Obviously, all your Linux Standards Base belong to us. That's the beauty of Free Software. The system truly belongs to the end users, as they have the right and ability to change things themselves.
Actually, I think that this shows part of the reason that people like terse file names; they're easier to type. It's a lot easier to type cd/usr/local/doc than cd/user_files/local_system/documentation. Similarly, if you use the command prompt in Windows it's nice to have short file names to make typing them fast. The one big complaint I have is with people being doctrinaire about it. It's annoying that Windows people use.htm when their system will support the same.html extension that everyone else uses.
Actually, the CA requirements for specific numbers of electric vehicles have been passed, but the actual implementation has been put on hold. People have used this as an argument, but it doesn't really hold water. The limitation right now is peak generating capacity, while most electric cars will be charged off-peak- at night mostly. In any case, the electricity shortage is much more a regulatory/economic problem than a true lack of generation problem.
I still think that battery electric cars are a foolish idea, but that's because they're impractical. It's just not possible to provide them with competitive range right now, and probably won't be for the forseeable future. There's also the recharging speed issue. There's just a tremendous inherent advantage to fuel powered vehicles, even if they probably will eventually shift to fuel-cell electric rather than IC engine driven.
Sadly, it has a typically poor Stephenson ending. He really needs to learn how to write a graceful ending that ties up some of the loose ends he's spent the whole book generating. I find it very frustrating to read about characters for hundreds of pages and develop some empathy for them and then have the book rudely chopped off just before finding out how their personal situations were resolved.
Now, can someone explain to me why anglo-saxons are so fucking paranoid about their democratically-elected governments to the point that they are afraid that those same governments would go to the length of impersonating them????
There's two ways of looking at this one is to retort "Why should a democratically elected government be so afraid of its citizens?" If those citizens are so incompetent and dangerous that they shouldn't be allowed to have cryptography, what in hell are they doing with the power to elect the government? The fact that the government is trying to take away something that's useful to its citizens is sufficient reason to be nervous about its intentions and willingness to be responsive to electors.
The other side is that citizen paranoia is exactly why the governments are trustworthy. The citizens are always on the lookout for anything suspicious that the government is trying to do- which is their job as voters, I'll point out- and quick to criticize it. That acts as a substantial brake on the government doing anything terribly effective to take away the rights of its citizens. It's countries where people have long had a more accepting view of government as protector and not in need of supervision that government abuse is rampant.
Is an application still considered opensource when the source is completely unreadable?
Only if it gets that way through lousy coding, rather than malicious obfuscation. The GPL requires that code be in the preferred form for programming, and the Open Source Definition requires that it not be deliberately obfuscated, but code that's simply badly written doesn't seem to fall into either category.
Nice try at starting a completely extraneous Perl-Python flamewar, though.
So your saying i can take gcc, modify it a little and then only give this modified version to people who pay?
That's 100% correct. You may make modifications and keep them to yourself, or only distribute them to people who pay. However anyone you give your modified version to has the right to demand the source code to your modified version and you must provide it for no more than the cost of doing so (i.e. cost of media, copying, and shipping).
Hello did you see the earlier posts about the Objc compiler fool.
The Objective C modifications were an example of a company trying to make extensions to GCC and then only distributing the binaries; they weren't allowed to do so and had to give purchasers a copy of the source. The practical result was that the FSF was able to get a copy- since it only took one person who had paid NeXT for the code to give it to them for them to have it to distribute- but NeXT was under no obligation to give it to them for the asking.
When you read the GPL and the statements of Richard Stallman, try to actually comprehend it.
Before you claim to know what Mr. Stallman has to say about selling GPLed software, perhaps you should read his comments about it. Just in case you're too lazy to follow the link, the crucial comments are [emphasis is theirs]:
Actually we encourage people who redistribute free software to charge as much as they wish or can. If this seems surprising to you,
please read on....
Since free software is not a matter of price, a low price isn't more free, or closer to free. So if you are redistributing copies of free
software, you might as well charge a substantial fee and make some money. Redistributing free software is a good and legitimate
activity; if you do it, you might as well make a profit from it....
Distributing free software is an opportunity to raise funds for development. Don't waste it!
Sounds pretty much as though the FSF says that you're free to distribute GPLed software only to those people who are willing to pay what you want to charge.
This isn't quite right. The GPL says something more like:
If you share the binary, you must share the source and
Once you've shared the program you mayn't prevent others from sharing it, too.
There's nothing in the GPL that says I have to give the program to anyone who wants it. The FSF even quite specifically supports the idea of charging people as much as the market will bear for GPLed software, and refusing to share it with somebody who won't pay what you want to charge. They just say that once you've sold it to person A, you can't keep A from reselling it to B for what he wants to charge.
Unix's security model isn't broken, honest. You're really supposed to need to use different computers for functions that could be implemented on one box if a compromise of one service didn't open the box as wide a the grand canyon. What a load of crap. That's a kludge, plain and simple; a small site shouldn't need to run three boxes to get security when the computing power of one of them is enough to handle all three tasks. Besides, even if running different services on different boxes does protect you against remote compromise, it does nothing against malicious users. Local exploits can't be dealt with the same way, since trying to keep different versions of the system on each local box is not a reasonable security solution. (In any case, your comment fails to account for the original poster's comment that OpenBSD is the most secure OS in the world, which is clearly not true.)
Sorry, but Unix's security design has serious flaws. It constantly befuddles me that anyone really thinks that a system that requires constant code auditing so that a single broken program won't make the whole box vulnerable is an adequate design is beyond me. Note, though, that Unix doesn't actually need to upgrade to a full, mandatory security package to improve security a lot. All it really needs to develop much better security is some kind of least privilege system, so that programs can be run with only those privileges they specifically need to fulfill their functions. Then your example of a compromised web server not giving special access to the middleware program would still hold even if they were on the same box.
Re:Backdoor challenge for you hackers...
on
NSA Linux In Depth
·
· Score: 1
Not to mention the fact that the easter eggs might not be in the source, but in the binaries, particularly GCC, so that any new compilings include the NSA's improvements.
Not a really plausible threat, since NSA released the source. Anone who's really interested is likely to get the source and compile it themselves anyway, and NSA sure can't guarantee that they'll all compile it with a cleverly NSA modified version of GCC that activates their backdoors. Most people aren't going to use the NSA's version anyway, since it isn't complete, but are going to wait for RedHat or somebody to add it to a standardized distribution.
Heck, there's not even a real guarantee that a backdoor implemented that way would necessarily work for long. It depends on the modified compiler recognizing the exact code that it's going to modify. With Free Software, there's a good chance that somebody's going to modify the code, and then the clever recognition will fail and the backdoor won't be implemented.
While I do use GNU/Linux on my workstation, I think OpenBSD is by far the most secure OS on the planet
Well, that just shows that there's more to security than you realize. OpenBSD may be more secure than other typical Unix-type systems because of its code auditing, it still has all of the architectural problems that Unix suffers from in general- basically that a single broken SUID program compromises the whole system. OpenBSD has had fewer exploits turn up over the years, but when one is discovered the system is just as open to crackers as other Unices.
The goal of SE Linux is to add on mandatory access controls. Mandatory access controls are very powerful, but tend to add a lot of complexity. They add a whole different layer of compartmentalization, so that users and programs simply aren't allowed to do many operations, even if they somehow get root privileges. That's the route to true security, becuase it means that you can maintain substantial system security even if some of your programs are broken or contain Trojan Horses. Try reading some of the documentation about why the NSA sees this as important, and you might learn a bit out making really secure systems.
You're missing two points. The simpler one is that NSA SE Linux is not really about encryption at all; it's about adding mandatory access controls to the system. IOW it's about making the box more secure to attempts to crack it, but has nothing to do with the security of data that's transmitted from the box to the rest of the world. That means that so long as NSA can gather and decrypt the other guys' transmissions, it doesn't matter how resistant their boxen are to being cracked.
The other thing to consider is that NSA really has two missions. One is the one that everyone pays attention to- signals intelligence. The other mission is to help American institutions develop more secure computing systems so that our data is protected, and that's the group that's involved in SE Linux. The two pieces may be nominally part of the same organization, but their structures and goals are very different. The SIGINT branch is very secretive and wishes that nobody knew that they exist. The secure computing part by definition has to evangelize and make its developments as widespread as possible in order to make sure that everyone who's supposed to be protected is protected. With an organization that schizophrenic, you shouldn't be surprised to see something like this occasionally.
Yeah, but you pay $400+ for that 1GB microdrive. By the time you've shelled out that, you might as well buy a cheap PC instead. You could probably salvage a Pentium class PC for $100 and add a 40 GB harddrive for less than $200. Microdrives are cool, but they're not exactly the thing to get when you're trying to go for "build it in your garage for the price of labor" type projects.
Not because they are more clueful, but because its easier to install one monolithic service pack than hundreds of seperate patches to deal with specific security problems as is the norm on the UNIX side of things.
Of course MS releases a service pack about as often as RedHat releases, maybe a bit less often, so a sysadmin could theoretically just get the new CD every time one comes out and run the update program. That would keep them about as up to date as somebody who applied all of the WinNT service packs in turn, though perhaps less elegantly. Certainly somebody who was running Debian could keep their system up to date much more easily using apt-get.
I'll certainly agree that this situation sounds much more like completely clueless admins (or admins saddled with clueless bosses), rather than an inherent problem with Windows. The patches were well known and available, and they should have been applied even if the process of doing so was painful and complex. The same thing was true with the holes in RedHat that let the Ramen Worm propagate; the patches were readily available for a long time and there was no excuse to leave them unapplied. Cluelessness is a social problem, and technological solutions can't guarantee a fix.
Crackers are responsible for very little of the vast majority of piracy. The vast majority is casual, where most
people don't even realize they're breaking the law ("Hey jim, can I borrow your Office CD for a few minutes?").
But there's a serious question about how much this kind of piracy is actually costing Microsoft. Do you really think that every person who borrows an Office CD from work to install it on his home computer would really buy the full cost package from Microsoft anyway? I sure don't. I sincerely question whether this will actually be a money maker for MS in the long run. Discouraging casual copying won't actually increase sales very much (for the reason stated above), while the increased hassle of dealing with the copy protection scheme will make more people question the practicality of buying overpriced MS products. This will be particularly true unless there's an easier way of dealing with the copy controls for large businesses with huge numbers of PCs to manage. Just think about what dealing with all of those damn licenses will do to Microsoft's vaunted TCO.
But what is destroyed by a DOS attack or replacing a web page while keeping a copy of
the original version?
One obvious difference is that a DoS attack generally involves doing damage to innocent bystanders. DoS often involve hijacking the computer of an innocent third party to use in the actual attack and also causing a big mess for all of the routers between the attacker and the victim. IIRC a lot of web site defacers also break into third party computers to do their dirty work.
That points to another, IMO crucial, difference- that people involved in a sit in are actually personally involved. They're risking arrest and injury to make their point. DoS kiddies and web site defacers, OTOH, generally take pains to avoid being identifiable. Part of the reason that they involve third parties is to avoid being identified. There's a huge moral gap between somebody who is willing to risk arrest for what he stands for and somebody who is willing to damage a third party's property to avoid detection. One is heroic and the other is cowardly.
I don't think that it's possible to create a subtle distinction like hacker/cracker in the public consciousness after the term becomes established a particular way in general use. The best hope is to introduce new terms that clearly make the distinction that you want to make and hope that they catch on. Instead of saying "hacker" to mean a creative and dedicated programmer, call him a "brilliant programmer". It's not as colorful, but it conveys exactly what you mean. Similarly, people who break into computer systems to cause mischief shouldn't be called "crackers", they should be called "vandals" or "miscreants". The meaning is very clear to anyone who doesn't understand computers at all, and it also attaches the negative connotation that there's nothing heroic about messing up somebody's web site or DDOSing an IRC server.
The obvious criterion to use is not the algorithmic complexity of the decryption code but an objective measure of the security of the encryption used. You could use a criterion like the key size or the resources needed for an analytical attack. We all know, for instance, that it's possible to write a 3 line RSA public key cryptography encoder/decoder, but somebody who used it with 4096 bit keys would obviously be taking security very seriously. We know that because we have some idea of just how challenging cracking 4096 bit RSA is- essentially impossible barring unforseen developments in NP=P or quantum computing. Similarly, when NIST was evaluating AES candidates, simplicity of the algorithm was actually viewed as a possible security advantage because it made analyzing it for weaknesses easier.
In the case of CSS you can make a reasonable case that the designers were making a good faith effort to use the strongest encryption they legally could. The system was designed at a time when they couldn't legally use keys longer than 56 bits, so they used the legal maximum. Admittedly they did a bad job of designing their crypto so that they didn't get the full strength they could from the key length, but even experienced cryptographers will sometimes screw up and design systems that aren't as strong as their key lengths would suggest. That the CSS designers tried to make a system as strong as they legally could (so long as they wanted it to be available worldwide) is strong evidence that they were attempting to make an effective control device.
And the obvious things to consider about this point are that:
A) On average people are becoming more computer literate, rather than less. Five years ago, computers were scary to a large percentage of the population; today Grandma has her own web page and
B) Added processing power and software development is making computers generally easier to use on an absolute scale
The combination of those two factors suggests that special purpose devices should be getting less practical over time rather than more practical. The way to think about this is to look at TiVo. Yes, it is a special purpose computer, but then again so is your VCR, and TiVo is much closer to your desktop machine than the VCR is. After all, TiVo uses a lot of off-the-shelf PC components, including a general purpose operating system. TiVo shows that we're quite close to putting TV recording functions into a standard computer- i.e. that the general purpose box is likely to start swallowing up functions that once belonged to separate devices- not that special purpose boxes are going to start taking over from general purpose ones.
But it's clear that the Founding Fathers did not support the idea of Free Speech as absolute and unfettered. The concepts of slander and conspiracy existed long before the Bill of Rights, and it's clear that the First Amendment was never intended to do away with them. Freedom of Speech may give you the right to say what you will, but it does not protect you from the consequences of your speech; if your words have certain kinds of damaging consequences you can be held accountable without violating the First Amendment.
As proof that the Founding Fathers did believe that some kinds of speech could harm, you have only to look at their acceptance of dueling. They apparently considered it to be legitimate to threaten to kill somebody over an insult- hardly the stance of somebody who thinks that mere speech is harmless.
As an alumnus of one of the colleges that has a particularly fine reputation for pulling pranks, I can tell you that your problem isn't that you aren't a college student. It's that you apparently didn't learn the first rule of pranks- know your target. The guys from MIT don't avoid arrest because they're college students and people are indulgent. If they targeted a humorless MegaCorp, they'd get in trouble the same as anybody else. If they tried the same stunts at many other colleges they'd probably get expelled. They avoid trouble because their victim views pranks (or at least the kinds of pranks that they like to pull) as funny and, in a sense, and extension of the basic educational mission of the school. That's why some kinds of pranks (those involving engineering feats) are particularly celebrated while others- like random vandalism- are not.
Why would anyone who goes to MIT want to be anything like the characters in Real Genius? That was filmed at Caltech, the other Geek Institute. It is a a very different place (but with a very similar attitude toward cool hacks, and Caltech's may be better...;-) ).
Actually, Real Genius was not filmed at Caltech, although a large number of other movies have been filmed there. The administration didn't like the way that the Institute was being portrayed and refused to let them film there. They did do a highly accurate copy of a section of one of the Undergraduate residences as a set, though. The details were pretty damn accurate, down to the (sanctioned) graffiti on the walls and the interiors of the closets. IIRC it was a chunk of Dabney Hovse.
I've heard stories about their Interhouse parties, and the engineering feats to pull some of those off are pretty impressive.
Sadly, Interhouse is no more. It was killed off my Frosh year (1990-91) because it simply got out of hand; too many outsiders were coming in and getting violent. A number of the other events portrayed in the movie (Decompression, the Tanning Invitational, etc.) are based on Caltech events, though, and I had Frosh Physics from the professor with his own TV show who was a model for the one in the movie. They even duplicated one famous Caltech hack- stuffing the entry box in an "enter as many times as you wish, printed entries accepted" sweepstakes. The Caltech (Page House, IIRC) students printed up several hundred thousand entries on a line printer and won a substantial share of the prizes including a car.
Actually what it sounds like the CIA is working on is trying to mine data out of public sources. There's good reason to think that you can discover a lot of what governments want to keep hidden if you can just go through enough publically available data and correlate it. For instance, you can probably get a good idea of a government's secret spending by figuring out how much money they're taking in taxes and borrowing and subtracting out expenditures- provided that you can actually track both of those things. It looks hopeless because there's so much data to go through, but with good computers it should be possible, especially if the other guys have a lot of secret spending. Or you can figure out what the inner circle of the government really thinks by looking at all of the news leaks from highly placed government officials.
This stuff scares the crap out of governments that are both required to be open but interested in hiding things from other countries. You simply can't hide everything, especially not anything big enough to be really interesting, because it has to interface with the world somehow. The CIA obviously wants to get really good at this kind of thing, and monitoring vast quantities of mundane stuff like TV news programs, budgets, and corporate annual reports is part of the process. The best part is that if you can do this effectively, you don't need spies as much, but you do need a lot of drones to go through huge piles of paper and TV to enter the raw data into the computers to process. There's probably some filtering out the interesting stuff from listening in on videoconferences, too, but it's amazing how many paper pushing drones wind up working in a sexy sounding business like spying.
I say that a person has the right to say anything they want to anyone they want, and the person on the receiving end has the right to employ whatever means neccesary to block that person if they choose. In a public forum, there really isn't much a person can do excepr killfile or complain if the agitator is posting offtopic musings against a charter or illegal material. For email, a person should be able to go after another's account if they are seriously being harrassed.
But the cases at issue are not so much about direct harrasment (in which ignoring the originator is a viable option) as they are about defamation. The question is how to deal with an anonymous or pseudonymous individual spreading rumors or lies- or allegedly lies- on a public forum. In the case of an trackable person, the target of the defamation has a defense; they can haul the alleged defamer into court and try to disprove their alleged lies in public. If they can prove their case, they gain both vindication and compensation for any damages the defamation has caused. But without the ability to track down the originator of the misinformation, the defamed person has no real chance to prove their case. IOW, the right to free speech is not properly balanced by the responsibility of being held accountable for the contents of that speech.
That's not to say that anonymous speech should be banned or curtailed. There is a real need for people to be able to speak anonymously or pseudonymously. There are genuine whistleblowers who rightly fear retaliation for divulging damaging secrets and the like. But there does need to be a way to pierce the veil of anonymity and hold accountable those who use it to cover wrongdoing when wrongdoing is shown. If we let anonymity be an impregnable shield for harmful lies, its value is destroyed. It will become a burden for those who are damaged by the anonymous liars, and the opinions of people who seek anonymity will be so heavily discounted that true whistleblowers will be ignored.
Slashdot Mirror
Obviously, all your Linux Standards Base belong to us. That's the beauty of Free Software. The system truly belongs to the end users, as they have the right and ability to change things themselves.
Actually, I think that this shows part of the reason that people like terse file names; they're easier to type. It's a lot easier to type cd /usr/local/doc than cd /user_files/local_system/documentation. Similarly, if you use the command prompt in Windows it's nice to have short file names to make typing them fast. The one big complaint I have is with people being doctrinaire about it. It's annoying that Windows people use .htm when their system will support the same .html extension that everyone else uses.
Actually, the CA requirements for specific numbers of electric vehicles have been passed, but the actual implementation has been put on hold. People have used this as an argument, but it doesn't really hold water. The limitation right now is peak generating capacity, while most electric cars will be charged off-peak- at night mostly. In any case, the electricity shortage is much more a regulatory/economic problem than a true lack of generation problem.
I still think that battery electric cars are a foolish idea, but that's because they're impractical. It's just not possible to provide them with competitive range right now, and probably won't be for the forseeable future. There's also the recharging speed issue. There's just a tremendous inherent advantage to fuel powered vehicles, even if they probably will eventually shift to fuel-cell electric rather than IC engine driven.
Yes it is different. The ink tags get taken off when you buy the clothes, while the autodestruct gets left on the files permanently.
Sadly, it has a typically poor Stephenson ending. He really needs to learn how to write a graceful ending that ties up some of the loose ends he's spent the whole book generating. I find it very frustrating to read about characters for hundreds of pages and develop some empathy for them and then have the book rudely chopped off just before finding out how their personal situations were resolved.
There's two ways of looking at this one is to retort "Why should a democratically elected government be so afraid of its citizens?" If those citizens are so incompetent and dangerous that they shouldn't be allowed to have cryptography, what in hell are they doing with the power to elect the government? The fact that the government is trying to take away something that's useful to its citizens is sufficient reason to be nervous about its intentions and willingness to be responsive to electors.
The other side is that citizen paranoia is exactly why the governments are trustworthy. The citizens are always on the lookout for anything suspicious that the government is trying to do- which is their job as voters, I'll point out- and quick to criticize it. That acts as a substantial brake on the government doing anything terribly effective to take away the rights of its citizens. It's countries where people have long had a more accepting view of government as protector and not in need of supervision that government abuse is rampant.
Only if it gets that way through lousy coding, rather than malicious obfuscation. The GPL requires that code be in the preferred form for programming, and the Open Source Definition requires that it not be deliberately obfuscated, but code that's simply badly written doesn't seem to fall into either category.
Nice try at starting a completely extraneous Perl-Python flamewar, though.
That's 100% correct. You may make modifications and keep them to yourself, or only distribute them to people who pay. However anyone you give your modified version to has the right to demand the source code to your modified version and you must provide it for no more than the cost of doing so (i.e. cost of media, copying, and shipping).
The Objective C modifications were an example of a company trying to make extensions to GCC and then only distributing the binaries; they weren't allowed to do so and had to give purchasers a copy of the source. The practical result was that the FSF was able to get a copy- since it only took one person who had paid NeXT for the code to give it to them for them to have it to distribute- but NeXT was under no obligation to give it to them for the asking.
Before you claim to know what Mr. Stallman has to say about selling GPLed software, perhaps you should read his comments about it. Just in case you're too lazy to follow the link, the crucial comments are [emphasis is theirs]:
Sounds pretty much as though the FSF says that you're free to distribute GPLed software only to those people who are willing to pay what you want to charge.
This isn't quite right. The GPL says something more like:
There's nothing in the GPL that says I have to give the program to anyone who wants it. The FSF even quite specifically supports the idea of charging people as much as the market will bear for GPLed software, and refusing to share it with somebody who won't pay what you want to charge. They just say that once you've sold it to person A, you can't keep A from reselling it to B for what he wants to charge.
Unix's security model isn't broken, honest. You're really supposed to need to use different computers for functions that could be implemented on one box if a compromise of one service didn't open the box as wide a the grand canyon. What a load of crap. That's a kludge, plain and simple; a small site shouldn't need to run three boxes to get security when the computing power of one of them is enough to handle all three tasks. Besides, even if running different services on different boxes does protect you against remote compromise, it does nothing against malicious users. Local exploits can't be dealt with the same way, since trying to keep different versions of the system on each local box is not a reasonable security solution. (In any case, your comment fails to account for the original poster's comment that OpenBSD is the most secure OS in the world, which is clearly not true.)
Sorry, but Unix's security design has serious flaws. It constantly befuddles me that anyone really thinks that a system that requires constant code auditing so that a single broken program won't make the whole box vulnerable is an adequate design is beyond me. Note, though, that Unix doesn't actually need to upgrade to a full, mandatory security package to improve security a lot. All it really needs to develop much better security is some kind of least privilege system, so that programs can be run with only those privileges they specifically need to fulfill their functions. Then your example of a compromised web server not giving special access to the middleware program would still hold even if they were on the same box.
Not a really plausible threat, since NSA released the source. Anone who's really interested is likely to get the source and compile it themselves anyway, and NSA sure can't guarantee that they'll all compile it with a cleverly NSA modified version of GCC that activates their backdoors. Most people aren't going to use the NSA's version anyway, since it isn't complete, but are going to wait for RedHat or somebody to add it to a standardized distribution.
Heck, there's not even a real guarantee that a backdoor implemented that way would necessarily work for long. It depends on the modified compiler recognizing the exact code that it's going to modify. With Free Software, there's a good chance that somebody's going to modify the code, and then the clever recognition will fail and the backdoor won't be implemented.
Well, that just shows that there's more to security than you realize. OpenBSD may be more secure than other typical Unix-type systems because of its code auditing, it still has all of the architectural problems that Unix suffers from in general- basically that a single broken SUID program compromises the whole system. OpenBSD has had fewer exploits turn up over the years, but when one is discovered the system is just as open to crackers as other Unices.
The goal of SE Linux is to add on mandatory access controls. Mandatory access controls are very powerful, but tend to add a lot of complexity. They add a whole different layer of compartmentalization, so that users and programs simply aren't allowed to do many operations, even if they somehow get root privileges. That's the route to true security, becuase it means that you can maintain substantial system security even if some of your programs are broken or contain Trojan Horses. Try reading some of the documentation about why the NSA sees this as important, and you might learn a bit out making really secure systems.
You're missing two points. The simpler one is that NSA SE Linux is not really about encryption at all; it's about adding mandatory access controls to the system. IOW it's about making the box more secure to attempts to crack it, but has nothing to do with the security of data that's transmitted from the box to the rest of the world. That means that so long as NSA can gather and decrypt the other guys' transmissions, it doesn't matter how resistant their boxen are to being cracked.
The other thing to consider is that NSA really has two missions. One is the one that everyone pays attention to- signals intelligence. The other mission is to help American institutions develop more secure computing systems so that our data is protected, and that's the group that's involved in SE Linux. The two pieces may be nominally part of the same organization, but their structures and goals are very different. The SIGINT branch is very secretive and wishes that nobody knew that they exist. The secure computing part by definition has to evangelize and make its developments as widespread as possible in order to make sure that everyone who's supposed to be protected is protected. With an organization that schizophrenic, you shouldn't be surprised to see something like this occasionally.
Yeah, but you pay $400+ for that 1GB microdrive. By the time you've shelled out that, you might as well buy a cheap PC instead. You could probably salvage a Pentium class PC for $100 and add a 40 GB harddrive for less than $200. Microdrives are cool, but they're not exactly the thing to get when you're trying to go for "build it in your garage for the price of labor" type projects.
Of course MS releases a service pack about as often as RedHat releases, maybe a bit less often, so a sysadmin could theoretically just get the new CD every time one comes out and run the update program. That would keep them about as up to date as somebody who applied all of the WinNT service packs in turn, though perhaps less elegantly. Certainly somebody who was running Debian could keep their system up to date much more easily using apt-get.
I'll certainly agree that this situation sounds much more like completely clueless admins (or admins saddled with clueless bosses), rather than an inherent problem with Windows. The patches were well known and available, and they should have been applied even if the process of doing so was painful and complex. The same thing was true with the holes in RedHat that let the Ramen Worm propagate; the patches were readily available for a long time and there was no excuse to leave them unapplied. Cluelessness is a social problem, and technological solutions can't guarantee a fix.
But there's a serious question about how much this kind of piracy is actually costing Microsoft. Do you really think that every person who borrows an Office CD from work to install it on his home computer would really buy the full cost package from Microsoft anyway? I sure don't. I sincerely question whether this will actually be a money maker for MS in the long run. Discouraging casual copying won't actually increase sales very much (for the reason stated above), while the increased hassle of dealing with the copy protection scheme will make more people question the practicality of buying overpriced MS products. This will be particularly true unless there's an easier way of dealing with the copy controls for large businesses with huge numbers of PCs to manage. Just think about what dealing with all of those damn licenses will do to Microsoft's vaunted TCO.
One obvious difference is that a DoS attack generally involves doing damage to innocent bystanders. DoS often involve hijacking the computer of an innocent third party to use in the actual attack and also causing a big mess for all of the routers between the attacker and the victim. IIRC a lot of web site defacers also break into third party computers to do their dirty work.
That points to another, IMO crucial, difference- that people involved in a sit in are actually personally involved. They're risking arrest and injury to make their point. DoS kiddies and web site defacers, OTOH, generally take pains to avoid being identifiable. Part of the reason that they involve third parties is to avoid being identified. There's a huge moral gap between somebody who is willing to risk arrest for what he stands for and somebody who is willing to damage a third party's property to avoid detection. One is heroic and the other is cowardly.
I don't think that it's possible to create a subtle distinction like hacker/cracker in the public consciousness after the term becomes established a particular way in general use. The best hope is to introduce new terms that clearly make the distinction that you want to make and hope that they catch on. Instead of saying "hacker" to mean a creative and dedicated programmer, call him a "brilliant programmer". It's not as colorful, but it conveys exactly what you mean. Similarly, people who break into computer systems to cause mischief shouldn't be called "crackers", they should be called "vandals" or "miscreants". The meaning is very clear to anyone who doesn't understand computers at all, and it also attaches the negative connotation that there's nothing heroic about messing up somebody's web site or DDOSing an IRC server.
The obvious criterion to use is not the algorithmic complexity of the decryption code but an objective measure of the security of the encryption used. You could use a criterion like the key size or the resources needed for an analytical attack. We all know, for instance, that it's possible to write a 3 line RSA public key cryptography encoder/decoder, but somebody who used it with 4096 bit keys would obviously be taking security very seriously. We know that because we have some idea of just how challenging cracking 4096 bit RSA is- essentially impossible barring unforseen developments in NP=P or quantum computing. Similarly, when NIST was evaluating AES candidates, simplicity of the algorithm was actually viewed as a possible security advantage because it made analyzing it for weaknesses easier.
In the case of CSS you can make a reasonable case that the designers were making a good faith effort to use the strongest encryption they legally could. The system was designed at a time when they couldn't legally use keys longer than 56 bits, so they used the legal maximum. Admittedly they did a bad job of designing their crypto so that they didn't get the full strength they could from the key length, but even experienced cryptographers will sometimes screw up and design systems that aren't as strong as their key lengths would suggest. That the CSS designers tried to make a system as strong as they legally could (so long as they wanted it to be available worldwide) is strong evidence that they were attempting to make an effective control device.
And the obvious things to consider about this point are that:
A) On average people are becoming more computer literate, rather than less. Five years ago, computers were scary to a large percentage of the population; today Grandma has her own web page and
B) Added processing power and software development is making computers generally easier to use on an absolute scale
The combination of those two factors suggests that special purpose devices should be getting less practical over time rather than more practical. The way to think about this is to look at TiVo. Yes, it is a special purpose computer, but then again so is your VCR, and TiVo is much closer to your desktop machine than the VCR is. After all, TiVo uses a lot of off-the-shelf PC components, including a general purpose operating system. TiVo shows that we're quite close to putting TV recording functions into a standard computer- i.e. that the general purpose box is likely to start swallowing up functions that once belonged to separate devices- not that special purpose boxes are going to start taking over from general purpose ones.
But it's clear that the Founding Fathers did not support the idea of Free Speech as absolute and unfettered. The concepts of slander and conspiracy existed long before the Bill of Rights, and it's clear that the First Amendment was never intended to do away with them. Freedom of Speech may give you the right to say what you will, but it does not protect you from the consequences of your speech; if your words have certain kinds of damaging consequences you can be held accountable without violating the First Amendment.
As proof that the Founding Fathers did believe that some kinds of speech could harm, you have only to look at their acceptance of dueling. They apparently considered it to be legitimate to threaten to kill somebody over an insult- hardly the stance of somebody who thinks that mere speech is harmless.
As an alumnus of one of the colleges that has a particularly fine reputation for pulling pranks, I can tell you that your problem isn't that you aren't a college student. It's that you apparently didn't learn the first rule of pranks- know your target. The guys from MIT don't avoid arrest because they're college students and people are indulgent. If they targeted a humorless MegaCorp, they'd get in trouble the same as anybody else. If they tried the same stunts at many other colleges they'd probably get expelled. They avoid trouble because their victim views pranks (or at least the kinds of pranks that they like to pull) as funny and, in a sense, and extension of the basic educational mission of the school. That's why some kinds of pranks (those involving engineering feats) are particularly celebrated while others- like random vandalism- are not.
Actually, Real Genius was not filmed at Caltech, although a large number of other movies have been filmed there. The administration didn't like the way that the Institute was being portrayed and refused to let them film there. They did do a highly accurate copy of a section of one of the Undergraduate residences as a set, though. The details were pretty damn accurate, down to the (sanctioned) graffiti on the walls and the interiors of the closets. IIRC it was a chunk of Dabney Hovse.
Sadly, Interhouse is no more. It was killed off my Frosh year (1990-91) because it simply got out of hand; too many outsiders were coming in and getting violent. A number of the other events portrayed in the movie (Decompression, the Tanning Invitational, etc.) are based on Caltech events, though, and I had Frosh Physics from the professor with his own TV show who was a model for the one in the movie. They even duplicated one famous Caltech hack- stuffing the entry box in an "enter as many times as you wish, printed entries accepted" sweepstakes. The Caltech (Page House, IIRC) students printed up several hundred thousand entries on a line printer and won a substantial share of the prizes including a car.
Actually what it sounds like the CIA is working on is trying to mine data out of public sources. There's good reason to think that you can discover a lot of what governments want to keep hidden if you can just go through enough publically available data and correlate it. For instance, you can probably get a good idea of a government's secret spending by figuring out how much money they're taking in taxes and borrowing and subtracting out expenditures- provided that you can actually track both of those things. It looks hopeless because there's so much data to go through, but with good computers it should be possible, especially if the other guys have a lot of secret spending. Or you can figure out what the inner circle of the government really thinks by looking at all of the news leaks from highly placed government officials.
This stuff scares the crap out of governments that are both required to be open but interested in hiding things from other countries. You simply can't hide everything, especially not anything big enough to be really interesting, because it has to interface with the world somehow. The CIA obviously wants to get really good at this kind of thing, and monitoring vast quantities of mundane stuff like TV news programs, budgets, and corporate annual reports is part of the process. The best part is that if you can do this effectively, you don't need spies as much, but you do need a lot of drones to go through huge piles of paper and TV to enter the raw data into the computers to process. There's probably some filtering out the interesting stuff from listening in on videoconferences, too, but it's amazing how many paper pushing drones wind up working in a sexy sounding business like spying.
But the cases at issue are not so much about direct harrasment (in which ignoring the originator is a viable option) as they are about defamation. The question is how to deal with an anonymous or pseudonymous individual spreading rumors or lies- or allegedly lies- on a public forum. In the case of an trackable person, the target of the defamation has a defense; they can haul the alleged defamer into court and try to disprove their alleged lies in public. If they can prove their case, they gain both vindication and compensation for any damages the defamation has caused. But without the ability to track down the originator of the misinformation, the defamed person has no real chance to prove their case. IOW, the right to free speech is not properly balanced by the responsibility of being held accountable for the contents of that speech.
That's not to say that anonymous speech should be banned or curtailed. There is a real need for people to be able to speak anonymously or pseudonymously. There are genuine whistleblowers who rightly fear retaliation for divulging damaging secrets and the like. But there does need to be a way to pierce the veil of anonymity and hold accountable those who use it to cover wrongdoing when wrongdoing is shown. If we let anonymity be an impregnable shield for harmful lies, its value is destroyed. It will become a burden for those who are damaged by the anonymous liars, and the opinions of people who seek anonymity will be so heavily discounted that true whistleblowers will be ignored.