importance of the system being designed without vulnerabilities to ever work how they intend it to. Of course that goal is nearly impossible and we see now that freenet perhaps has some serious problems in that regard.
There's no way to avoid the value judgement in this case. By saying, "We don't care what you send over our encrypted network," they say, "terrorists and pedophiles are at home here," and that is a value judgement.
The same arguement can be made about anonymous remailers. Or PGP, or any encryption software for that matter. None of them are doing anything to stop so are they making a value judgement to support them?
What privacy have I gained if I start encrypting all of my messages and the FBI responds by putting a surveillance team on my house?
Depends. If nobody else is doing it you stand out like a sore thumb. If it picks up steam and a significant number of people use it then perhaps you have gained quite a lot of security. I would venture that enough people encrypt (PGP or S/MIME) email that the feds do not follow up on EVERYONE who uses it, that would be impossible.
You'd be stunned at what the FBI has the right to photograph or videotape without "invading your privacy" (as defined by law).
I work at a University which has a significant number of exchange students as well as US students of middle eastern descent in a "post PATRIOT ACT" world. Nothing will stun me
Finkployd
Good point.
This was the first I found, I believe there are a few others.
I think the point is that every government draws the line somewhere else. In some places a naked 16 year old is child porn, in other places it is not. One man's terrorist is another man's freedom fighter.
There is not a universal code of what is acceptable to everyone, there is just your own personal code. This may fit the mold of where you live or it may not. The question is not "Should a line be drawn?", everyone would agree there is a line. However "Where do you draw the line on issue X?" is something that cannot be answered globally. The freenet people have taken the approach that since the line cannot be drawn in a specific place, let's just ignore it altogether and let anything go. Interesting experiment if you ask me. I'm not interested in using it, but I am not morally opposed to it just because it does not stop those I disagree with from communicating. As a user of PGP that would be damn hypocritical of me wouldn't it?
Finkployd
So what is the alternative? Change freenet so that each node can censor what they want? Kinda defeats the entire point of the project then.
Finkployd
Depending on where you live, there is no right to anything, including life. However many consider anonymous speech to be a right they wish to have, including many of the founders of the US, and the Supreme Court (which has ruled in favor of it). Nobody has a RIGHT to encryption either, but state granted or not, we can certainly take it, so long as it is not outlawed. And even then many will.
Finkployd
Also, I *like* the idea of being able to have my communications remain private. My relationships are my business, and I don't have to subject them to any other *human's* supervision because I don't trust that the supervisor is any more virtuous than I am.
I'll bet terrorists and pedophiles feel EXACTLY the same way. So how do you create a system that instinctivly knows where the line is drawn, especially when as a society we do not even know where the line is drawn. Pedophiles means something vastly different depending on what state and/or country you are in, and one man's freedom fighter is another man's terrorist.
Freenet seems to have taken the only POSSIBLE approach, which is to say it does not try to make value judgements. Unfortunately there is no other way to have true anonymous speech than to accept that some of it will be distasteful.
Finkployd
Students who demonstrate intelligence beyond their years or insight into problems which the teacher cannot comprehend are VERY threatening to the teacher.
True, but in this case I think the punishment is coming due to a flagrant violation of school policy and the law. Given the recent identity theft stories and the fact that is becoming a very serious problem, I question how "gifted" these students actually were to not have seen this coming.
More to your point, I think the problem is that gifted children often feel that demonstrating their intelligence is a key to social acceptance (which if course, it is not). I don't know if I am gifted or not, but I learned along the way that basically "nobody likes a know it all". There are certain peers, teachers, etc. along the way that encouraged me and I gravitated toward them. I would think that any gifted person should be able to apply their mind to social situations like any other problem and observe reactions to certain behaviors and respond accordingly.
Finkployd
Wrong, horribly wrong.
/.
Yes, in fact, you are. Try reading the specs instead of listening to ignorant rantings on
You cannot install device driver which looks like an audio board (to rip DRM "enabled" audio).
Yes, you can. Care to back up this insane statement?
The OS will just not use your device driver, no matter which certificates you decide to accept.
This is perhaps true with MS Window's TCPA software (Palladium, or whatever they call it this week) but I can assure that Linux's TCPA will not work this way. If it does I will just rewrite it, sign the kernel myself and off we go.
Again, please actually read the TCPA specs rather than spouting uninformed horror stories.
Finkployd
Yeah, we call those trojans generally. And that is certainly not the only thing that happens to Windows machines.
Finkployd
How do you know it is diverting resources or they are just hiring new people? Or shifting people from some other defunct project?
:)
They have scarce resources, any resources allocated to project A are not allocated to project B. So while they may not be taking people away from their bug fixing team, they are not adding these people to it. It is their company and they can run it as they please and I can complain about it as I please.
Flight Simulators
You liked this?
Yeah, it worked and had no major bugs when I last tried it. Plus when it "crashed" there was less swearing on my part.
They didn't design this, they bought it from Giant for 80 million. And it is actually much better then spybot or adaware.
I and many many others disagree, but that is subjective. I've tried all three and was least impressed with Microsoft's.
I think this is irrelevant and moot. Obviously Norton is not offering an OS. But MS is not offering a virus. They are offering a program to fight them.
I do not. I am aware MS is not offering viruses, but they are offering the software with the flaws that viruses exploit. (note: I am not talking about trojans). You seem to think I do not understand the difference between the virus author and the author of the software the virus exploits. I do, and I assign some blame to both. More to the virus writer but some to the software provider, especially if the response to the vulnerability is poor.
And they are trying to fix mistakes. At some point we need to get over it.
Agreed, but I am not so quick to wipe the slate clean and blindly assume they are a whole new company. They have done some good with 2003 (specifically the default install is not longer a nightmare of poor security choices). They show promise with IE in that at least they are no longer completely ignoring it like they did for years. There is reason to believe that the next version of Windows will be an improvement over XP. Hurray, but that does not mean I still not view them with a healthy amount of skepticism, which they most certainly earned.
Finkployd
Essentially, a TCPA compatible computer will refuse to run all code which hasn't been pre-approved by some "trusted" organisation. This would make not-for-profit software development almost impossible.
Essentially, like seemingly most slashdotters, you are 100% wrong on this and I do not feel like retyping why. Read this for what TCPA is and what the real danger of it is.
Every time they release a patch/update they are trying to make their OS more secure. So I do not understand what you are trying to imply.
:)
:)
My implication is that now they are diverting resources that could be used to improve what is a fairly abysmal track record involving their response to security vulnerabilities to a new project designed to make money protecting against said vulnerabilities.
Now why can't they hire more people and do extra things?
They are free to do it, and I am free to question it. It seems a conflict of interest to me.
Microsoft's largest product is WIndows, but it is not their only product - nor do I think it "should" be.
Neither do it, if I had my say they would truly focus on what they do REALLY well. Flight Simulators
MS is not profiting from these vulnerabilities. First they anti-spyware program that they spent $80 million for and they are giving it away for free.
For now it is free. How sad is it that they spend 80 million designing something that does not work nearly as well as Spybot or Adaware. That is somewhat telling (albeit totally off topic) If they were really interested in making a dent in the spyware problem they would fix (or scrap) ActiveX.
Second they patch holes for free - when was the first or last time Windows Update asked you to pay for the patches?
The joker in me wants to answer "Windows 98" but that would be immature
You keep bringing this up as though I am supposed to be impressed by it. I am not. Who DOESN'T fix their own security holes for free?
Third They didn't write the viruses - evil hackers did.
Yes, but in many cases, those viruses would not be possible (or at least as devastating) had MS not done so poorly on security. It almost sounds as if you believe the security vulnerabilities that have plagued MS were totally inevitable. I am certainly not going to assert that it is possible to create something as complex as Windows and have it free of security holes, but they certainly could have done a better job over the years. Some of the hundreds of exploits they have been plagued with have been inexcusable, and the result of poor cooding/qa, irresponsible marketing driven decisions, and the like.
They are working to prevent these evil hackers and they have a right to make a profit on it - just like McAfee, Norton, Computer Associates, etc.
The only difference is that none of these companies are providing the software that suffers from the vulnerabilities these evil hackers exploit.
Without turning to a trollish fighting (i prefer debating points) but in this case it seems you are just attacking MS because of who they are.
Nope, because of what they do. I'm not talking about this exact moment in time, but their history over the years regarding security. If you believe them to be a responsible, security aware company that has done a good job in this arena then there is really nothing more we can debate. I am not writing a thesis on their history of problems in this space. I suppose I could refer to to pretty much any computer publication or security expert for a better view. Hell, even MS itself has at times publicly admitted to having a poor history regarding this.
If part of their attempt to turn themselves around and repair the problem that they bear some responsibility for involves making money off their own mistakes, that is where I take exception.
Finkployd
Linux virus scanners are generally (only?) used to scan for Windows viruses on file servers that are running on Linux, or scan email in real time that is passing through a Linux based mail server.
And I don't know many OSX users running virus scanners.
Finkployd
Perhaps its intent? If you can run "any code you want", you can run trojans, worms, pirated software and software designed to circumvent copyright.
/.
:)
No, if I can run any code I want then I can run any binaries I sign (or people/companies I have decided to trust sign). I assure you I do not want to run trojans, worms, etc so I will not sign those. Or do you think for some reason I will not be able to specify which software signers I trust, including myself. If so I invite you to research the TCPA. Preferably not relying on uninformed rantings on
Of course as a side effect, you can't run free hippie operating systems unless and until their code is certified to be corporate-friendly.
Sure I can, corporations do not control which digital certificates I accept, I do.
Since I took the day off and frankly have nothing better to do right now, I will explain to you how this works. Let me start by saying I am not a fan of the TCPA, but not for the reasons you think.
Under the TCPA the user has complete control over which binaries he wants to run. Or it is possible to just turn off the thing altogether. I can say I only want my system to run binaries signed by Redhat, or Debian, or me, or GNU, or any combination of signers. I can limit my system to only running Microsoft binaries if I want, or IBM, whoever. I can run binaries signed by Kazaa and Limewire if I so desire. This is something of a major misconception by people who hate the TCPA without actually understanding it. The reality is a bit less evil, but much more subtle and (to me) frightening because it can slowly be introduced, like boiling a frog.
Which brings us to the two words at the core of this: Remote Attestation. Without getting too technical let's just say that remote attestation means that a client (or server, or peer, anything communicating over the network) can verify who siged the binary that it is communicating with on the remote machine. The obvious use case for this is media players. Hollywood wants to release movies on the internet but wants to make damn sure you are only viewing them in a media player that will respect it's DRM wishes, like not saving the stream, etc. With remote attestation they can be sure that the only client software that can connect to it is Windows Media Player running on a trusted Windows platform. The protocol can be completely open and documented, and it will not matter because to fake out the server, something like xine will have to be able to effectivly break RSA digital certificates to remotely attest itself as something signed by Microsoft.
Now if you are like me, the first thing you think about is Samba. Suddenly MS can comply with everyone demanding they open their protocols. They just make Windows so that it can only do file and print sharing with other Windows machines. Samba will not be able to fake it out like today. Now sure MS would not do this, it would piss off way too many people. But if their market share suddenly declines, and their stock goes down, it would be fiscially irresponsible of them not to leverage their advantages wouldn't it?
Another scary though is IIS servers that only respond to IE. Fake the browser string all you want, it will not help. This also works both ways if you run an Apache server and want to piss off IE users
There was talk a while ago that MS wanted to create their own TCP/IP like stack that was propritary to Windows, remote attestation is basically it when you think about it.
So recapping, while TCPA does not enforce what binaries you run on your system, it can be used by services to enforce who is talking to them over the internet.
Fortunately things have been changing a bit lately. Samba is much more widly deployed and legit, being used by plenty of well known companies both internally and as part of their product lines. Firefox has taken some of the lock that IE has on the web browser market, forcing many online banks and other historically