This service is SSL-based. So, the transmission is secure, but it's plaintext on their servers. not only are all the trails there, your unencrypted email is sitting on their servers, waiting to be read.
There's a reason Zixmail's paying yahoo to offer this service, not vice-versa.
My bad, it was 999,000 -- I put an extra zero. but the recount caught it.
BTW, Florida has 6 mil votes, so a 99.9% accurate count has a margin of error of 6000. A 99.99% accurate count still gives a margin greater than Bush's current lead (but it's much closer, 600)
It's all insane. Whoever wins will win by a margin less than the margin of error, in all likelyhood. I'd love to see a Fair, bipartisan recount done. Likelyhood that any of those three (fair, bipartisan, recount) will happen is slim, the likelyhood that all three will is, well, non-zero, but that's the best that can be said of its odds.
Certainly. A recount should be done that is as fair as possible--all counties, by one chosen method with a definite set of criteria. If manual, prefereably performed by one person from each party looking at each ballot.
Ooh, even better. Lock Bush and Gore in a room and make them recount them all, or at least the contested/questionable/(dimpled if allowed) ones.
This current count is hogwash because only a few of the counties recounted. Harris just wants her ambassadorship post.
first of all, the US legal system is a conflictual one. it's ugly, unpleasant, bitchy, but it works quite well, actually.
Of interest, AFAIK the only state in the Union that must consider dimpled ballots on manual recounts is (drumroll please) Texas! and Bush signed into law legislation (HB331 of the 75th congress of Tx HB331) a bill that favors manual counting in a recount situation. I love irony.
Unless Gore goes way, way too far, he will not be damaging the constitution or any of that jazz--with the race this close, a very accurate count is important. I'm in favor of inclusion of the dimpled ballots, but that would get lot of foul-play cries (if the non-postmarked military ballots are excluded, so should the dimpled ones, and vice verse as well).
I forsee, OEM resellers not ponying up the cash for an unlimited copy. It'll be like the current virus protection scams. You'll buy your computer, with MS-Office and a huge suite of other applications, and it will all go kaput in 6 mos. because the hardware manuf only bought the cheapest license they could, and no doubt found one that transferred no rebates/discounts on renewal.
This of course fits cleanly with the new rent-a-wreck model Gateway is offering, where you rent a computer, return it and get an upgrade every two years.
Coincidence?
(And people actually laughed at me when I gave up word processing and started using HTML exclusively.)
Just make sure you don't use SOAP (MS COM/XML language)...
the classic problem with programs that check date/time is thatthe local machine's time can be changed. This is not programming Murhpy's computer with bug-hunts, it's programming Satan's computer--the hardware, and all other software, is suspect and liable to mucking-with. And with the cost and utility of MS office products, the value is high enough to make a lot of mucking worthwhile.
Of course, this isn't even considering running it under an emulator--total control over the running environment.
And sure they're violations of the DMCA. As per usual, all corporations with users will do due diligence to make sure they're doing everything correctly, and probably tack on a don't pirate software clause to their employee manual.
It'll be the old model of licensed office copies and hacked home copies.
.NET/asp targets a specific market which I don't deny probably exists. That being said, I do not believe this type of solution will be now or ever the one-and-only.
First, the headache for maintaining so many damned subscriptions, keeping them active, managing accounts and passwords will drive IT managers nuts
Second, it's the DivX dilemma--see how useful all those DivX pay-per-use DVDs are now? Great coasters. If MS ever stops supporting this model, everyone will be up a creek without a license key. Admittedly, probably not a terrible concern with MS, but it will limit the ASP model.
More importantly, this will last in each company until the exact time that some Exec is travelling and his license expires over the atlantic on the flight out while he's drafting the next business plan or whatnot. After some serious shouting and lawsuit-threatening, each company will give the subscription model a one-fingered salute.
Does the.NET/subscription model rely on internet connectivity to check to see if it's allowed to run? can we say, nightmare? internet bandwidth issues, connectivity, and your reliable problems with the proxy server or the firewall or some schlob stepping on the pipe into the router will not only effect normal levels of productivity--in/outbound email, refreshing slashdot, reading the Onion, etc., it will also kill-if this is how it works[1]-kill all productivity--no Visual C++ compiling, no word processing, no powerpoint. (hey, maybe this will be a good thing...). This won't be popular.
This also brings up an interesting idea--I type up a work in Word 10/subscription, then my subscription runs out. Can I still even read my work? Will WordPad handle it, or has MS rescinded my access to my own work??
[1] and I can't think of another reliable way. I imagine a digital-sig based handshake that avoids the problem with local settings controlling access (easily crackable/patchable), and if it defaults to allow, well, duh.
Of course, if you want spiders to generally index your site, but absolutely not the Secret Link, you're screwed... A robots.txt file that does this will naturally be a big sign "THIS PAGE IS OUR SECRET LINK. DON'T LOOK BEHIND THE CURTAIN"
*shrug* better to just not link it.
The problem is proving a negative
on
eLection '04
·
· Score: 2
So we get an eLection. OpenBSD with TrustedBSD patches installed, audited, monitored with network and host-idses, realtime log watching by real humans, firewalls, virus scanners, the whole 9 yards and then some. All the t's are crossed, all the i's dotted. All goes well.
Joe Cracker, in an act of political martyrdom, says, "I hacked the vote"
The folks running the vote say "No, all is well"
Joe responds, "yeah? prove it."
(this example stolen graciously from Bruce Schneier--he'll prolly talk about this in the next Crypto-gram).
The advantage of the current system is that fraud is limited strongly to the local level, and therefore to numbers which are statistically insignificant to national--and even statewide--elections (including this one. we're so below statistical significance in florida it's not funny). Do a google search on "Landslide Lyndon" and "Box 13" (or read http://www.texasmonthly.com/mag/1999/dec/politics. html) to see more about local-level fraud.
As soon as freenet gets a good UI, it can be a successor to Napster--better than gnutella, as it has a badass way to cache popular files close to where they're popular.
And, as an added bonus, it's all encrypted, anonymous, decentralized, and has the ability to offer freedom of speech for files other than just pr0n and mp3s.
gov't raids have a history of taking coffee pots. (http://www.sjgames.com/SS/) I think it's a conspiracy. Anyone remember the Steve Jackson Games raid back in 1990? (US Secret Service--not FBI http://www.sjgames.com/SS/topten.html )
I think SJG finally got their coffee make back, but it was after this caused the formation of the EFF and the lawsuit against the govt was settled.
If reliability is your #1, set up redundant email. Get a few procmail recipes going on a highly reliable server that forward to a few accounts, use PGP for security. It's a single point of failure, but it can drastically reduce other points of failure (dead ISP pop server, etc.).
hotmail is slow, insecure, but high on the reliability (until their domain name expires...again), as are yahoo and angelfire (lycos).
Aim for multiple points of access (web, telnet, POP/IMAP...) to reduce the common problem of the mailserver at wherever croaking, and multiple points of presence (net-geographically diverse locations) to get around other problems (travelling, ISP dies, etc.)
Personal firewalls are the way to go, but the education is humbling for many home users nowadays. What RR does is portscan on the more popular ports (For fun, read
http://security.rr.com/, formerly bofh.rr.com). Partially they're hunting down rogue servers. They're ORBSed, and are mainly trying to find the insecure SMTP servers. They also have some security guidelines on their webpage.
E-Signatures are NOT cryptographically verified, and the law does not require them to be so. Digital Signatures are crypto, eSignatures include [X] and/S/Your Name and faxes and scans of your written signature (read the CNN article for a longer list).
I agree, however, that authentication is going to be the real problem with eSigs. After a few forehead slaps, everyone will require cryptographically-verified sigs.
A point to remember is that the law enables eSigs--which is just about anything (X) or/S/GriffJon or whatever else. It's instructive to realize that physical signatures work the same way--a physical mark is a legally binding signature if it was made with 'the intent to sign'
.
Will there be fraud in eSigs? yes. There will be an immediate move towards digital (cryptographic) signatures, and higher security. This might even get more intelligent password use, or hell, even hardware solutions (smartcards, dongles, etc)
The law is well-written, and in 5 years people will wonder how things got done before the ESIGN law.
Naturally, a lot will happen in those five years, and people dealing with eSigs and certificates will have to deal with identity, accountability and such so as to get trusted eSigs.
BFD. woohoo. so it's cheaper than going to the copy-shop and making 100 one-side copies of the underground paper. it's not particularly revolutionary as a concept.
one idea, tho--use the cuecat to provide links from the newspaper to the website! hide them in images and whatnot. it'll be cool.
(side-note: you can daisy chain cuecats for the ultimate rave experience (...within 3' of your keyboard port, at least!)
The continuing irony as high-tech companies like Sony develop tech (mp3 players anyone?) to fill market demand while the RIAA and MPAA go nutty trying to litigate less damaging technologies developed by open/free folks.
Not unlike the.mp4 report at Tom's detailing how a DVD will fit with little visible loss on a CD using mp4 compression. ooops.
A stronger force than the inevitability of technology developments, is the consumer demand driving hardware manufacturers.
So, when did the FCC decide to smoke Satan's Own Crackpipe? Did they get totally bought?
Should-Happen-Irony: the DRM installed on HDTVs creates interference.
So yeah. Car manufacturers don't make cars that can't go over 75mph, even though it's widely illegal for cars to go over that speed limit. Can you imagine having to call in to the DPS/DOT office and get centralized permission before speeding to the emergency room? NO, of course not, that would be STUPID.
The reality will be that these techniques will be circumventable, the hackers (JArgon-file definition) will be sued under the DMCA, the documentation for the hack will be widely available, and nothing will actually change.
What happened to the Betamax time-shifting ruling??? Will the TV have IR sensors to make sure fewer than 15 people are watching, etc.??
If you remember, the general attidute of Johansen and the team that cracked CSS was a huge slap to the forehead of "if we'd known they were using such a weak keylength, we would've just brute forced it" or words to that effect. The actual CSS key is very teensy, and the time they put into reverse-engineering at it would've cracked it.
As to the second point, there's a fundamental problem with copy protection--if someone can see something, it can be recorded--probably losslessly. It might be hard, rquire hardware or special video drivers hand-coded, but it will be fully possible. If you make it truly unrecordable, you've made it unviewable.
It is illegal to drive above 75mph--but my can can go faster. Think about it.
Slashdot Mirror
This service is SSL-based. So, the transmission is secure, but it's plaintext on their servers. not only are all the trails there, your unencrypted email is sitting on their servers, waiting to be read.
There's a reason Zixmail's paying yahoo to offer this service, not vice-versa.
My bad, it was 999,000 -- I put an extra zero. but the recount caught it.
BTW, Florida has 6 mil votes, so a 99.9% accurate count has a margin of error of 6000. A 99.99% accurate count still gives a margin greater than Bush's current lead (but it's much closer, 600)
It's all insane. Whoever wins will win by a margin less than the margin of error, in all likelyhood. I'd love to see a Fair, bipartisan recount done. Likelyhood that any of those three (fair, bipartisan, recount) will happen is slim, the likelyhood that all three will is, well, non-zero, but that's the best that can be said of its odds.
Certainly. A recount should be done that is as fair as possible--all counties, by one chosen method with a definite set of criteria. If manual, prefereably performed by one person from each party looking at each ballot.
Ooh, even better. Lock Bush and Gore in a room and make them recount them all, or at least the contested/questionable/(dimpled if allowed) ones.
This current count is hogwash because only a few of the counties recounted. Harris just wants her ambassadorship post.
99.9% of 2 million?
.999 = 990000
Have you done your math?
1000000 *
So, out of 1000000 (1 million) votes, 990000 are correct.
1000000 - 990000 = 1000
1000 > 2
in fact, 1000 is almost twice the margin of victory (537)
Do you understand the need for a manual recount now?
Yeah, but we get Rick Perry as governor. We get doubly screwed!
first of all, the US legal system is a conflictual one. it's ugly, unpleasant, bitchy, but it works quite well, actually.
Of interest, AFAIK the only state in the Union that must consider dimpled ballots on manual recounts is (drumroll please) Texas! and Bush signed into law legislation (HB331 of the 75th congress of Tx HB331) a bill that favors manual counting in a recount situation. I love irony.
Unless Gore goes way, way too far, he will not be damaging the constitution or any of that jazz--with the race this close, a very accurate count is important. I'm in favor of inclusion of the dimpled ballots, but that would get lot of foul-play cries (if the non-postmarked military ballots are excluded, so should the dimpled ones, and vice verse as well).
I forsee, OEM resellers not ponying up the cash for an unlimited copy. It'll be like the current virus protection scams. You'll buy your computer, with MS-Office and a huge suite of other applications, and it will all go kaput in 6 mos. because the hardware manuf only bought the cheapest license they could, and no doubt found one that transferred no rebates/discounts on renewal.
This of course fits cleanly with the new rent-a-wreck model Gateway is offering, where you rent a computer, return it and get an upgrade every two years.
Coincidence?
(And people actually laughed at me when I gave up word processing and started using HTML exclusively.)
Just make sure you don't use SOAP (MS COM/XML language)...
the classic problem with programs that check date/time is thatthe local machine's time can be changed. This is not programming Murhpy's computer with bug-hunts, it's programming Satan's computer--the hardware, and all other software, is suspect and liable to mucking-with. And with the cost and utility of MS office products, the value is high enough to make a lot of mucking worthwhile.
Of course, this isn't even considering running it under an emulator--total control over the running environment.
And sure they're violations of the DMCA. As per usual, all corporations with users will do due diligence to make sure they're doing everything correctly, and probably tack on a don't pirate software clause to their employee manual.
It'll be the old model of licensed office copies and hacked home copies.
.NET/asp targets a specific market which I don't deny probably exists. That being said, I do not believe this type of solution will be now or ever the one-and-only.
.NET/subscription model rely on internet connectivity to check to see if it's allowed to run? can we say, nightmare? internet bandwidth issues, connectivity, and your reliable problems with the proxy server or the firewall or some schlob stepping on the pipe into the router will not only effect normal levels of productivity--in/outbound email, refreshing slashdot, reading the Onion, etc., it will also kill-if this is how it works[1]-kill all productivity--no Visual C++ compiling, no word processing, no powerpoint. (hey, maybe this will be a good thing...). This won't be popular.
First, the headache for maintaining so many damned subscriptions, keeping them active, managing accounts and passwords will drive IT managers nuts
Second, it's the DivX dilemma--see how useful all those DivX pay-per-use DVDs are now? Great coasters. If MS ever stops supporting this model, everyone will be up a creek without a license key. Admittedly, probably not a terrible concern with MS, but it will limit the ASP model.
More importantly, this will last in each company until the exact time that some Exec is travelling and his license expires over the atlantic on the flight out while he's drafting the next business plan or whatnot. After some serious shouting and lawsuit-threatening, each company will give the subscription model a one-fingered salute.
Does the
This also brings up an interesting idea--I type up a work in Word 10/subscription, then my subscription runs out. Can I still even read my work? Will WordPad handle it, or has MS rescinded my access to my own work??
[1] and I can't think of another reliable way. I imagine a digital-sig based handshake that avoids the problem with local settings controlling access (easily crackable/patchable), and if it defaults to allow, well, duh.
Of course, if you want spiders to generally index your site, but absolutely not the Secret Link, you're screwed... A robots.txt file that does this will naturally be a big sign "THIS PAGE IS OUR SECRET LINK. DON'T LOOK BEHIND THE CURTAIN"
*shrug* better to just not link it.
So we get an eLection. OpenBSD with TrustedBSD patches installed, audited, monitored with network and host-idses, realtime log watching by real humans, firewalls, virus scanners, the whole 9 yards and then some. All the t's are crossed, all the i's dotted. All goes well.
. html) to see more about local-level fraud.
Joe Cracker, in an act of political martyrdom, says, "I hacked the vote"
The folks running the vote say "No, all is well"
Joe responds, "yeah? prove it."
(this example stolen graciously from Bruce Schneier--he'll prolly talk about this in the next Crypto-gram).
The advantage of the current system is that fraud is limited strongly to the local level, and therefore to numbers which are statistically insignificant to national--and even statewide--elections (including this one. we're so below statistical significance in florida it's not funny). Do a google search on "Landslide Lyndon" and "Box 13" (or read http://www.texasmonthly.com/mag/1999/dec/politics
As soon as freenet gets a good UI, it can be a successor to Napster--better than gnutella, as it has a badass way to cache popular files close to where they're popular.
And, as an added bonus, it's all encrypted, anonymous, decentralized, and has the ability to offer freedom of speech for files other than just pr0n and mp3s.
gov't raids have a history of taking coffee pots. (http://www.sjgames.com/SS/) I think it's a conspiracy. Anyone remember the Steve Jackson Games raid back in 1990? (US Secret Service--not FBI http://www.sjgames.com/SS/topten.html )
I think SJG finally got their coffee make back, but it was after this caused the formation of the EFF and the lawsuit against the govt was settled.
(eyes roll)
This cannot be stressed enough.
If reliability is your #1, set up redundant email. Get a few procmail recipes going on a highly reliable server that forward to a few accounts, use PGP for security. It's a single point of failure, but it can drastically reduce other points of failure (dead ISP pop server, etc.).
hotmail is slow, insecure, but high on the reliability (until their domain name expires...again), as are yahoo and angelfire (lycos).
Aim for multiple points of access (web, telnet, POP/IMAP...) to reduce the common problem of the mailserver at wherever croaking, and multiple points of presence (net-geographically diverse locations) to get around other problems (travelling, ISP dies, etc.)
Personal firewalls are the way to go, but the education is humbling for many home users nowadays. What RR does is portscan on the more popular ports (For fun, read
http://security.rr.com/, formerly bofh.rr.com). Partially they're hunting down rogue servers. They're ORBSed, and are mainly trying to find the insecure SMTP servers. They also have some security guidelines on their webpage.
It's not great, but it's something.
Only on /. This is wonderful! Great clarifications, translators.
E-Signatures are NOT cryptographically verified, and the law does not require them to be so. Digital Signatures are crypto, eSignatures include [X] and /S/Your Name and faxes and scans of your written signature (read the CNN article for a longer list).
I agree, however, that authentication is going to be the real problem with eSigs. After a few forehead slaps, everyone will require cryptographically-verified sigs.
A point to remember is that the law enables eSigs--which is just about anything (X) or /S/GriffJon or whatever else. It's instructive to realize that physical signatures work the same way--a physical mark is a legally binding signature if it was made with 'the intent to sign'
.
Will there be fraud in eSigs? yes. There will be an immediate move towards digital (cryptographic) signatures, and higher security. This might even get more intelligent password use, or hell, even hardware solutions (smartcards, dongles, etc)
The law is well-written, and in 5 years people will wonder how things got done before the ESIGN law.
Naturally, a lot will happen in those five years, and people dealing with eSigs and certificates will have to deal with identity, accountability and such so as to get trusted eSigs.
BFD. woohoo. so it's cheaper than going to the copy-shop and making 100 one-side copies of the underground paper. it's not particularly revolutionary as a concept.
one idea, tho--use the cuecat to provide links from the newspaper to the website! hide them in images and whatnot. it'll be cool.
(side-note: you can daisy chain cuecats for the ultimate rave experience (...within 3' of your keyboard port, at least!)
Jupiter buys Potassium, and Venus is investigating a Sillicon purchase...
The continuing irony as high-tech companies like Sony develop tech (mp3 players anyone?) to fill market demand while the RIAA and MPAA go nutty trying to litigate less damaging technologies developed by open/free folks.
.mp4 report at Tom's detailing how a DVD will fit with little visible loss on a CD using mp4 compression. ooops.
Not unlike the
A stronger force than the inevitability of technology developments, is the consumer demand driving hardware manufacturers.
Now /there's/ an idea. A secure, online b2b exchange for buying and selling judges and other court influencers.
www.BuyAJudge.com -- it's up for grabs!
So, when did the FCC decide to smoke Satan's Own Crackpipe? Did they get totally bought?
Should-Happen-Irony: the DRM installed on HDTVs creates interference.
So yeah. Car manufacturers don't make cars that can't go over 75mph, even though it's widely illegal for cars to go over that speed limit. Can you imagine having to call in to the DPS/DOT office and get centralized permission before speeding to the emergency room? NO, of course not, that would be STUPID.
The reality will be that these techniques will be circumventable, the hackers (JArgon-file definition) will be sued under the DMCA, the documentation for the hack will be widely available, and nothing will actually change.
What happened to the Betamax time-shifting ruling??? Will the TV have IR sensors to make sure fewer than 15 people are watching, etc.??
Is this the end of superbowl parties?
If you remember, the general attidute of Johansen and the team that cracked CSS was a huge slap to the forehead of "if we'd known they were using such a weak keylength, we would've just brute forced it" or words to that effect. The actual CSS key is very teensy, and the time they put into reverse-engineering at it would've cracked it.
As to the second point, there's a fundamental problem with copy protection--if someone can see something, it can be recorded--probably losslessly. It might be hard, rquire hardware or special video drivers hand-coded, but it will be fully possible. If you make it truly unrecordable, you've made it unviewable.
It is illegal to drive above 75mph--but my can can go faster. Think about it.