So how would you recommend instead that the server operator prove his identity to members the public?
This problem was solved by Phillip Zimmerman, the creator of PGP... in the late 90s. Please man, just pick up a book on this before you start talking about it. You don't need to have the operator prove his identity to every single person, just a few. And people that trust that person can then have them vouch for the operator. And so on. Seven degrees of separation and social networking combine, form Captain Planet. The end.
The point is not to centralize trust chains, but to put you in control of your trust chain -- you decide who is trustworthy and who isn't. You don't have to have everyone sign everybody else's keys to accomplish this.
Except at the end of the day you have to trust *something* and
... And nothing. If you do not exchange keys over a secure medium, then it's exploitable. You don't need fancy protocol exploits... you just need to sit between two people and pretend you're the other guy to each. You people seem to be misunderstanding what 'secure medium' means. Everything else is a bandaid. You need a secure medium or it's shit.
So your solution is? not using anything 'cause the NSA is over you?
My solution would firstly involve complete sentences, and secondly was already stated previously.
Please stop denigrating it to such an extent
It's shit. It's shit. It's super duper shiiiiit la de da, shit shit shit, it. is. shit. The end. I know, it doesn't exactly rhyme, but it's honest. DNSSEC is just a different color bandaid.
Wisdom is knowing that Jurassic Park is fiction, and that we contain wild animals in zoos all the time just fine
I wasn't referring to Jurassic Park. You strawman'd that in to take what you thought was a clever shot at a well-known poster. Fail. No, what I'm saying bringing back animals long-dead may have unanticipated effects on the ecosystem, not just hollywood bullshit. What if we bring something back that has a prolific reproductive rate, and its natural predators are all since long-dead? And not all dinosaurs were the size of multistory houses... some of them are small and highly mobile. Just ask the Australians about, say, black squirrels. We've fucked this one up just on animals that aren't extinct.
Invisibility cloaks like this only work within a certain range of EM frequencies. Outside of that range, it won't work; in fact it may even amplify the signal and make it more obvious whatever is being cloaked. And there are some thing no amount of cloak can deal with. You can alter the optical properties of a thing, but if it's out-gassing several thousand degree plumes... you cannot mask the infra red signature of that. These new meta materials may help in communications, but I highly doubt they will ever be able to make large human-sized physical objects disappear to any current multi-sensor technology.
To be fair, no one is telling you to run your server on http 2.0.
The same can be said whenever a new version of a protocol comes out. But invariably, people adopt the new one, and eventually nobody wants to support the old one... and so while nobody is "telling you" anything... eventually you just can't do it anymore because all protocols depend on the same thing.. people using them. If nobody's serving content on them, then nobody's supporting the ability to read that content either.
(Please don't dog pile me for saying ftp is outdated, I know you're old and cranky, you don't have to alert me)
I am neither old, nor cranky. I am however an experienced IT professional who's been here since the beginning. And experience is more valuable that book smarts or version numbers. Knowledge is what tells you how to bring the dinosaurs back... Wisdom is knowing why that's a bad idea.
Frankly, I would prefer the trust vendor to be the same as the browser vendor. I am trusting them both, so I would rather they be the same thing.
No you don't want that. The browser developers should concern themselves with rendering the content correctly and standards-compliant, and the user-experience/interface. Separation of duties when it comes to money is paramount -- that's why you have outside accountants review your books, not internal ones. Otherwise you have the situation of creating a financial incentive to break or manipulate the system. Even one character, on one line of code, can change something from secure to exploitable. Don't tempt fate; Keep the trust chain separate from the people maintaining the protocols and infrastructure it sits on.
What are your thoughts on RFC 6698 as a possible solution to the CA problem?
I think that it's already been proving that centralizing anything leads to corruption and manipulation. Whether you put it in DNS, or put it in a CA, the result is the same: Centralized control under the auspices of a third party. Any solution that doesn't allow all the power to stay in the hands of the server operator, must be rejected.
You are so close. Eliminating plain-http would destroy the internet as we know it because the only alternative then is forking cash over to an easily-manipulated corporation for the priviledge of then being able to talk on the internet. It's an attack on it's very soul.
It would kill things like Tor and hidden services. It would oblitherate people being able to run their own servers off their own internet connection. It would irrevocably place free speech on the web at the mercy of corporations and governments.
People think that adding encryption to something makes it more secure. No, it does not. Encryption is worthless without secure key exchange, and no matter how you dress it up, our existing SSL infrastructure doesn't cut it. It never has. It was built insecure. All you're doing is adding a middle man, the certificate authority, that somehow you're supposed to blindly trust to never, not even once, fuck it up and issue a certificate that is later used to fuck you with. www.microsoft.com can be signed by any of the over one hundred certificate authorities in your browser. The SSL protocol doesn't tell the browser to check all hundred plus for duplicates; it just goes to the one that signed it and asks: Are you valid?
The CA system is broken. It is so broken it needs to be put on a giant thousand mile wide sign and hoisted int orbit so it can be seen at night saying: "This system is fucked." Mandating a fucked system isn't improving security!
Show me where and how you plan on making key exchange secure over a badly compromised and inherently insecure medium, aka the internet, using the internet. It can't be done. No matter how you cut it, you need another medium through which to do the initial key exchange. And everything about SSL comes down to one simple question: Who do you trust? And who does the person you trusted, in turn, trust? Because that's all SSL is: It's a trust chain. And chains are only as strong as the weakest link.
Break the chain, people. Let the browser user take control over who, how, and when, to trust. Establish places in the real world, in meat space, in bricks and mortar land, where people can go to obtain and validate keys from multiple trusted parties. That's the only way you're going to get real security... otherwise you're going to be taking a butt torpedo stamped Made At NSA Headquarters up your browser backside. And pardon me for being so blunt, but explaining the technical ins and outs is frankly beyond this crowd today. Most of you don't have the technical comprehension skills you think you do -- so I'm breaking it down for you in everyday english: Do not trust certificate authorities. Period. The end. No debate, no bullshit, no anti-government or pro-government or any politics. The system is inherently flawed, at the atomic level. It cannot be fixed with a patch. It cannot be sufficiently altered to make it safe. It is not about who we allow to be certificate authorities, or whether this organization or that organization can be trusted. We're talking hundreds of billions of dollars in revenue riding on someone's word. You would have to be weapons grade stupid to think they will never be tempted to abuse that power -- and it does not matter who you put in that position. Does. Not. Matter.
The reason it has been around so long, perhaps is an indicator it has merit.
Sure we are consumers, we are also producers.
Find me something within arm's reach that has Made In America on it. Chances are, there isn't one; And odds are very, very good, it won't be one of the first five things you grab.
It is easier than ever to make things. There is a guide or place to ask how to make ANYTHING on the internet. If I am motivated to make or fix something on my own, I have the guidance to start at it immediately.
I think I see a flaw in your cunning plan; You aren't motivated. You're just saying that if you were, then yeah, shit could happen. But it ain't happening... because you, like hundreds of millions of others, don't want to.
Look, people are lazy, we have always been lazy, very few people are doing productive things with their time 24x7 outside of their jobs, if that. That is nothing new.
Okay, hold on to that for a minute and then consider again the statement you're upset about: We're consumers, not builders.
just because companies are trying to entice us with advertising doesn't mean we have guns to our head and have no choice in the matter.
"guns to our head", phrase: It means "I am deeply conservative". Because really, you types are the only ones that ever think there's a gun to your head... and perhaps only a miniscule amount of guns have ever been put to the heads of anyone uttering this line. Basically, if you utter this phrase, I put you in the moron category and move on, because your arguments will invariably be bullshit propaganda, with a side of cognitive distortion, served on the silver platter of self-importance.
Look... I just said we're creating a culture of consumers. That's why nobody wants to build anything; Instant gratification. Everybody's a winner. You can have it all! It's called the American Dream because you have to be asleep to believe it. We're teaching our kids that you don't need to work hard to succeed -- you just need to open your mouth and let someone shove spoonfuls of product into it.
all i can think about is time warner and youtube. all youtube videos are throttled so horribly with time warner that i cant even watch 480p. time warner also cuts off the buffering after a certain amount of time, so you cant just leave it buffering all day either.
That's why when I browse Youtube, I use a plugin that lets me download the.mp4 files raw... then they can throttle all they want. I just have 20x connections going at a time. Because fuck you Time Warner, that's why.
Firmware used to be low-level controllers that only handled a small number of instructions related to a specific task; Like a hard drive. All it needed to do was process requests for data and a few other basic operations, and so it was relatively simple. Firmware today though doesn't really meet that definition -- due to the lower costs of FPGAs and similar, these controllers are now trivially reprogrammable and because the original designers didn't consider the hardware to be an attack vector, it has full access to everything, like say, the PCI bus; It can talk directly to the CPU and queue instructions, change the stacks, alter memory, and more.
Modern OS' aren't designed with this in mind; They expect an attack from the 'higher' layers -- ie, userspace. They don't expect an attack against the kernel to come from the hardware itself.
This entire initiative, as great as it is, ignores a small problem: We aren't raising our children to be builders, we're raising them to be consumers. Consumers have no initiative, and see no point in things like shop class, or building things... afterall, isn't that why we import indians and chinese?
Also, as soon as some high school student builds a gun with the 3D printer, that'll go away.
That you only buy tangible property and that we haven't invented mindcandy yet?
Basically, yeah. I'll pay for a good, or a service. For example, I'm okay paying for netflix. Videos are a service. Putting a lot of them together on a website is a convenience. I like convenience. That's a tangible thing -- even though it's just electrical impulses, someone sat down and made it for me, and at a reasonable price. Cheaper than what it replaced: Video stores.
But software? No. Not because it isn't also a good, or because it's not valuable -- but because it's grossly overvalued. And yet, participating in our society, which pretty much demands internet access, demands we all pay through the nose for this. I will not. Same with a video game; Most are not worth $40 or more and then fuck you on DLC or monthly subscriptions on top of that. Netflix gives me nearly unlimited entertainment for $10 a month... while a game might provide, at most, 50-100 hours of entertainment, and yet costs four times more. The reason for the cost difference is intellectual property.
Netflix would have been sunk too if the MPAA had its way -- and they're still trying with the ISPs. But it got too big, too fast, and they had only a narrow window to try and kill it. They missed it. So now we have cheap access to videos. It was an accident... but one I'm happy to pay for.
Much of the justification lately for not decriminalizing drugs (such as marijuana, ecstacy, etc.) -- ignoring the fact that the scientific consensus now is that both are less harmful than alcohol, or cigarettes, both of which are legal, is that it would fund terrorism. In other words, their argument is that because a small amount of it is bad, we should keep the whole thing illegal.
Yet, here we have IP law -- of which much of it is bad, and yet they tell us we should keep the whole thing legal... or [insert boogieman story here]. I'm not buying. I'll buy drugs, but I won't buy video games or software. What does that say about me? Maybe that I'm just young and stupid... or maybe I'm just seeing things more clearly. Maybe I just don't think the government has any credibility left to it, and so whatever the government says is right... it's a safe bet marching in the opposite direction will be better for you.
I'd rather be out of the job than stuck between "I need access to EVERYTHING for no goddamn reason" and "ME COMPOOTER IS BOKE-BOKE AGAIN FIX IT A+ PRIORITY ONE"
Ah. The naitivity of youth. So refreshing. And yet they wonder why nobody hires them.
Seems to me it's probably because poor people can better empathize with what it's like to not have enough, and they likely remember how much they appreciated it the last time somebody helped them out.
That does not explain how people who were previously poor, and then became wealthy, also follow the same pattern. Not everyone who becomes wealthy changes their social class, but most do. Put another way, once you're rich, you don't hang around with poor people much. And thanks to socialization, it's not very long at all before those old behaviors and worldview fractures and dissolves. Does it happen to everyone? No. But it seems the only people resiliant to this are those that suffered a significant trauma prior and usually early on in life that became a core belief.
It's not a coincidence that when you read about people who ran into burning buildings to save a bunch of children, or saw a car run off the road, lept from their car to go assist... everyday heroes tend to have one thing in their background: They grew up in a small town. Go look it up. And surprise, most people who join the military also come from small towns. Their personalities are no different than those in the city, but their social environment imparted certain values -- specifically, that they're not just a face in a crowd. In the city, we choose our own subculture, our own groups to be a part of. In a small town, you have to learn how to be part of a community you may not strongly identify with. Avoiding certain types of people isn't an option. So as a consequence of that, we get people who later move to the big city or whatever, and retain that sense of community... so when they see someone in trouble, they don't have a tribalistic view.
We are social creatures; And our desire to help others is based directly on how much they are like us. They have to be part of our tribe. It's how we're wired. And social class is a big division -- when you surround yourself with rich people, you start to think like rich people do. It seems like a really obvious thing to say, but then I see people like you say things like this and I realize... you're not understanding this tribalistic element of human behavior.
No, seriously. As a percentage of net earnings, the rich contribute far less as an aggregate group than the poor. There's an inverse relationship between income and charity. The more you make, the less you give, proportionally speaking. You can outline all the reasons why it would be better if this wasn't the case... I doubt you'll find much disagreement here. But making the case for it doesn't mean anyone's going to adopt it; A concept Mr. Gates and the company he used to captain both seem ill-equipped to grasp. Simply understanding the problem better doesn't result in a solution; It is one of the oldest delusions humanity has to offer... that knowledge will lead to action.
Instead, we need to figure out why people give proportionally less, and address the issue within that cognitive framework. And the Just world phenomenon is a great place to start: The belief that you deserve whatever is happening, or has happened, to you. Fundamentally, I think you'll find the reason the rich give less is because on a subconscious level, having adopted the belief that they earned their wealth rather than simply having won a cosmic lottery, they then build on that with confirmation bias. That is, every action that comes after that in some fashion just confirms that they're more deserving than the next guy... and eventually, that makes them not very charitable. Afterall, if I did it, you can do it, right? It's such a basic failure of reasoning that entire books have been written on the subject, and yet... here we are... still not getting it.
That's not the problem. I mean, it's a problem. But the real problem is trying to apply numerical methods to personal subjective assessment.
That's not a problem when done correctly and appropriately bold-faced. Interview one person and then ask a classroom of 30 to rank that interviewee on traits like extroversion, honesty, confidence, etc., and you'll get a pretty damn accurate assessment. It's called the 'wisdom of the crowds' -- average it all together and bang; Resaonably accurate assessment.
There's a related example; Chicken sexing. Keep your mind out of the gutter, this is serious -- as you know, we need eggs. Lots of eggs. So we need a lot of hens. But there's a problem; Male and female chickens look almost identical. We cannot use machines to separate them, so it must be done by humans. But how then, if they're almost identical, do we tell the difference? As it turns out -- we take someone else who's a chicken sorter, stand behind the new guy, and say yes or no repeatedly until the answers are mostly yes. Although we cannot really tell any difference visually, somehow, we can get about a 96% accuracy rate out of humans by simply training them with yes/no answers. It defies all reason, but that's how they do it. And the thing is... the accuracy rate doesn't decrease as they in turn train the next new guy, etc. It remains constant across the population.
You can't get any more subjective than chicken sex sorting -- really, I could put two of them in your hands and short of dissecting them, you wouldn't be able to find any difference. And yet... you can be trained to become highly accurate at separating these two nearly homogenous groups.
I guess my point is, your argument is bunk. You can make personal subjective assessment accurate and valid; But you need to either do it with a group of people doing the assessment (many to one), or you need to be trained on how to identify key traits. You're absolutely right in that without formal and explicit training, human beings are about as accurate as a randomly wired neural network. But with training, it's a whole 'nother story.
You can be trained to be very accurate in those "subjective" assessments. It just happens to be the case that the overwhelming majority of people aren't.
Brain waves are actually transparent to Aluminum foil and essentially make it easier for Them to hear, whereas Tin foil shields your brain-waves from Them. I don't mean to scare you or anything, but I figured that if you really value your privacy you ought to know.
Science fail. They're both metal. Both would act as antennas unless grounded. Conversely, it would also make it easier for you to tune into Their thoughts. But let's be honest... you really don't want that. It's like googling for something innocent and getting a face full of porn and then having your boss walk by at that exact moment.
Slashdot Mirror
So how would you recommend instead that the server operator prove his identity to members the public?
This problem was solved by Phillip Zimmerman, the creator of PGP... in the late 90s. Please man, just pick up a book on this before you start talking about it. You don't need to have the operator prove his identity to every single person, just a few. And people that trust that person can then have them vouch for the operator. And so on. Seven degrees of separation and social networking combine, form Captain Planet. The end.
The point is not to centralize trust chains, but to put you in control of your trust chain -- you decide who is trustworthy and who isn't. You don't have to have everyone sign everybody else's keys to accomplish this.
You're a well-known poster? Well excuse me. I didn't know.
Apology accepted. Now you know for next time!
But Jurassic Park was the natural thing to reply to, because...
Because nothing. You strawman'd, I called you on it, now man up and admit it.
Except at the end of the day you have to trust *something* and
... And nothing. If you do not exchange keys over a secure medium, then it's exploitable. You don't need fancy protocol exploits... you just need to sit between two people and pretend you're the other guy to each. You people seem to be misunderstanding what 'secure medium' means. Everything else is a bandaid. You need a secure medium or it's shit.
So your solution is?
not using anything 'cause the NSA is over you?
My solution would firstly involve complete sentences, and secondly was already stated previously.
Please stop denigrating it to such an extent
It's shit. It's shit. It's super duper shiiiiit la de da, shit shit shit, it. is. shit. The end. I know, it doesn't exactly rhyme, but it's honest. DNSSEC is just a different color bandaid.
So how would you recommend instead that the server operator prove his identity to members the public?
I've already stated one solution; One proven to work. You just don't like it, and that's fine. But don't ask stupid questions.
Wisdom is knowing that Jurassic Park is fiction, and that we contain wild animals in zoos all the time just fine
I wasn't referring to Jurassic Park. You strawman'd that in to take what you thought was a clever shot at a well-known poster. Fail. No, what I'm saying bringing back animals long-dead may have unanticipated effects on the ecosystem, not just hollywood bullshit. What if we bring something back that has a prolific reproductive rate, and its natural predators are all since long-dead? And not all dinosaurs were the size of multistory houses... some of them are small and highly mobile. Just ask the Australians about, say, black squirrels. We've fucked this one up just on animals that aren't extinct.
Invisibility cloaks like this only work within a certain range of EM frequencies. Outside of that range, it won't work; in fact it may even amplify the signal and make it more obvious whatever is being cloaked. And there are some thing no amount of cloak can deal with. You can alter the optical properties of a thing, but if it's out-gassing several thousand degree plumes... you cannot mask the infra red signature of that. These new meta materials may help in communications, but I highly doubt they will ever be able to make large human-sized physical objects disappear to any current multi-sensor technology.
Why is 6698 funny? The author was serious. Now 1149? That's funny.
To be fair, no one is telling you to run your server on http 2.0.
The same can be said whenever a new version of a protocol comes out. But invariably, people adopt the new one, and eventually nobody wants to support the old one... and so while nobody is "telling you" anything... eventually you just can't do it anymore because all protocols depend on the same thing.. people using them. If nobody's serving content on them, then nobody's supporting the ability to read that content either.
(Please don't dog pile me for saying ftp is outdated, I know you're old and cranky, you don't have to alert me)
I am neither old, nor cranky. I am however an experienced IT professional who's been here since the beginning. And experience is more valuable that book smarts or version numbers. Knowledge is what tells you how to bring the dinosaurs back... Wisdom is knowing why that's a bad idea.
Frankly, I would prefer the trust vendor to be the same as the browser vendor. I am trusting them both, so I would rather they be the same thing.
No you don't want that. The browser developers should concern themselves with rendering the content correctly and standards-compliant, and the user-experience/interface. Separation of duties when it comes to money is paramount -- that's why you have outside accountants review your books, not internal ones. Otherwise you have the situation of creating a financial incentive to break or manipulate the system. Even one character, on one line of code, can change something from secure to exploitable. Don't tempt fate; Keep the trust chain separate from the people maintaining the protocols and infrastructure it sits on.
What are your thoughts on RFC 6698 as a possible solution to the CA problem?
I think that it's already been proving that centralizing anything leads to corruption and manipulation. Whether you put it in DNS, or put it in a CA, the result is the same: Centralized control under the auspices of a third party. Any solution that doesn't allow all the power to stay in the hands of the server operator, must be rejected.
otherwise this sounds like extortion from CAs
You are so close. Eliminating plain-http would destroy the internet as we know it because the only alternative then is forking cash over to an easily-manipulated corporation for the priviledge of then being able to talk on the internet. It's an attack on it's very soul.
It would kill things like Tor and hidden services. It would oblitherate people being able to run their own servers off their own internet connection. It would irrevocably place free speech on the web at the mercy of corporations and governments.
People think that adding encryption to something makes it more secure. No, it does not. Encryption is worthless without secure key exchange, and no matter how you dress it up, our existing SSL infrastructure doesn't cut it. It never has. It was built insecure. All you're doing is adding a middle man, the certificate authority, that somehow you're supposed to blindly trust to never, not even once, fuck it up and issue a certificate that is later used to fuck you with. www.microsoft.com can be signed by any of the over one hundred certificate authorities in your browser. The SSL protocol doesn't tell the browser to check all hundred plus for duplicates; it just goes to the one that signed it and asks: Are you valid?
The CA system is broken. It is so broken it needs to be put on a giant thousand mile wide sign and hoisted int orbit so it can be seen at night saying: "This system is fucked." Mandating a fucked system isn't improving security!
Show me where and how you plan on making key exchange secure over a badly compromised and inherently insecure medium, aka the internet, using the internet. It can't be done. No matter how you cut it, you need another medium through which to do the initial key exchange. And everything about SSL comes down to one simple question: Who do you trust? And who does the person you trusted, in turn, trust? Because that's all SSL is: It's a trust chain. And chains are only as strong as the weakest link.
Break the chain, people. Let the browser user take control over who, how, and when, to trust. Establish places in the real world, in meat space, in bricks and mortar land, where people can go to obtain and validate keys from multiple trusted parties. That's the only way you're going to get real security... otherwise you're going to be taking a butt torpedo stamped Made At NSA Headquarters up your browser backside. And pardon me for being so blunt, but explaining the technical ins and outs is frankly beyond this crowd today. Most of you don't have the technical comprehension skills you think you do -- so I'm breaking it down for you in everyday english: Do not trust certificate authorities. Period. The end. No debate, no bullshit, no anti-government or pro-government or any politics. The system is inherently flawed, at the atomic level. It cannot be fixed with a patch. It cannot be sufficiently altered to make it safe. It is not about who we allow to be certificate authorities, or whether this organization or that organization can be trusted. We're talking hundreds of billions of dollars in revenue riding on someone's word. You would have to be weapons grade stupid to think they will never be tempted to abuse that power -- and it does not matter who you put in that position. Does. Not. Matter.
Nah. I've heard this argument since I was a kid.
The reason it has been around so long, perhaps is an indicator it has merit.
Sure we are consumers, we are also producers.
Find me something within arm's reach that has Made In America on it. Chances are, there isn't one; And odds are very, very good, it won't be one of the first five things you grab.
It is easier than ever to make things. There is a guide or place to ask how to make ANYTHING on the internet. If I am motivated to make or fix something on my own, I have the guidance to start at it immediately.
I think I see a flaw in your cunning plan; You aren't motivated. You're just saying that if you were, then yeah, shit could happen. But it ain't happening... because you, like hundreds of millions of others, don't want to.
Look, people are lazy, we have always been lazy, very few people are doing productive things with their time 24x7 outside of their jobs, if that. That is nothing new.
Okay, hold on to that for a minute and then consider again the statement you're upset about: We're consumers, not builders.
just because companies are trying to entice us with advertising doesn't mean we have guns to our head and have no choice in the matter.
"guns to our head", phrase: It means "I am deeply conservative". Because really, you types are the only ones that ever think there's a gun to your head... and perhaps only a miniscule amount of guns have ever been put to the heads of anyone uttering this line. Basically, if you utter this phrase, I put you in the moron category and move on, because your arguments will invariably be bullshit propaganda, with a side of cognitive distortion, served on the silver platter of self-importance.
Look... I just said we're creating a culture of consumers. That's why nobody wants to build anything; Instant gratification. Everybody's a winner. You can have it all! It's called the American Dream because you have to be asleep to believe it. We're teaching our kids that you don't need to work hard to succeed -- you just need to open your mouth and let someone shove spoonfuls of product into it.
all i can think about is time warner and youtube. all youtube videos are throttled so horribly with time warner that i cant even watch 480p. time warner also cuts off the buffering after a certain amount of time, so you cant just leave it buffering all day either.
That's why when I browse Youtube, I use a plugin that lets me download the .mp4 files raw... then they can throttle all they want. I just have 20x connections going at a time. Because fuck you Time Warner, that's why.
In the real world, this is called Firmware.
Firmware used to be low-level controllers that only handled a small number of instructions related to a specific task; Like a hard drive. All it needed to do was process requests for data and a few other basic operations, and so it was relatively simple. Firmware today though doesn't really meet that definition -- due to the lower costs of FPGAs and similar, these controllers are now trivially reprogrammable and because the original designers didn't consider the hardware to be an attack vector, it has full access to everything, like say, the PCI bus; It can talk directly to the CPU and queue instructions, change the stacks, alter memory, and more.
Modern OS' aren't designed with this in mind; They expect an attack from the 'higher' layers -- ie, userspace. They don't expect an attack against the kernel to come from the hardware itself.
This entire initiative, as great as it is, ignores a small problem: We aren't raising our children to be builders, we're raising them to be consumers. Consumers have no initiative, and see no point in things like shop class, or building things... afterall, isn't that why we import indians and chinese?
Also, as soon as some high school student builds a gun with the 3D printer, that'll go away.
That you only buy tangible property and that we haven't invented mindcandy yet?
Basically, yeah. I'll pay for a good, or a service. For example, I'm okay paying for netflix. Videos are a service. Putting a lot of them together on a website is a convenience. I like convenience. That's a tangible thing -- even though it's just electrical impulses, someone sat down and made it for me, and at a reasonable price. Cheaper than what it replaced: Video stores.
But software? No. Not because it isn't also a good, or because it's not valuable -- but because it's grossly overvalued. And yet, participating in our society, which pretty much demands internet access, demands we all pay through the nose for this. I will not. Same with a video game; Most are not worth $40 or more and then fuck you on DLC or monthly subscriptions on top of that. Netflix gives me nearly unlimited entertainment for $10 a month... while a game might provide, at most, 50-100 hours of entertainment, and yet costs four times more. The reason for the cost difference is intellectual property.
Netflix would have been sunk too if the MPAA had its way -- and they're still trying with the ISPs. But it got too big, too fast, and they had only a narrow window to try and kill it. They missed it. So now we have cheap access to videos. It was an accident... but one I'm happy to pay for.
Here's a brain teaser:
Much of the justification lately for not decriminalizing drugs (such as marijuana, ecstacy, etc.) -- ignoring the fact that the scientific consensus now is that both are less harmful than alcohol, or cigarettes, both of which are legal, is that it would fund terrorism. In other words, their argument is that because a small amount of it is bad, we should keep the whole thing illegal.
Yet, here we have IP law -- of which much of it is bad, and yet they tell us we should keep the whole thing legal... or [insert boogieman story here]. I'm not buying. I'll buy drugs, but I won't buy video games or software. What does that say about me? Maybe that I'm just young and stupid... or maybe I'm just seeing things more clearly. Maybe I just don't think the government has any credibility left to it, and so whatever the government says is right... it's a safe bet marching in the opposite direction will be better for you.
I'd rather be out of the job than stuck between "I need access to EVERYTHING for no goddamn reason" and "ME COMPOOTER IS BOKE-BOKE AGAIN FIX IT A+ PRIORITY ONE"
Ah. The naitivity of youth. So refreshing. And yet they wonder why nobody hires them.
and 58% cited the ineffectiveness of anti-malware solutions."
So the majority of experts agree the existing solutions are ineffective. And yet the solution remains the same: Buy more of it.
Seems to me it's probably because poor people can better empathize with what it's like to not have enough, and they likely remember how much they appreciated it the last time somebody helped them out.
That does not explain how people who were previously poor, and then became wealthy, also follow the same pattern. Not everyone who becomes wealthy changes their social class, but most do. Put another way, once you're rich, you don't hang around with poor people much. And thanks to socialization, it's not very long at all before those old behaviors and worldview fractures and dissolves. Does it happen to everyone? No. But it seems the only people resiliant to this are those that suffered a significant trauma prior and usually early on in life that became a core belief.
It's not a coincidence that when you read about people who ran into burning buildings to save a bunch of children, or saw a car run off the road, lept from their car to go assist... everyday heroes tend to have one thing in their background: They grew up in a small town. Go look it up. And surprise, most people who join the military also come from small towns. Their personalities are no different than those in the city, but their social environment imparted certain values -- specifically, that they're not just a face in a crowd. In the city, we choose our own subculture, our own groups to be a part of. In a small town, you have to learn how to be part of a community you may not strongly identify with. Avoiding certain types of people isn't an option. So as a consequence of that, we get people who later move to the big city or whatever, and retain that sense of community... so when they see someone in trouble, they don't have a tribalistic view.
We are social creatures; And our desire to help others is based directly on how much they are like us. They have to be part of our tribe. It's how we're wired. And social class is a big division -- when you surround yourself with rich people, you start to think like rich people do. It seems like a really obvious thing to say, but then I see people like you say things like this and I realize... you're not understanding this tribalistic element of human behavior.
'We want to give our wealth back to society in a
... BURN THE WITCH!
No, seriously. As a percentage of net earnings, the rich contribute far less as an aggregate group than the poor. There's an inverse relationship between income and charity. The more you make, the less you give, proportionally speaking. You can outline all the reasons why it would be better if this wasn't the case... I doubt you'll find much disagreement here. But making the case for it doesn't mean anyone's going to adopt it; A concept Mr. Gates and the company he used to captain both seem ill-equipped to grasp. Simply understanding the problem better doesn't result in a solution; It is one of the oldest delusions humanity has to offer... that knowledge will lead to action.
Instead, we need to figure out why people give proportionally less, and address the issue within that cognitive framework. And the Just world phenomenon is a great place to start: The belief that you deserve whatever is happening, or has happened, to you. Fundamentally, I think you'll find the reason the rich give less is because on a subconscious level, having adopted the belief that they earned their wealth rather than simply having won a cosmic lottery, they then build on that with confirmation bias. That is, every action that comes after that in some fashion just confirms that they're more deserving than the next guy... and eventually, that makes them not very charitable. Afterall, if I did it, you can do it, right? It's such a basic failure of reasoning that entire books have been written on the subject, and yet... here we are... still not getting it.
That's not the problem. I mean, it's a problem. But the real problem is trying to apply numerical methods to personal subjective assessment.
That's not a problem when done correctly and appropriately bold-faced. Interview one person and then ask a classroom of 30 to rank that interviewee on traits like extroversion, honesty, confidence, etc., and you'll get a pretty damn accurate assessment. It's called the 'wisdom of the crowds' -- average it all together and bang; Resaonably accurate assessment.
There's a related example; Chicken sexing. Keep your mind out of the gutter, this is serious -- as you know, we need eggs. Lots of eggs. So we need a lot of hens. But there's a problem; Male and female chickens look almost identical. We cannot use machines to separate them, so it must be done by humans. But how then, if they're almost identical, do we tell the difference? As it turns out -- we take someone else who's a chicken sorter, stand behind the new guy, and say yes or no repeatedly until the answers are mostly yes. Although we cannot really tell any difference visually, somehow, we can get about a 96% accuracy rate out of humans by simply training them with yes/no answers. It defies all reason, but that's how they do it. And the thing is... the accuracy rate doesn't decrease as they in turn train the next new guy, etc. It remains constant across the population.
You can't get any more subjective than chicken sex sorting -- really, I could put two of them in your hands and short of dissecting them, you wouldn't be able to find any difference. And yet... you can be trained to become highly accurate at separating these two nearly homogenous groups.
I guess my point is, your argument is bunk. You can make personal subjective assessment accurate and valid; But you need to either do it with a group of people doing the assessment (many to one), or you need to be trained on how to identify key traits. You're absolutely right in that without formal and explicit training, human beings are about as accurate as a randomly wired neural network. But with training, it's a whole 'nother story.
You can be trained to be very accurate in those "subjective" assessments. It just happens to be the case that the overwhelming majority of people aren't.
Brain waves are actually transparent to Aluminum foil and essentially make it easier for Them to hear, whereas Tin foil shields your brain-waves from Them. I don't mean to scare you or anything, but I figured that if you really value your privacy you ought to know.
Science fail. They're both metal. Both would act as antennas unless grounded. Conversely, it would also make it easier for you to tune into Their thoughts. But let's be honest... you really don't want that. It's like googling for something innocent and getting a face full of porn and then having your boss walk by at that exact moment.