You can encrypt the content, only to be decrypted on the browser. This requires JavaScript, Java, or ActiveX. This will not work as you are then sending all secret information to the user's computer. This could be reverse-engineered easily enough.
You can send the content in jpg, gif, or png format and stick a watermark in there. That does not prevent unauthorised copying but at least you could track down who copied it. Assuming that they don't leave a fake name...
You could send the content via a Java or ActiveX component which adds watermarking and/or protection. No better than the above solution, of course.
You could obfuscate the information, using tables, etc. such that saving the page produces almost useless information. This is, of course, useless because you could do screenshots or use a decent html-to-plaintext program.
You could send all the content as part of an exe which could only be displayed by that exe. If you make that exe connect to the Internet to get a decryption key or 'permission' then you have a slightly better idea. Except of course that they could still take screenshots or reverse engineer the secrets.
All of which do not fit your requirements. You state that you must run on even the cheapest of library terminals. That means that you must run text-only under lynx with no plug-ins and even no HTML tables and frames and stuff. Because, remember, there are a significant number of terminals running old versions of lynx in university libraries.
That means you must send pure HTML free of fancy formatting. That means that you simply have no options to adequately protect the content, even options that are fundamentally flawed. You have no option but to send pure HTML, unprotected. You can neither digitally watermark nor encrypt the content.
I agree with most of what you said. However, note that at my university, Computer Engineering is significantly easier than Computer Science. There is a huge amount of overlap between the two, of course. CompEng students take many of the same compSci courses, at least for the first two years. CompSci students take many of the same eng courses (though harder math and english courses, of course).
The major problem is that, for action games at least, modems will simply _always_ be too slow. I mean, if you can get 150 ms ping to your ISP, you are doing better than average. And the 'science' of user interface says that, for something to be perceived as instant, it must happen in less than 100 ms.
Modems will never be able to provide that kind of response. There are tricks you can do to attempt to minimise this perceived lag, particularly with prediction algorithms, but by definition, they will never be perfect.
If you are stuck on a modem, you should really forget about playing action games online. There are still plenty of other good games you can play.
I'm not sure if this holds true in the U.S. but in Canada, unless your contract says differently, you (as a contractor, not as an employee) own all the source code you produce.
You shouldn't use a new encryption algorithm just because it is new. In fact, if you did your requirements analysis correctly for your VPN, the introduction of AES changes absolutely nothing.
Sure, AES is (almost certainly) more secure. But in your requirements phase, you presumably determined that DES provided sufficient security for your needs. You presumably determined that your VPN needed to keep data secure for approximately 24 hours and anything more secure was simply overkill.
The introduction of AES does not change this. Your data is still secure for about 24 hours against a custom-built DES cracking machine, longer against a general purpose attack.
I suggest you read Secrets and Lies so you can understand the tradeoffs in the computer security field.
I'll note that in my experience, when a company takes on co-op students from local colleges (this does not apply to all colleges, of course, but I'm talking here about the local ones and about students that are almost finished their programs), they simply aren't capable of anything more than menial work. We had one girl who claimed to be a C++ expert but it turned out she had only had two months of training in C++ and knew next to nothing about the language.
I can imagine the situation would be similar for high-school students. While perhaps the company should try to give you more interesting stuff to do, you should be aware that there are going to be severe limitations on how much 'cool stuff' you are actually capable of.
And, of course, you should realise that most jobs are fairly repetitive.
Where I went to university, if you wanted to do human research, you had to prove that not only would it not cause undue distress on the subjects but also that the experiment would directly benefit the subjects. There were, of course, ways around this but the girl in this case made no such claim that her research directly benefitted her subjects. As it stood, her experiment should not have been cleared by a university ethics board (which, of course, it wasn't, nor should she have been required to).
What? Surely you are kidding! While I respect her for doing this, her research method was horribly flawed.
She did not obtain ethical approval to do this research. For this alone, she would be kicked out of university. She did not debrief the people she asked. Her experiment was certainly not double-blind. No mention is given of how she chose the people she asked, this is another source of error. No mention of the race of the people she asked when this is clearly relevant.
Her experiment was neither scientific nor unbiased. Furthermore, it was probably unethical in that it did not follow ethical guidelines on human research.
Now, before this gets modded down as flamebait, let us remember that this was a child doing this project. She was acting far more scientifically than we have any right to expect from someone of this age. Furthermore, she was not presenting her conclusions in a biased manner. In my opinion, the school had no right to remove her project.
But please. Her research method was fundamentally flawed.
It is very easy to support freedom of expression when you agree with that expression, when you approve of what is being stated. You don't need protection for that.
The challenge is to continue supporting free expression when you don't like what is being said. When you disagree, when you find it offensive.
But unless you protect both rights, you are in fact protecting nothing at all. This school district does not support free expression or free inquiry. This is obvious.
Open-source is similar to a home architect giving you the blueprints to the house when you contract him. I mean, just think about it... you could build other houses to the same design. Or worse, you could improve on the design. How terrible. Microsoft is right, this is unamerican! Let us destroy all blueprints!
What? How much are people in the U.S. playing for blank CD-R's? Here, we pay about $1 per, which works out to about $0.65 U.S. dollars. CD-R's weren't going for thirty cents each in the U.S. last time I checked...?
That's not to say that we don't pay a levy, of course. I think we pay around 5 cents for each blank CD-R, and significantly more for CD-Rs for consumer media.
On the other hand, it is legal in Canada to copy music you do not own, provided it is for your own use and you aren't going to sell it (or perhaps give it away).
What will you be doing in five years? In ten years? If you expect/hope to still be with Slashdot, what sort of changes do you see happening to Slashdot in that time?
There were indeed problems like this in the 80s. Many of them were solved and many more advances were made, including better backprop algorithms and all kinds of other things.
However, neural nets were at one point considered almost the 'holy grail' of artificial intelligence. We now know that neural nets are not and likely never will be. They are very good at solving a small range of problems but are totally unsuitable for many many problems.
Furthermore, the tuning that has been done to neural net algorithms generally makes them less like real human neurons, rather than more like them.
Many undergrads learn about neural nets and get all excited about the possibilities. After only a while of studying, this excitement typically ends. There is very little research still being done on neural nets (compared to the late 70s and early 80s) at the post-graduate level.
There is almost no overlap between biological and artificial neural nets. In fact, it was somewhat misleading of the early AI researchers to label them 'neural nets' because even back then, we knew that a single neuron was far more complex than the artificial kind.
Artificial neural nets are really great in a very small number of applications. They can particularly show good results for pattern recognition and can help you identify important criteria to solve a problem when you really have no other ideas on how to solve it.
But the field of AI research all but abandoned neural nets in the 1980s. They tend not to scale up well, they are simply useless for a large number of AI problems, and studying them tells you nothing about the human brain.
There's always games like Axis and Allies. Sure, it is zero-sum in that there are two opposing teams. But within each team, you don't win or lose. For example, it is generally in the Allies' best interest to protect Russia early on in the game. In fact, England may give up their own strategic goals in order to help out Russia. By so doing, both countries end up better off.
Client as in person or client as in virtual machine? The key would be stored in the brain, not in the machine. Sure, there are single points of failure here, but there are under the current implementation.
This would indeed be a single point of failure if and only if the filesystem for the virtual machine is unencrypted. However, I would assume that they will be encrypting the filesystem.
Then, you are left with penetrating the host filesystem and changing the vmware software. But of course, this isn't the point. You secure the host system from outside attack and then basically the only way the hackers can get in is through the guest operating systems. And these cannot talk to other guest systems.
We pretty much already have this for Windows. I'd like to see some software for Linux that could handle stuff like this. Any pointers, anyone? Or heck, any idea which hardware would be best suited?
Pretty soon, Linux may be sufficient to run games. That would be very nice, and would stop me ever having to boot back to Windows. It is the only thing stopping me from doing so right now. I own a licensed copy of VM Ware but it just doesn't do Direct3D.
I find it quite interesting that many people claim something has to prove itself for two years before you can consider it.
I'm sure they have a good point -- I wouldn't want to be putting Linux 2.4.x on a mission-critical system at the moment, though I wouldn't wait two years.
But do people really follow this? I mean, that stops you deploying Windows 2000 now. You could only just deploy Windows 98. It seems to me that it is silly to wait quite that long.
I mean, come on. Point-zero releases may not be stable enough for you but after a few bug fixes, why not evaluate the software for yourself? See if you find it stable enough. Chances are, there's a lot more useful technology integrated over the last two years.
Pure HTML is fundamentally unsuitable for pretty much any web application. Trust me, I've gone out of my way when writing some web apps. Even by the time you bring in DHTML and JavaScript and the like, you have serious issues. It just doesn't make for a good user interface.
That's why Microsoft pushed ActiveX. That's why Sun pushed Java on the client side.
.NET cannot survive without user interfaces more powerful than current HTML/XML/CSS standards.
Remember... ActiveX is, according to Microsoft, cross-platform. As is COM and COM+. Microsoft has not committed to porting.NET to any OpenSource platforms, though they do have the ability (through their contract with Corel) to do so if they wish. Common industry intelligence says they will do so if Microsoft is split up. If Microsoft is not split up, we will not see.NET on anything other than Microsoft operating systems.
Java is no longer really that slow. With a good hotspot compiler, Java code can be executed faster than C++ code. Not all the time, of course, but sometimes. Ars Technica had a rather extensive article on why dynamic compilation can be a win compared to static.
Slashdot Mirror
You can encrypt the content, only to be decrypted on the browser. This requires JavaScript, Java, or ActiveX. This will not work as you are then sending all secret information to the user's computer. This could be reverse-engineered easily enough.
You can send the content in jpg, gif, or png format and stick a watermark in there. That does not prevent unauthorised copying but at least you could track down who copied it. Assuming that they don't leave a fake name...
You could send the content via a Java or ActiveX component which adds watermarking and/or protection. No better than the above solution, of course.
You could obfuscate the information, using tables, etc. such that saving the page produces almost useless information. This is, of course, useless because you could do screenshots or use a decent html-to-plaintext program.
You could send all the content as part of an exe which could only be displayed by that exe. If you make that exe connect to the Internet to get a decryption key or 'permission' then you have a slightly better idea. Except of course that they could still take screenshots or reverse engineer the secrets.
All of which do not fit your requirements. You state that you must run on even the cheapest of library terminals. That means that you must run text-only under lynx with no plug-ins and even no HTML tables and frames and stuff. Because, remember, there are a significant number of terminals running old versions of lynx in university libraries.
That means you must send pure HTML free of fancy formatting. That means that you simply have no options to adequately protect the content, even options that are fundamentally flawed. You have no option but to send pure HTML, unprotected. You can neither digitally watermark nor encrypt the content.
--
I agree with most of what you said. However, note that at my university, Computer Engineering is significantly easier than Computer Science. There is a huge amount of overlap between the two, of course. CompEng students take many of the same compSci courses, at least for the first two years. CompSci students take many of the same eng courses (though harder math and english courses, of course).
--
Modems will never be able to provide that kind of response. There are tricks you can do to attempt to minimise this perceived lag, particularly with prediction algorithms, but by definition, they will never be perfect.
If you are stuck on a modem, you should really forget about playing action games online. There are still plenty of other good games you can play.
--
I'm not sure if this holds true in the U.S. but in Canada, unless your contract says differently, you (as a contractor, not as an employee) own all the source code you produce.
--
Sure, AES is (almost certainly) more secure. But in your requirements phase, you presumably determined that DES provided sufficient security for your needs. You presumably determined that your VPN needed to keep data secure for approximately 24 hours and anything more secure was simply overkill.
The introduction of AES does not change this. Your data is still secure for about 24 hours against a custom-built DES cracking machine, longer against a general purpose attack.
I suggest you read Secrets and Lies so you can understand the tradeoffs in the computer security field.
--
I can imagine the situation would be similar for high-school students. While perhaps the company should try to give you more interesting stuff to do, you should be aware that there are going to be severe limitations on how much 'cool stuff' you are actually capable of.
And, of course, you should realise that most jobs are fairly repetitive.
--
Where I went to university, if you wanted to do human research, you had to prove that not only would it not cause undue distress on the subjects but also that the experiment would directly benefit the subjects. There were, of course, ways around this but the girl in this case made no such claim that her research directly benefitted her subjects. As it stood, her experiment should not have been cleared by a university ethics board (which, of course, it wasn't, nor should she have been required to).
--
She did not obtain ethical approval to do this research. For this alone, she would be kicked out of university. She did not debrief the people she asked. Her experiment was certainly not double-blind. No mention is given of how she chose the people she asked, this is another source of error. No mention of the race of the people she asked when this is clearly relevant.
Her experiment was neither scientific nor unbiased. Furthermore, it was probably unethical in that it did not follow ethical guidelines on human research.
Now, before this gets modded down as flamebait, let us remember that this was a child doing this project. She was acting far more scientifically than we have any right to expect from someone of this age. Furthermore, she was not presenting her conclusions in a biased manner. In my opinion, the school had no right to remove her project.
But please. Her research method was fundamentally flawed.
--
The challenge is to continue supporting free expression when you don't like what is being said. When you disagree, when you find it offensive.
But unless you protect both rights, you are in fact protecting nothing at all. This school district does not support free expression or free inquiry. This is obvious.
--
Open-source is similar to a home architect giving you the blueprints to the house when you contract him. I mean, just think about it... you could build other houses to the same design. Or worse, you could improve on the design. How terrible. Microsoft is right, this is unamerican! Let us destroy all blueprints!
--
It is legal to copy copyrighted music in Canada, provided it is for your own personal use. And no, you do not need to own a 'legal' copy of the music.
--
That's not to say that we don't pay a levy, of course. I think we pay around 5 cents for each blank CD-R, and significantly more for CD-Rs for consumer media.
On the other hand, it is legal in Canada to copy music you do not own, provided it is for your own use and you aren't going to sell it (or perhaps give it away).
--
And yes, I know 5 - 10 years is an eternity.
--
VMWare is only available for Windows NT (and 2K) and Linux. This guy isn't running those operating systems, so VMWare is not an alternative.
However, neural nets were at one point considered almost the 'holy grail' of artificial intelligence. We now know that neural nets are not and likely never will be. They are very good at solving a small range of problems but are totally unsuitable for many many problems.
Furthermore, the tuning that has been done to neural net algorithms generally makes them less like real human neurons, rather than more like them.
Many undergrads learn about neural nets and get all excited about the possibilities. After only a while of studying, this excitement typically ends. There is very little research still being done on neural nets (compared to the late 70s and early 80s) at the post-graduate level.
Artificial neural nets are really great in a very small number of applications. They can particularly show good results for pattern recognition and can help you identify important criteria to solve a problem when you really have no other ideas on how to solve it.
But the field of AI research all but abandoned neural nets in the 1980s. They tend not to scale up well, they are simply useless for a large number of AI problems, and studying them tells you nothing about the human brain.
There's always games like Axis and Allies. Sure, it is zero-sum in that there are two opposing teams. But within each team, you don't win or lose. For example, it is generally in the Allies' best interest to protect Russia early on in the game. In fact, England may give up their own strategic goals in order to help out Russia. By so doing, both countries end up better off.
Client as in person or client as in virtual machine? The key would be stored in the brain, not in the machine. Sure, there are single points of failure here, but there are under the current implementation.
Then, you are left with penetrating the host filesystem and changing the vmware software. But of course, this isn't the point. You secure the host system from outside attack and then basically the only way the hackers can get in is through the guest operating systems. And these cannot talk to other guest systems.
We pretty much already have this for Windows. I'd like to see some software for Linux that could handle stuff like this. Any pointers, anyone? Or heck, any idea which hardware would be best suited?
Pretty soon, Linux may be sufficient to run games. That would be very nice, and would stop me ever having to boot back to Windows. It is the only thing stopping me from doing so right now. I own a licensed copy of VM Ware but it just doesn't do Direct3D.
I'm sure they have a good point -- I wouldn't want to be putting Linux 2.4.x on a mission-critical system at the moment, though I wouldn't wait two years.
But do people really follow this? I mean, that stops you deploying Windows 2000 now. You could only just deploy Windows 98. It seems to me that it is silly to wait quite that long.
I mean, come on. Point-zero releases may not be stable enough for you but after a few bug fixes, why not evaluate the software for yourself? See if you find it stable enough. Chances are, there's a lot more useful technology integrated over the last two years.
That's why Microsoft pushed ActiveX. That's why Sun pushed Java on the client side.
That said, we may see .NET on Mac OS X, I agree.
Java is no longer really that slow. With a good hotspot compiler, Java code can be executed faster than C++ code. Not all the time, of course, but sometimes. Ars Technica had a rather extensive article on why dynamic compilation can be a win compared to static.