Most of the examples of MITM I've seen discussed had to do with Wifi hotspots where the attacker poses as the proper access point, and uses a certificate they signed themselves. The expectation is that the victims will just click "Accept" on the SSL warning dialog.
I've looked myself for examples of the "successful" kind, but found none. I am not at all surprised, because it would probably mean that a CA had its key stolen (very unlikely) or that a CA had been conclusively caught participating in MITM.
The latter would require a whistleblower to come forward, who would simply be thrown in prison for exposing "anti-terrorist" undercover operations during wartime (esp. since its all "legal" now); they would be perceived by most of the public as criminal. And just who would risk that anyway when so many VeriSign and Network Solutions employees are ex-NSA, with their business model and sense of loyalty predicated on an expanding police surveillance state?
Successful MITM can be detected in only one way: Packet latency. And as you know, you can detect that only under certain controlled conditions. And, its very circumstantial.
There is only one way to do https MITM successfully: Get access to one of the established private keys, of either the server or the CA. VeriSign is now open about offering their "services" for "lawful government intercept" of Internet transmissions; there is no conceivable reason why a CA would get into the spying business except to utilize their unique ability to perform MITM. Their racket is structured in such a way that they only subcontract with ISPs that have been ordered by the government to eavesdrop... IOW the ISP has necessarily bought-in to the eavesdropping task and willing to provide the other necessary ingredient for seamless MITM, IP spoofing.
(Of course, another way is to get the end-user to just accept the phony certificate when the warning pops up, but this is no fault of the SSL design or trust provider.)
Re: physical spying, yes the FBI and CIA make infiltration a high priority now, too. And as any seasoned protest organizer in the USA can tell you, even the local police enthusiastically employ this tactic. Not a year goes by where they're not caught in false flag provocation. The "war on drugs" is also an example of profiting in terms of money and power over whole communities by running "both" sides of the conflict to some extent; the result is that USA's government gets an excuse to turn many urban areas into non-Constitutional surveillance zones and creates a level of incarceration unmatched by any other modern state. (Of course, we are to be reminded at this point how relatively "nice" USA prisons must be. But we ought to ask why USA prisons are unique in the western world with such epidemic incidence of rape that goes unpunished.)
As for our own intel services, I would hope that they don't go about screwing up the very people whose intention is to improve everyone's lives, Given their recent history and the current state of affairs, there is no reason at all (except for saving face in mixed company) why anyone should appear to believe the stated intentions of authorities, or of the media-industrial conglomerates (corporate oligarchs) that promote and pay for their careers.
Checking credentials and so forth is a different matter from preventing the user from being tracked and profiled. This isn't true, because encryption between people who never physically meet is meaningless without a mechanism to identify the remote party. Without the latter, the ISP could easily do MITM without the user being any the wiser.
A trust-less encryption scheme (one without a trust mechanism) is just like DRM where everyone is given the key along with the data and expected to just "be good".
And that I am having to explain this on a "tech" site underlines my point in other posts on this topic: Most techies do not grasp cryptography as anything beyond a magic wand (or black box) to be waved around frantically along with ones hands.
I do keep harping on about it, but for the purposes of crime prevention and anti-terrorism-schmism, sniffing data and such is a waste of time and an unneccesary invasion into the private lives of the innocent and unsuspecting public. Real intelligence is human intelligence. Yet I don't think I'd buy an argument postulating that the STASI were more intelligent/humane than the incipient USA police state. As neither were formed by accident or force of nature, they share a certain similarity in the scope of their malevolence.
But doctors who drive a car should be taught how to operate one. Just as doctors who navigate the Internet should learn how to operate a browser, which requires that a few semantic rules are followed just as rules of the road would be.
Any doctor or average housewife who insists on treating their computer as a blackbox while expecting to be delivered from insecurity is an arrogant boob, and I'm afraid that accurately characterizes not only most Internet denizens, but also about 70% of the "tech" community as well. They can't be bothered to check the domain in the address bar when the SSL lock appears, thus rendering the latter somewhat useless.
Pardon, but do you have any clue how the SIM card in your phone or the data stripe on your credit card are partitioned? Do you care, regardless of how important a phone or a credit card is to you? no. It's a black box I think this is a topic where the automobile analogy is far more appropriate. And FWIW people's cars are almost never regarded as black boxes by them. In fact they had to take classes just to learn to use the roadways.
OTOH we have millions of people 'driving' on the info superhighway who don't look over their shoulder or check the mirror when they make a lane change (i.e. they may look for the SSL lock, but don't check the domain name that its validating). Extremely simple procedures make all the difference between safety and danger.
...at least not safe, verifiable encryption which requires identification.
Look at the way SSL is mis-used almost constantly across the web. Even most "techies" don't get it because the concepts are counter-intuitive (even if very simple). SSL certificates and CAs were created to ensure that the domain name you typed-in is the real holder of that domain name. But techies generally think that SSL certs were supposed to validate a site's overall identity or business ethics, and they "know" that SSL has "failed" at this, and so they generally omit it (or slag it) instead of properly evangelizing it.
The product of this misunderstanding: Web users who never bother to check the domain name in the address bar when the lock appears in their browser (if they look for the lock at all). That is how they get phished. There is a reason why the lock appears in the address bar, because it validates that you are connected with the real holder of that address. Whether the people at that address are 'nice', or whether 'ba.com' really stands for your bank is fundamentally up to the user to verify... like getting the phone number of your bank from the back of your credit card or from a bank statement instead of that nice flyer that someone stuffed in your mailbox.
To have computers check credentials for you would entail turning the Internet into a repressive regime where a central authority tells you who what it thinks is "good, shady or bad". And requiring it for all access would probably move it into the 'opressive' category.
Excellent post. I have written/complained about this package management syndrome "spewing" files all over the place for years.
Some comments:
As you point out, the Unix application files model was obsolete a decade ago. This veteran Linux user also agrees with you that Apple's model is far better for real world scenarios... Unix fanboys cannot make the usual claim of 'elegance' here.
...or to store everything all over the filesystem (the model used by UNIX and Windows) I would re-phrase that as...or to store everything all over the filesystem and try to tie it all together with horrendously complex package managers and databases (the model used by UNIX and Windows)
Of course, the Unix concept is that the whole application and all its little pieces are shared with the rest of the system such that re-use of functionality is minimized. But we still end up with 3 or 4 different versions of the same libraries in our Linux systems. And then when you switch distros, the binaries shift locations even sometimes popping in and out of the CLI path.
The worst aspect of this practice, however, is that everyone expects their Linux applications to be re-engineered and re-distributed by the distro repository/packaging priests. Many bad effects ensue...
* Users stop interacting directly with the developers' organizations, shifting their application feedback to the OS vendor
* Developers no longer even try to discern what functionality from the OS will be used, and what will be included themselves since there is no more boundary between "OS" and "extra apps and libraries". They create package dependencies instead and let the user or repository priests sort it out.
* Novice coders are driven away because many attempts at sharing programs with friends, workmates or with classroom PCs become tangled dependency problems. They cannot count on any particular OS functionality that is interesting (more than kernel + GNU) just being there.
* OS vendors falsely claim they have a 'platform', when it is really more like a tarbaby. They cravenly refuse to define the core functionality that will exist on all DESKTOP systems (though they lavish such effort on their technical peers in the server space). Let the package manager sort it all out...
* ISVs that do bother to write for Linux end up down Download pages overrun sometimes with 6 or 7 different distro packages multiplied by several past app versions, multiplied the several distro versions. Its a burden on ISV developers and mountain of confusion for end-users.
* Few applications are distributed and installed independently from the OS vendor and their software repository (compilable tarballs do NOT count). As I sit here, a number of app security updates for Tor, Firefox etc. have not been made available in the Ubuntu repository. I have to either wait (possibly forever), or use my CLI skills to get the updates. It's typical "repo-madness" with Linux distros. OTOH on the Mac I know I can download a package from each vendor site and have the latest updates... actually Firefox on the Mac updates itself directly with the click of a button.
I recall reading several years ago about a gigantic impact site located between Australia and Antarctica. I don't recall when it was supposed to have hit.
CCTVs have vecome quite popular in places like NYC. And the FBI has already used cellphone carriers to remotely modify smartphone firmware to eavesdrop on suspects, even when the phones appeared to be turned off. It is no great leap to apply the same procedures to PCs (and indeed, they are).
As for the Internet, the cozy relationship between VeriSign and the NSA anf FBI through the eavesdropping ("legal intercept") services it offers. That means much of your https traffic can be decrypted with nary a complaint from your browser.
Americans also often overlook the fact that the constitution was dispensed with decades ago in the 'war on drugs', turning many inner cities into police-state surveillance zones that have helped send far, far more adult males per capita to prison than any other country in the world. Similar tactics are beggining to be used against politically inconvenient people (welcome to the Western Block).
That doesn't even cover what the United States ruling interests do to people in its non-domestic protectorates and war zones around the globe.
To me, it is like the boy who cries wolf. If the FBI puts out "criminal" warnings on too many peace protestors, then the international criminal database will start ignoring FBI criminal warnings... Only selectively. It basically allows authorities to go on what amount to fishing expeditions against people they don't like (i.e. peace protests and peace in general may be bad for the wallets of their friends and themselves).
...and less russophobia are in order in this discussion.
"There is Fox news" yes, and that is owned by Newscorp which along with Bush supporters like Microsoft are buying up social networking sites. Shortly after Fahrenheit-911 was released, major defense contractors announced they were investing heavily in theater chains.
Track campaign contributions and coverage patterns of all major networks: They are conservative and largely pro-Bush to the extent their credibility can suffer it and still keep them in business within their increasingly monopolized market structure. And they are facilitating instigation of war with yet another country, Iran. They do like harp about failures after the fact, though (as if that is any consolation). Even war-mongering accomplices have to do damage control for credibility's sake, and this way allows administration 'allies' to continue with each new conquest.
Similarly, just wait until Bush flip flops on the ridiculous law of the sea treaty or tries to enact some sort of a carbon tax. He'd be dead meat. Similar to what? You're saying media hardliners are threatening to support someone even more pro-corporate and xenophobic than Bush? That is called "egging them on" which under the current circumstances is just a sign that the country has a problem with incipient fascism.
If MoveOn were supported by the Chinese or the Russians, I'd say they definitely wouldn't be an operating concern today... particularly if the country were experiencing a civil war as Russia has been.
The main difference between the USA and Russia is that today the former is creating frontlines of armed conflict not just outside its borders, but around the globe. American protectorates (home to plantations, sweatshops, mines and oilfields) have a rather high rate of death for journalists and union organizers who are unfriendly to corporate USA's bottom line. And if you thought these terrorists were not often linked to USA purse strings then you would be wrong.
The bit in TFA about internets was interesting. What TFA did not mention is that most international Internet traffic is routed through the USA: Plotted on a world map, we litterally look like the switchboard to the globe. With Washington now adamant that they will eavesdrop on any of this traffic as they please (and assisted from the likes of VeriSign), I would start planning for a regional internet too.
For that matter, electric circuits and chemicals such as pharmaceutical products are all grounded in pure physics. Should a patent for a mechanical devices, electric circuit, or drug be invalid because it "privatizes physics?" They are not grounded in pure physics because the applications cannot be extrapolated from pure theory. That is why engineers get a somewhat different education than physicists: The former are more concerned with established techniques and standards that embody real world experience formed largely without a preoccupation with theory. And I should think that any physics researcher could tell you that, given that much of what they do in pursuing a workable and patentable application of their ideas is honing through trial and error.
OTOH the "software engineer" is no engineer, and his/her role as a specialized mathematician is far removed from the physical world even in the case of robotics. There is only one primary physical tool, the computer, where the element of trial and error has been reduced to a minuscule set of physical factors. All other factors (the mathematical framework of the computing platform, etc.) are entirely discrete.
The argument that software should not be patentable because software boils down to just mathematics has the backing of expert authority. It makes some sense from a mathematical perspective... Disagree. The enlightenment principle of intellectual freedom is at stake. There is a reason why mathematics has been traditionally excluded from any kind of monopoly in the past: Mathematics is an extension of thought and the substrate of speech. Monopolization of any algorithm is the suppression of rational discourse between author and audience.
Public policy ultimately has to deal with a world that is not easily modeled into discrete sets. A political system that cannot recognize mathematics as distinct, when it is by definition composed of discrete sets and nothing else, has turned its back on rationality.
Though I am surprised there is not more awareness on Slashdot on this issue.
Software is pure mathematical expression. As such, I can understand copyrighting specific implementations of ideas in software, but not the patenting of algorithms. The latter is a serious attack on intellectual freedom; Its privatizing math!
There are too many last-mile service areas that are subject to natural monopolization for a free-market approach to work.
Anything that falls under the rubric of a natural monopoly must be a candidate for tight government regulation. Those who argue otherwise are really preaching free-market fundamentalism.
Re:Still no white-balance function
on
GIMP 2.4 Released
·
· Score: 1
That is exceedingly stupid. How is the user supposed to judge what in the picture is precisely medium-gray?? White I can understand, and the way PS does it you don't even have to worry about picking the absolute brightest object since the whole intensity range will be handled. The way Gimp does it, the picked area must be exactly medium-gray in order to fit correctly the levels histogram.
The closest you can expect to get for proper white balance in Gimp is to color-pick white AND a black in the Levels dialog while leaving the grey one alone. It doubles the difficulty, and its incomplete, but will pass for casual stuff (only).
The program is almost useless in terms of features. As for UI, they are making big noises about usability while still using X11 on Macs! WOW.....
Pardon me, but killing bittorrent transfers by falsifying user-protocol commands is not "prioritizing". FWIW, Comcast does indeed throttle upstream traffic for FTP, SSL and others well below their advertised speeds... but the stink isn't even about that, it's about a very high level of interference in user-generated content.
...that you can control with a sample area. Instead we still have that mickeymouse auto-white balance thing which is useless.
I am constantly amazed how consistently this project misses the mark on the most basic qualities and features, even while trumping up some of their arguably less desirable additions. Show me their requirements and use-case documentation and blow me over with a feather ('cause I'd swear they never used such a thing).
And for that reason you gave, I think we have to conclude that computer UIs suck for security.
For example: Someone gives you a crypto key on a flash drive. You plug it in and look at the contents... a teensy nothing of a file that just opens in a text editor. The OS doesn't try to push any of our evolutionary buttons with regard to this very important object.
Or how about task lists? They'll show you what/who is using the CPU, but won't do the same for a network interface. The user must take it upon themselves to become educated and install tools like nettop and such.
Also, most GUIs won't give you a clue about the data/executable status of a given file (unless you keep opening the properties/info window). So we get lots of trojans posing as jpeg files and proliferating like mad. OSes are only now starting to (inelegantly) deal with this problem.
These are examples of bad design from a security standpoint.
Your banking SSL is open to eavesdropping if the Certificate Authority (like VeriSign) offers its resources in staging Man In The Middle (MITM) attacks. Unlike what AC said, your bank would not have to offer its private key or get involved in any way to facilitate the surveillance.
By exploit I mean eavesdrop on (otherwise) encrypted internet traffic using the means that is available to them as a CA: MITM.
They have a number of pages advertising "Legal Intercept" services.... under the expanded CALEA (voice and data having any kind of international route) what do you think this means? Any CA with a real privacy policy wouldn't get within a million miles of government eavesdropping activities. Sadly, the short-term windfall from eavesdropping contracts probably far outweighs any certification revenues they could expect.
ISPs can collect encrypted packets day-and-night and hand them to the govt still encrypted without breaking a sweat. Why VeriSign has to get involved in the eavesdropping process ought to be painfully obvious.
Slashdot Mirror
Most of the examples of MITM I've seen discussed had to do with Wifi hotspots where the attacker poses as the proper access point, and uses a certificate they signed themselves. The expectation is that the victims will just click "Accept" on the SSL warning dialog.
I've looked myself for examples of the "successful" kind, but found none. I am not at all surprised, because it would probably mean that a CA had its key stolen (very unlikely) or that a CA had been conclusively caught participating in MITM.
The latter would require a whistleblower to come forward, who would simply be thrown in prison for exposing "anti-terrorist" undercover operations during wartime (esp. since its all "legal" now); they would be perceived by most of the public as criminal. And just who would risk that anyway when so many VeriSign and Network Solutions employees are ex-NSA, with their business model and sense of loyalty predicated on an expanding police surveillance state?
There is only one way to do https MITM successfully: Get access to one of the established private keys, of either the server or the CA. VeriSign is now open about offering their "services" for "lawful government intercept" of Internet transmissions; there is no conceivable reason why a CA would get into the spying business except to utilize their unique ability to perform MITM. Their racket is structured in such a way that they only subcontract with ISPs that have been ordered by the government to eavesdrop... IOW the ISP has necessarily bought-in to the eavesdropping task and willing to provide the other necessary ingredient for seamless MITM, IP spoofing.
(Of course, another way is to get the end-user to just accept the phony certificate when the warning pops up, but this is no fault of the SSL design or trust provider.)
Re: physical spying, yes the FBI and CIA make infiltration a high priority now, too. And as any seasoned protest organizer in the USA can tell you, even the local police enthusiastically employ this tactic. Not a year goes by where they're not caught in false flag provocation. The "war on drugs" is also an example of profiting in terms of money and power over whole communities by running "both" sides of the conflict to some extent; the result is that USA's government gets an excuse to turn many urban areas into non-Constitutional surveillance zones and creates a level of incarceration unmatched by any other modern state. (Of course, we are to be reminded at this point how relatively "nice" USA prisons must be. But we ought to ask why USA prisons are unique in the western world with such epidemic incidence of rape that goes unpunished.) As for our own intel services, I would hope that they don't go about screwing up the very people whose intention is to improve everyone's lives, Given their recent history and the current state of affairs, there is no reason at all (except for saving face in mixed company) why anyone should appear to believe the stated intentions of authorities, or of the media-industrial conglomerates (corporate oligarchs) that promote and pay for their careers.
...I believe the applicable addon here is "CookieSafe" or similar.
Web bugs can also be used to track people. Using "ImgLikeOpera" with default set to load images for originating site only will largely skirt web bugs.
"Safe History" and "Clear Cache" are also good to have in Firefox.
And let us not forget Privoxy + Tor + Torbutton if you really want to be anonymous.
(Or at least that they aren't tracking -- we don't know that they don't continually report recent transactions to DHS.)
They don't have to when the government has all the help they need from the likes of VeriSign.
A trust-less encryption scheme (one without a trust mechanism) is just like DRM where everyone is given the key along with the data and expected to just "be good".
And that I am having to explain this on a "tech" site underlines my point in other posts on this topic: Most techies do not grasp cryptography as anything beyond a magic wand (or black box) to be waved around frantically along with ones hands. I do keep harping on about it, but for the purposes of crime prevention and anti-terrorism-schmism, sniffing data and such is a waste of time and an unneccesary invasion into the private lives of the innocent and unsuspecting public. Real intelligence is human intelligence. Yet I don't think I'd buy an argument postulating that the STASI were more intelligent/humane than the incipient USA police state. As neither were formed by accident or force of nature, they share a certain similarity in the scope of their malevolence.
But doctors who drive a car should be taught how to operate one. Just as doctors who navigate the Internet should learn how to operate a browser, which requires that a few semantic rules are followed just as rules of the road would be.
Any doctor or average housewife who insists on treating their computer as a blackbox while expecting to be delivered from insecurity is an arrogant boob, and I'm afraid that accurately characterizes not only most Internet denizens, but also about 70% of the "tech" community as well. They can't be bothered to check the domain in the address bar when the SSL lock appears, thus rendering the latter somewhat useless.
OTOH we have millions of people 'driving' on the info superhighway who don't look over their shoulder or check the mirror when they make a lane change (i.e. they may look for the SSL lock, but don't check the domain name that its validating). Extremely simple procedures make all the difference between safety and danger.
...at least not safe, verifiable encryption which requires identification.
Look at the way SSL is mis-used almost constantly across the web. Even most "techies" don't get it because the concepts are counter-intuitive (even if very simple). SSL certificates and CAs were created to ensure that the domain name you typed-in is the real holder of that domain name. But techies generally think that SSL certs were supposed to validate a site's overall identity or business ethics, and they "know" that SSL has "failed" at this, and so they generally omit it (or slag it) instead of properly evangelizing it.
The product of this misunderstanding: Web users who never bother to check the domain name in the address bar when the lock appears in their browser (if they look for the lock at all). That is how they get phished. There is a reason why the lock appears in the address bar, because it validates that you are connected with the real holder of that address. Whether the people at that address are 'nice', or whether 'ba.com' really stands for your bank is fundamentally up to the user to verify... like getting the phone number of your bank from the back of your credit card or from a bank statement instead of that nice flyer that someone stuffed in your mailbox.
To have computers check credentials for you would entail turning the Internet into a repressive regime where a central authority tells you who what it thinks is "good, shady or bad". And requiring it for all access would probably move it into the 'opressive' category.
Be very careful what you wish for here.
Interesting articles:
http://www.packtpub.com/article/GoboLinux-An-Interview-with-Lucas-Villa
http://www.linux.com/articles/60133
Some comments:
As you point out, the Unix application files model was obsolete a decade ago. This veteran Linux user also agrees with you that Apple's model is far better for real world scenarios... Unix fanboys cannot make the usual claim of 'elegance' here.
...or to store everything all over the filesystem (the model used by UNIX and Windows) I would re-phrase that asOf course, the Unix concept is that the whole application and all its little pieces are shared with the rest of the system such that re-use of functionality is minimized. But we still end up with 3 or 4 different versions of the same libraries in our Linux systems. And then when you switch distros, the binaries shift locations even sometimes popping in and out of the CLI path.
The worst aspect of this practice, however, is that everyone expects their Linux applications to be re-engineered and re-distributed by the distro repository/packaging priests. Many bad effects ensue...
* Users stop interacting directly with the developers' organizations, shifting their application feedback to the OS vendor
* Developers no longer even try to discern what functionality from the OS will be used, and what will be included themselves since there is no more boundary between "OS" and "extra apps and libraries". They create package dependencies instead and let the user or repository priests sort it out.
* Novice coders are driven away because many attempts at sharing programs with friends, workmates or with classroom PCs become tangled dependency problems. They cannot count on any particular OS functionality that is interesting (more than kernel + GNU) just being there.
* OS vendors falsely claim they have a 'platform', when it is really more like a tarbaby. They cravenly refuse to define the core functionality that will exist on all DESKTOP systems (though they lavish such effort on their technical peers in the server space). Let the package manager sort it all out...
* ISVs that do bother to write for Linux end up down Download pages overrun sometimes with 6 or 7 different distro packages multiplied by several past app versions, multiplied the several distro versions. Its a burden on ISV developers and mountain of confusion for end-users.
* Few applications are distributed and installed independently from the OS vendor and their software repository (compilable tarballs do NOT count). As I sit here, a number of app security updates for Tor, Firefox etc. have not been made available in the Ubuntu repository. I have to either wait (possibly forever), or use my CLI skills to get the updates. It's typical "repo-madness" with Linux distros. OTOH on the Mac I know I can download a package from each vendor site and have the latest updates... actually Firefox on the Mac updates itself directly with the click of a button.
...the contraction of which is "USers". ;-)
Funny you should mention that.
I recall reading several years ago about a gigantic impact site located between Australia and Antarctica. I don't recall when it was supposed to have hit.
CCTVs have vecome quite popular in places like NYC. And the FBI has already used cellphone carriers to remotely modify smartphone firmware to eavesdrop on suspects, even when the phones appeared to be turned off. It is no great leap to apply the same procedures to PCs (and indeed, they are).
As for the Internet, the cozy relationship between VeriSign and the NSA anf FBI through the eavesdropping ("legal intercept") services it offers. That means much of your https traffic can be decrypted with nary a complaint from your browser.
Americans also often overlook the fact that the constitution was dispensed with decades ago in the 'war on drugs', turning many inner cities into police-state surveillance zones that have helped send far, far more adult males per capita to prison than any other country in the world. Similar tactics are beggining to be used against politically inconvenient people (welcome to the Western Block).
That doesn't even cover what the United States ruling interests do to people in its non-domestic protectorates and war zones around the globe.
"There is Fox news" yes, and that is owned by Newscorp which along with Bush supporters like Microsoft are buying up social networking sites. Shortly after Fahrenheit-911 was released, major defense contractors announced they were investing heavily in theater chains.
Track campaign contributions and coverage patterns of all major networks: They are conservative and largely pro-Bush to the extent their credibility can suffer it and still keep them in business within their increasingly monopolized market structure. And they are facilitating instigation of war with yet another country, Iran. They do like harp about failures after the fact, though (as if that is any consolation). Even war-mongering accomplices have to do damage control for credibility's sake, and this way allows administration 'allies' to continue with each new conquest. Similarly, just wait until Bush flip flops on the ridiculous law of the sea treaty or tries to enact some sort of a carbon tax. He'd be dead meat. Similar to what? You're saying media hardliners are threatening to support someone even more pro-corporate and xenophobic than Bush? That is called "egging them on" which under the current circumstances is just a sign that the country has a problem with incipient fascism.
If MoveOn were supported by the Chinese or the Russians, I'd say they definitely wouldn't be an operating concern today... particularly if the country were experiencing a civil war as Russia has been.
The main difference between the USA and Russia is that today the former is creating frontlines of armed conflict not just outside its borders, but around the globe. American protectorates (home to plantations, sweatshops, mines and oilfields) have a rather high rate of death for journalists and union organizers who are unfriendly to corporate USA's bottom line. And if you thought these terrorists were not often linked to USA purse strings then you would be wrong.
The bit in TFA about internets was interesting. What TFA did not mention is that most international Internet traffic is routed through the USA: Plotted on a world map, we litterally look like the switchboard to the globe. With Washington now adamant that they will eavesdrop on any of this traffic as they please (and assisted from the likes of VeriSign), I would start planning for a regional internet too.
OTOH the "software engineer" is no engineer, and his/her role as a specialized mathematician is far removed from the physical world even in the case of robotics. There is only one primary physical tool, the computer, where the element of trial and error has been reduced to a minuscule set of physical factors. All other factors (the mathematical framework of the computing platform, etc.) are entirely discrete. The argument that software should not be patentable because software boils down to just mathematics has the backing of expert authority. It makes some sense from a mathematical perspective... Disagree. The enlightenment principle of intellectual freedom is at stake. There is a reason why mathematics has been traditionally excluded from any kind of monopoly in the past: Mathematics is an extension of thought and the substrate of speech. Monopolization of any algorithm is the suppression of rational discourse between author and audience. Public policy ultimately has to deal with a world that is not easily modeled into discrete sets. A political system that cannot recognize mathematics as distinct, when it is by definition composed of discrete sets and nothing else, has turned its back on rationality.
Though I am surprised there is not more awareness on Slashdot on this issue.
Software is pure mathematical expression. As such, I can understand copyrighting specific implementations of ideas in software, but not the patenting of algorithms. The latter is a serious attack on intellectual freedom; Its privatizing math!
There are too many last-mile service areas that are subject to natural monopolization for a free-market approach to work.
Anything that falls under the rubric of a natural monopoly must be a candidate for tight government regulation. Those who argue otherwise are really preaching free-market fundamentalism.
That is exceedingly stupid. How is the user supposed to judge what in the picture is precisely medium-gray?? White I can understand, and the way PS does it you don't even have to worry about picking the absolute brightest object since the whole intensity range will be handled. The way Gimp does it, the picked area must be exactly medium-gray in order to fit correctly the levels histogram.
The closest you can expect to get for proper white balance in Gimp is to color-pick white AND a black in the Levels dialog while leaving the grey one alone. It doubles the difficulty, and its incomplete, but will pass for casual stuff (only).
The program is almost useless in terms of features. As for UI, they are making big noises about usability while still using X11 on Macs! WOW.....
Pardon me, but killing bittorrent transfers by falsifying user-protocol commands is not "prioritizing". FWIW, Comcast does indeed throttle upstream traffic for FTP, SSL and others well below their advertised speeds... but the stink isn't even about that, it's about a very high level of interference in user-generated content.
...that you can control with a sample area. Instead we still have that mickeymouse auto-white balance thing which is useless.
I am constantly amazed how consistently this project misses the mark on the most basic qualities and features, even while trumping up some of their arguably less desirable additions. Show me their requirements and use-case documentation and blow me over with a feather ('cause I'd swear they never used such a thing).
And for that reason you gave, I think we have to conclude that computer UIs suck for security.
For example: Someone gives you a crypto key on a flash drive. You plug it in and look at the contents... a teensy nothing of a file that just opens in a text editor. The OS doesn't try to push any of our evolutionary buttons with regard to this very important object.
Or how about task lists? They'll show you what/who is using the CPU, but won't do the same for a network interface. The user must take it upon themselves to become educated and install tools like nettop and such.
Also, most GUIs won't give you a clue about the data/executable status of a given file (unless you keep opening the properties/info window). So we get lots of trojans posing as jpeg files and proliferating like mad. OSes are only now starting to (inelegantly) deal with this problem.
These are examples of bad design from a security standpoint.
OK, while we're talking about them... http://slashdot.org/comments.pl?sid=334391&cid=21055301
Your banking SSL is open to eavesdropping if the Certificate Authority (like VeriSign) offers its resources in staging Man In The Middle (MITM) attacks. Unlike what AC said, your bank would not have to offer its private key or get involved in any way to facilitate the surveillance.
By exploit I mean eavesdrop on (otherwise) encrypted internet traffic using the means that is available to them as a CA: MITM.
They have a number of pages advertising "Legal Intercept" services.... under the expanded CALEA (voice and data having any kind of international route) what do you think this means? Any CA with a real privacy policy wouldn't get within a million miles of government eavesdropping activities. Sadly, the short-term windfall from eavesdropping contracts probably far outweighs any certification revenues they could expect.
ISPs can collect encrypted packets day-and-night and hand them to the govt still encrypted without breaking a sweat. Why VeriSign has to get involved in the eavesdropping process ought to be painfully obvious.