With the major certificate authorities (like, say, Verisign) no longer issuing people anything but level 1 certificates, and the myriad difficulties in sending important/confidential/contractual data through PGP to stand up in court (who can prove that someone didn't change the computer's time/date, or even if the intended computer actually downloaded the files?), what's a guy to do?
PKI can provide security, but without some third-party post-office/FedEx like entity which can track documents, this is not an alternative for many professionals who require receipt-like assuredness.
My question is, how do you combine security and provability?
There have been some incredible displays of evolutionary programming this decade--programs that start very simply with simple rules that set them up to compete for memory allocation. Given time (...overnight...) some programs had evolved pretty elaborate mechanisms, and the top dogs had even developed some standard program-optimization proceedures (unrolling the loop (?)) that humans use all the time, but of course were not a: known to the researcher or b: designed into the programs at all.
AI will compete for diskspace, memory, hardware... maybe even some bizarre form of AI sex [genetic/code mixing] for variety.
Competition's the way of the world. The AI world may be very, very different, but I'll predict it'll still be competitive in the extreme. Can you imagine what'll happen when you combine natural selection with the ability of an intelligent entity to, in real-time, re-make itself to be more adaptable? Evolution won't take 10E6 years, it'll take 10E-6 years (if that!).
This continually bugs me--the support issue. When I was installing Linux for the first time, I had problems; I was unfamiliar with some of the terms and proceedures. I was hesitant to disk-druid my disk. Normal things. I used another system, got on-line, and found not only detailed how-to's (which MS has similar versions of for NT/9x issues), but also many, many, many people from local LUGs and IRC nets who were realtime and willing to help. Free. Instantaneous. Knowledgable. Able to help my specific situation, and answer my specific questions.
Do you know what this level of support costs normally?
Seriously, though. The phone system is and will (IMHO) always have to be forced away from monopolism--it's so easy and obvious from the business perspective--don't worry about all the complications of bandwidth when you own and operate all the connections!
We know what's down that path, tho. Ma Bell and Bill Gates in a marriage of convenience. (Baby Bills?)
IIRC, she abused the press pass (read: didn't get a valid one yet attended press meetings and such at DC7), was warned twice and bodily removed on the third. There are many pictures linked from Defcon.org.
Anonymous Coward Writes:The philosopher Austin wrote a very nice book ( How to do things with words) about precisely these sorts of "powerful" words, which he calls "speech acts" though in practice they may be written or spoken. It is certainly interesting to consider when and how digital communication may constitute new forms of speech act. Has anyone seen anything written on this?
Insightful and well-read for an AC! Yes, in fact, I was referring to Austin and Searle and a few others in my treatment of the post on Word Power. And I've written a small paper on how action words work on-line, and my thesis has a chapter or two on it.
Nope, sorry, that doesn't hold true necesarily. It is not clear yet whether private keys fall under 5th amendment (to politicians at least, it seems crystal clear to me).
This reminds me of a/. post from earlier this year about the problems with distributing some highly revered religious texts (The Torah, IIRC) over the Net, in that copies cannot be destroyed without the appropriate ceremoney, etc.
The power of words and information is becoming increasingly tangible--here with this letter to Mr. Straw, with the Torah, and in similar things, like signs that say "Warning: Narrow Bridge" which perform actions of warning by sitting there looking yellow.
Expect some changes in general thought about words being 'just words' in everyday parlance. It's already in philosophy and has been most of the century.
Actually, it seems closer to Babble (markov-chain based learning algorithm; really fun. There's a web port somewhere at CMU, and I have the DOS executable if you want it--contact me via e-mail).
Also, people should read "The PAckerhaus Method" by Gene Wolfe (in _Storeys from the old Hotel_, IIRC), which trapses over similar ground.
Hell, for that matter, I wrote a hyperfiction with this as its central theme, it's The OmegaWare Project.
Hotmail is an ideal service! It allows me to send guaranteed spam (you must enter your e-mail to use our service, and we promise to sell it to other people!) So, I enter my hotmail account in the rare case that I have to click on some URL to get into said service from the mail, etc.
Also, it keeps other people from grabbing my nickname and masquerading as me from a hotmail account...
This whole shebang is likely the deal MS worked out (like key escrow) to export CAPI (Crypto API). In normal crypto, if you want to export better than 40/56 bit (56 if you're financial), you have to give in to key escrow (what ZixMail does, what Hushmail moved to the British West Indies to avoid). So for software, what better method of key escrow than to give the NSA a backdoor into the API?
Still, a good reason to move to open OS'es, for the simple reason that it took until now, through reverse engineering and an oops in the SP5, to find this out.
Oh, come on. Doesn't anyone remember this plague from about 5 years back, when everyone and their dog created integrated sound systems? IBM did it, packard bell had that wierd-ass keyboard with integrated speakers and volume...
Apple can pull this stuff off because that's part of the design. PCs can't pull this off because such levels of integration are what people look for when they buy an apple. If you are in the PC market one of the reasons is so you can swap up sound and video cards, have all this weird machinery and software to control each individual feature, etc.
As for Windows/MS pulling a similar stint, um, guys? Read back about a month for win2k stuff; it's designed with hardware integration in mind. MS2k copiers, toasters, etc. I'm sure OS-on-a-chip for MSWin2K won't be far behind.
Well, I spend most of my work-time on the web, so that's like 6-7 hours a day...
But I'm not addicted to surfing, I'm addicted to easy-access information. I live in Austin, see? #3 in the most wired American cities--if your business doesn't have a web presence here, it practically doesn't exist. Hell, there are even stores that are shut down that maintain a web presence! When I leave Austin, I'm going to really, really miss knowing what's happening around town all the time, any time. Is it addiction? Maybe. Do I think it's bad? Hell no-- every city should support this addiction!
CDex is my ripper of choice for windows. IT rips and encodes, and tells you when it had skip problems. It reads from CDDB and gives you an effective batch-naming systems with lots of nice variables preset.
(Coming from the atheist camp here, so expect bias of that angle)
I'd posit that most geeks, being in the more intelligent section of society, as well as the more logic/rational thinking section have a tendency to poke holes in most religious beliefs as being somewhat contradictory.
This, of course, makes those who have found or constructed a (theistic) system of belief will usually have very powerful beliefs and arguments, and will (I'd bet) be good Bible apologists (See the document as a slanted historical one, as a set of moral-giving stories, etc., rather than as a Literal Truth).
The base-level type of atheism (the negative belief of "there is no god", as opposed to a positive belief in some other stucture of the universe) is a good fallback position for someone who thinks logically.
And in the South, atheism means you can dance without sinning. Unless you salsa, when sinning is practically part of the dance. Good thing I don't believe in sin;)
While crack is still running on a quaint Power Mac 604, 132mhz, 160M mem and is approaching 6 days continuous uptime, the W2k test box has been recently upgraded to a 500mhz monster after almost a full day of downtime. To record the status before it goes down again (like it's been AFAIK since early yesterday) --
8/7/99 Events
7:30pm - Last evening we diagnosed the problem of TCP state transition errors on connections in CLOSE_WAIT state. The backlog of connections caused the system to run out of non-paged pool. This bug was recently found during development testing and fixed in a newer build. Time to upgrade to a new build! (In dogfood testing we update our servers to more recent builds to get better test coverage.)
The Windows 2000 Internet Test Site is so popular we also to got a new machine to add more capacity! We're now running on a 500Mhz PIII with 256Mb of RAM. Today we installed a recent build that has lots of updates since the RC1 build.
We're back up and running. The kind of network data we've received is great network testing. Without a firewall, our server gets to handle everything that comes down the pipe. We'd like to move on to other things soon. Oh, by the way, the password for the Administrator account is "Windows2000Test".
Configuration
500 Mhz Pentium III with 256mb of RAM.
On the light side, they claim to be actually fixing these problems as they turn up-- what a concept!!!
The game, almost exactly as you stated it, takes place at DEFcon--it's called Capture the Flag--to win, you have to root, and to keep, more systems than the other folks.
The security flaws BO2k exposes are not hacking-in flaws, though these abound, but basic flaws in the lack of security in the OS. The thing with BO2k is that it isn't hacking programs or fragging with the system to do its deeds, it's using MS-created and supported programming calls that any legit or non-legit program could use with no problem. Stealthmode? supported. IBM's NEtfinity does it, too. Folders that are remotely accessible w/o telling the user? That's supported in MS code as well.
Sure, you can hack into any computer, but most systems don't serve you drinks and snacks once you get inside...
Is there *any* case law on encryption exportation? Has the ACLU ever found someone willing to be a guinea pig for the current law? It seems like something that would fall to pieces in front of a judge, no matter how wacky the congress made it.
Interesting factoid. Look up the candidates for the gov't AES (Advanced Encryption Standard, replacing the DES standard encryption algo from 75 for non-classified documents, also available license-free to everybody). Check to see how many of the websites are from foreign countries (S. Korea included!) It's about 50% if I remember correctly, or 8/16 applicants.
Slashdot Mirror
With the major certificate authorities (like, say, Verisign) no longer issuing people anything but level 1 certificates, and the myriad difficulties in sending important/confidential/contractual data through PGP to stand up in court (who can prove that someone didn't change the computer's time/date, or even if the intended computer actually downloaded the files?), what's a guy to do?
PKI can provide security, but without some third-party post-office/FedEx like entity which can track documents, this is not an alternative for many professionals who require receipt-like assuredness.
My question is, how do you combine security and provability?
Funny how that works, huh?
There have been some incredible displays of evolutionary programming this decade--programs that start very simply with simple rules that set them up to compete for memory allocation. Given time (...overnight...) some programs had evolved pretty elaborate mechanisms, and the top dogs had even developed some standard program-optimization proceedures (unrolling the loop (?)) that humans use all the time, but of course were not a: known to the researcher or b: designed into the programs at all.
AI will compete for diskspace, memory, hardware... maybe even some bizarre form of AI sex [genetic/code mixing] for variety.
Competition's the way of the world. The AI world may be very, very different, but I'll predict it'll still be competitive in the extreme. Can you imagine what'll happen when you combine natural selection with the ability of an intelligent entity to, in real-time, re-make itself to be more adaptable? Evolution won't take 10E6 years, it'll take 10E-6 years (if that!).
2015: Minutes after the Hilton Orbital opens its doors, realtime broadcasts of the first zero-G pr0n will take place.
"Co-eds in Space"
"The Moonshot"
"Riding the Rocket"
"In Orbit, you're always going down"
and...
"In space, no one can hear you moan"
This continually bugs me--the support issue. When I was installing Linux for the first time, I had problems; I was unfamiliar with some of the terms and proceedures. I was hesitant to disk-druid my disk. Normal things. I used another system, got on-line, and found not only detailed how-to's (which MS has similar versions of for NT/9x issues), but also many, many, many people from local LUGs and IRC nets who were realtime and willing to help. Free. Instantaneous. Knowledgable. Able to help my specific situation, and answer my specific questions.
Do you know what this level of support costs normally?
Or is it "Trust No Company whose CEO is over 30?"
Heh.
Seriously, though. The phone system is and will (IMHO) always have to be forced away from monopolism--it's so easy and obvious from the business perspective--don't worry about all the complications of bandwidth when you own and operate all the connections!
We know what's down that path, tho. Ma Bell and Bill Gates in a marriage of convenience. (Baby Bills?)
IIRC, she abused the press pass (read: didn't get a valid one yet attended press meetings and such at DC7), was warned twice and bodily removed on the third. There are many pictures linked from Defcon.org.
Insightful and well-read for an AC! Yes, in fact, I was referring to Austin and Searle and a few others in my treatment of the post on Word Power. And I've written a small paper on how action words work on-line, and my thesis has a chapter or two on it.
Nope, sorry, that doesn't hold true necesarily. It is not clear yet whether private keys fall under 5th amendment (to politicians at least, it seems crystal clear to me).
This reminds me of a /. post from earlier this year about the problems with distributing some highly revered religious texts (The Torah, IIRC) over the Net, in that copies cannot be destroyed without the appropriate ceremoney, etc.
The power of words and information is becoming increasingly tangible--here with this letter to Mr. Straw, with the Torah, and in similar things, like signs that say "Warning: Narrow Bridge" which perform actions of warning by sitting there looking yellow.
Expect some changes in general thought about words being 'just words' in everyday parlance. It's already in philosophy and has been most of the century.
There are products available (and more in the works, I might add) that will help make encrypted e-mail easier to use and more ubiquitous.
Actually, it seems closer to Babble (markov-chain based learning algorithm; really fun. There's a web port somewhere at CMU, and I have the DOS executable if you want it--contact me via e-mail).
Also, people should read "The PAckerhaus Method" by Gene Wolfe (in _Storeys from the old Hotel_, IIRC), which trapses over similar ground.
Hell, for that matter, I wrote a hyperfiction with this as its central theme, it's The OmegaWare Project.
Hotmail is an ideal service! It allows me to send guaranteed spam (you must enter your e-mail to use our service, and we promise to sell it to other people!) So, I enter my hotmail account in the rare case that I have to click on some URL to get into said service from the mail, etc.
Also, it keeps other people from grabbing my nickname and masquerading as me from a hotmail account...
A bug is an undocumented feature.
Similarly,
A feature is an undocumented bug.
This whole shebang is likely the deal MS worked out (like key escrow) to export CAPI (Crypto API). In normal crypto, if you want to export better than 40/56 bit (56 if you're financial), you have to give in to key escrow (what ZixMail does, what Hushmail moved to the British West Indies to avoid).
So for software, what better method of key escrow than to give the NSA a backdoor into the API?
Still, a good reason to move to open OS'es, for the simple reason that it took until now, through reverse engineering and an oops in the SP5, to find this out.
Oh, come on. Doesn't anyone remember this plague from about 5 years back, when everyone and their dog created integrated sound systems? IBM did it, packard bell had that wierd-ass keyboard with integrated speakers and volume...
Apple can pull this stuff off because that's part of the design. PCs can't pull this off because such levels of integration are what people look for when they buy an apple. If you are in the PC market one of the reasons is so you can swap up sound and video cards, have all this weird machinery and software to control each individual feature, etc.
As for Windows/MS pulling a similar stint, um, guys? Read back about a month for win2k stuff; it's designed with hardware integration in mind. MS2k copiers, toasters, etc. I'm sure OS-on-a-chip for MSWin2K won't be far behind.
MSNBC has a good reply to the whole Kansas debacle:
Robert Pennock on Kansas
(http://www.msnbc.com/news/302429.asp).
Also, his book's a good read--good comparisons and use of evolutionary programming & design.
Well, I spend most of my work-time on the web, so that's like 6-7 hours a day...
But I'm not addicted to surfing, I'm addicted to easy-access information. I live in Austin, see? #3 in the most wired American cities--if your business doesn't have a web presence here, it practically doesn't exist. Hell, there are even stores that are shut down that maintain a web presence! When I leave Austin, I'm going to really, really miss knowing what's happening around town all the time, any time. Is it addiction? Maybe. Do I think it's bad? Hell no-- every city should support this addiction!
CDex is my ripper of choice for windows. IT rips and encodes, and tells you when it had skip problems. It reads from CDDB and gives you an effective batch-naming systems with lots of nice variables preset.
(Coming from the atheist camp here, so expect bias of that angle)
;)
I'd posit that most geeks, being in the more intelligent section of society, as well as the more logic/rational thinking section have a tendency to poke holes in most religious beliefs as being somewhat contradictory.
This, of course, makes those who have found or constructed a (theistic) system of belief will usually have very powerful beliefs and arguments, and will (I'd bet) be good Bible apologists (See the document as a slanted historical one, as a set of moral-giving stories, etc., rather than as a Literal Truth).
The base-level type of atheism (the negative belief of "there is no god", as opposed to a positive belief in some other stucture of the universe) is a good fallback position for someone who thinks logically.
And in the South, atheism means you can dance without sinning. Unless you salsa, when sinning is practically part of the dance. Good thing I don't believe in sin
On the light side, they claim to be actually fixing these problems as they turn up-- what a concept!!!
For the record: Release Candidate 1 for Win2k is out, it seems to be equivalent to or a patch from Beta 3.
No, I don't work for the Enemy, but we have the beta ware at the office, and will be putting it through the wringer in the next few weeks...
The game, almost exactly as you stated it, takes place at DEFcon--it's called Capture the Flag--to win, you have to root, and to keep, more systems than the other folks.
The security flaws BO2k exposes are not hacking-in flaws, though these abound, but basic flaws in the lack of security in the OS. The thing with BO2k is that it isn't hacking programs or fragging with the system to do its deeds, it's using MS-created and supported programming calls that any legit or non-legit program could use with no problem. Stealthmode? supported. IBM's NEtfinity does it, too. Folders that are remotely accessible w/o telling the user? That's supported in MS code as well.
Sure, you can hack into any computer, but most systems don't serve you drinks and snacks once you get inside...
Is there *any* case law on encryption exportation? Has the ACLU ever found someone willing to be a guinea pig for the current law? It seems like something that would fall to pieces in front of a judge, no matter how wacky the congress made it.
Interesting factoid. Look up the candidates for the gov't AES (Advanced Encryption Standard, replacing the DES standard encryption algo from 75 for non-classified documents, also available license-free to everybody). Check to see how many of the websites are from foreign countries (S. Korea included!) It's about 50% if I remember correctly, or 8/16 applicants.
Funny NT sidenote-- a user can hack the registry, but can't install programs.
Which is more dangerous...?