What cave have you been living in? The organization, its process, and the guy have been investigated, probed, and pilloried by governments, media, freelance journalists, and J Random Blogger.
I dont see much discussion of the consequences to the behavior of Government in future
Have you not noticed the backlash against America's use of diplomatic pressure to strong-arm European governments on copyright policy? Did you sleep through the Arab Spring?
We wouldn't be too happy as individuals
These are not individuals and they are not random. They are organizations that are violating their charters. Governments acting against the interests of their citizens. Corporations harming the free market. Just like when a criminal gets caught and the sordid details of his life get published at trial, or like when an innocent person gets accused and the sordid details of his life become the subject of the police blotter.
why is Wikileaks so immune from criticism?
It, and its leadership, have been subject to enormous criticism, and even threats of assassination. Criticism of Wikileaks is the subject of this very article. How did you get here without noticing that?
while its supporters are expected to follow, unquestioningly, in blinkered, cultish devotion.
Expected by whom? Who cares what you claim someone expects? I support Wikileaks, and I think Assange is megalomaniacal, and I think they should be more forthcoming with their material and process. An unsubstantiated claim that someone expects something does not imply that supporters of Wikileaks are blinkered, cultish, devotees. This is a shallow and transparent attempt to manipulate people's perception and make them question their support of Wikileaks.
the seemingly paradoxical nature of WikiLeaks'... mission... to hold governments and corporations to account... On the other hand, WikiLeaks itself was 'guilty of the same obfuscation and misinformation
The tactics of the two sides are similar, but Wikileaks is trying to help society. The bad guys instigated the use of these tactics, and are harming society. Supporting the former over the latter is only paradoxical to the willfully blind.
Since Newzbin2 profited from making it easier for users to find pirated movies online, the MPAA contends they can sue to take those profits on behalf of members who produced that content in the first place.
This is a bit like saying that asphalt manufacturers profit from making it easier for getaway drivers to whisk bank robbers away from the scene of the crime.
I've been working on a SIP router and using Linphone and Jitsi for testing. I've been working on getting ZRTP (key exchange/validation method for end-to-end encryption using SRTP) working through FreeSWITCH. I haven't gotten the config incantation right yet, but I think I'm close. Seeing this article led me to poke around in WebRTC a bit to see if I should be testing it as well.
I found some info about WebRTC using SDES-SRTP, and maybe that DTLS-SRTP is the new direction, but I haven't figured out how they handle key exchange, or even if they are intended for end-to-end without a trusted MiTM. Does anyone know offhand if WebRTC supports end-to-end? How is key exchange/verification handled with new peers?
Why in hell did the world give Microsoft control over computer bootup hardware?
Because our government leaders voted that the risk of allowing corporations to inhibit competition was less threatening than the risk of allowing the government to regulate such behavior. It reflects the laissez-faire notion that corrupt elected officials are more dangerous than corrupt corporate executives. Though, in practice, our lax policy regarding such anti-free-market behavior is the result of corrupt corporate executives financing corrupt elected officials.
'No artist will be able to survive to be professionals except those who have a significant live business, and thatâ(TM)s very few,'
I'm sure it is very few relative to a much larger number. It is probably also quite a few relative to a smaller number. Merely chanting this refrain does not make it a meaningful measure.
Copyright is not a free market system. It is a regulatory monopoly. That is a good thing, because zero cost reproduction means that artists would be under-paid if we did not have copyright. At the same time, however, the market does not naturally self-regulate. If we do not carefully monitor and adjust the strength of the regulation, the market can show shortages or surpluses.
Do we currently have a shortage of people entering the music field, or a surplus? Are we having a hard time finding people who want to get into music, or are there more people who want to be musicians than jobs? Is the music industry taking anyone it can find, even if they're a little raw, or is it cherry-picking the pretty people because it has a line of talented musicians around the corner to choose from? If the latter, then it suggests a surplus. It implies that our regulations are currently too strict, that we are paying too much. If we have a surplus in a regulated market, we should be happy that the price is decreasing, and we should be decreasing the strength and duration of the regulations.
This is what healthy competition is supposed to do to the market.
Indeed it is. And this isn't even healthy competition -- this is just a small-n n-opoly in which one party has a personal interest in disproving the bandwidth whining and excuses by the others. If most places had a major ISP that didn't voluntarily participate in Six Strikes -- which would get them a massive share of the business in that region -- then I'd believe we had healthy competition.
Patent trolls often wield bad patents. There are also companies that make things that wield bad patents. Beware of associating the bad of our patent system only with trolls -- the problem runs deeper. If all trolls disappeared tomorrow, we would still have vast minefields of bad patents and enormous, destructive patent battles.
We have just invented the greatest tool since Gutenberg for the dissemination of information. An almost incomprehensibly powerful tool for decentralizing problem solving. At the same time, we have been radically increasing the breadth and power of patents, which inhibit the decentralization of problem solving. Patents have a good mission, but their method is a hinderance to the information revolution. That conflict is inherent in patents; it does not require a troll to cause harm.
The problems with federal prosecutor over reach has been a problem for decades,
So can you think of a better time than now to start fixing it? If you really believe this is a problem, don't attack your allies. Be thankful for their support, even though you saw the problem before they did.
Otherwise, how is the blackmail strategy of Anonymous different from that of our governments.
Do you know why our government uses threats, horsetrading, grandstanding, and blackmail? Because they work.
Personally, I use different tools to work for what I believe in. But if I see a guy using tools I don't like to achieve good, and he's competing with a guy who is using those same tools to achieve evil, I cheer for the guy who is working to achieve good. If the only difference between Anonymous and our government is their objective, what else should I judge them on?
As long as we continue to use our justice system in this abusive way, more and more people are going to resort to the same dirty tools and tactics that we use. The way to stop the spiral is not to chide them for sinking to our level, it is to stop abusing our justice system.
But whatever hope anyone had about restoring [the term "Hacker"] to what it was just went up in a flame of digital smoke.
The White House, among others, seems to already be aware that "Hacker" has more than one definition. The fight to protect the TMRC sense of "hacker" is over. We won.
So what you're saying is you never need to talk to someone who uses Skype?
What is more reasonable; for me to ask them to install a second VoIP client that does not spy on them, or for them to ask me to install a second VoIP client that does spy on me?
Seems like they fell bass-ackwards into it, blind squirrel finding a nut with the wrong motive, but the answer itself is close to the theoretical ideal. Centralized silos of personal information are profitable and have a negative externality(*). Economic theory has an answer for that; taxation. You internalize the externality, the transactions become more efficient, and the system becomes more productive. I'm not saying they know what they're doing, but it is the textbook answer to maximizing the productivity of a system that includes externalities.
* There are others, but here is one quick example of the external cost: The network effect causes the value of social internet services (including social data mining) to increase faster than linear WRT quantity, making such services naturally anti-competitive.
Chunks might be identified by checksums, so if you have two users with a very similar file, or a very similar 1K, 2K, 4K, or 8K block. The different users' files will share the exact same "chunks".
Instead of having to store the same exact chunk multiple times.... then you increase an "in use" counter on the chunk, and have records from both separate user accounts pointing to the same "chunk"
That is a good description of data compression - see LZW, for example. Unfortunately, encrypted data can't be compressed. Any sufficiently strong encryption algorithm produces a bitstream which is virtually indistinguishable from random. For any given size dataset, random data does not repeat in sufficiently long sequences to achieve useful compression relative to the dataset size.
AIUI while the browser plugin is by far the most common use of the sandboxing and hence the most common way to exploit flaws in the sandboxing the sandboxing itself is a core feature of the java platform.
You are calling this a core feature because it was part of the central design more than a decade ago when Java was intended to be used in the browser. The overwhelming majority of Java that is live today does not use the sandbox. The sandbox is no more a core feature of Java than your appendix is a core feature of your digestive system.
I still find it odd how Java suddenly caught all the attention regarding security.
I think this is largely due to the bad reporting. Ignorant reporters keep referring to this as a Java exploit. It is not. It is a Java sandbox exploit. A Java exploit of this nature would be catastrophic, since there are millions of servers out there running Java. A Java sandbox exploit, on the other hand, is little more than a reminder: Hey, everybody: Disable the Java plugin in your browser, like everyone else did ten years ago.
If Java's reflection features violate Java platform's security, it's an API design flaw, not necessarily a problem with reflection as such.
Java is a progamming language, like C. It has access to the filesystem and can fork processes. Security is handled by the operating system, just like C. Any permission that the executing user has, the language has. That is as designed.
The Java browser plugin, on the other hand, has a sandbox which is supposed to make it safe to run untrusted code. Turns out that trying to make it safe to run untrusted Java code is just as difficult as trying to make it safe to run untrusted C code. The security hole is in the Java sandbox, and in the notion of executing untrusted code in a language that has system access, not in the Java language.
This is not a bug in Java. It is a bug in the Java browser plugin, called a sandbox exploit.
The Java Virtual Machine (JVM) has access to the filesystem and can fork processes. In an attempt to make this safe to use in a browser, Sun wrote a sandbox, that is supposed to block access to the filesystem and to process execution. The sandbox doesn't work, and may never work. Disabling the Java plugin in your browser is a good thing. It might have been nice if the sandbox worked, but it doesn't. Don't run untrusted code in the JVM, whether in a browser or otherwise -- just like not running untrusted C code.
You can Java on a server, open a port, expose that port to the Internet, and as long as you haven't written a hole, nothing bad will happen. That is because this is not a Java exploit. It is a Java sandbox exploit.
I finally had to forward my calls to a non-working number for a week. The "doo-doo-DOO you have reached a number that is not in service" message they got when they called convinced them I had changed my phone number and they couldn't call me anymore....
Nice! I am totally stealing that solution. Thanks!
Well said. Clear, rational, not rant-y. I don't agree 100%, but I think you did an excellent job of presenting your perspective, and we are all better for it. Thanks!
Sometimes you can't resist banging the drum. I could drag out some misleading numbers to support my arguments too but I don't. Studies show the authors of studies have very little honesty.
In this case, my numbers were actually wrong. Be sure to check the other replies to my post. The corrected figures are (IMO) much less clearly in support of my position.
As for misleading -- well, I (incorrectly, but then corrected) calculated the delta life expectancy caused by guns using the data from people who used life expectancy as an argument against guns. I'm not sure it is possible to be misleading by measuring the exact thing under scrutiny. Quite the contrary -- I think it is the exact definition of empiricism.
Agreed. Check the replies - I (the OP) was the first person to post the same correction, and I am sorry for the error. I wish I could edit my original post. 0.312 is the maximum possible corrected figure that I came up with, doing the calculation slightly differently (0.0039 per year * 80 years average lifespan).
Unfortunately, 0.312 gets it into "arguable" territory. I was rather hoping the data would give a good solid answer one way or the other. Is 4 months worth the right to keep and bear arms? I think so, but can see how others would disagree. 0.0039 years or 24 years (another factor of 80) would make it easier to pick a side. Alas.
Correction -- they are saying 6 per 100,000 per year -- in which case you have to multiply the 0.0039 by 80 years life expectancy, for 0.312 years, which is more significant.
Slashdot Mirror
without much critical analysis going on
What cave have you been living in? The organization, its process, and the guy have been investigated, probed, and pilloried by governments, media, freelance journalists, and J Random Blogger.
I dont see much discussion of the consequences to the behavior of Government in future
Have you not noticed the backlash against America's use of diplomatic pressure to strong-arm European governments on copyright policy? Did you sleep through the Arab Spring?
We wouldn't be too happy as individuals
These are not individuals and they are not random. They are organizations that are violating their charters. Governments acting against the interests of their citizens. Corporations harming the free market. Just like when a criminal gets caught and the sordid details of his life get published at trial, or like when an innocent person gets accused and the sordid details of his life become the subject of the police blotter.
why is Wikileaks so immune from criticism?
It, and its leadership, have been subject to enormous criticism, and even threats of assassination. Criticism of Wikileaks is the subject of this very article. How did you get here without noticing that?
while its supporters are expected to follow, unquestioningly, in blinkered, cultish devotion.
Expected by whom? Who cares what you claim someone expects? I support Wikileaks, and I think Assange is megalomaniacal, and I think they should be more forthcoming with their material and process. An unsubstantiated claim that someone expects something does not imply that supporters of Wikileaks are blinkered, cultish, devotees. This is a shallow and transparent attempt to manipulate people's perception and make them question their support of Wikileaks.
the seemingly paradoxical nature of WikiLeaks' ... mission ... to hold governments and corporations to account ... On the other hand, WikiLeaks itself was 'guilty of the same obfuscation and misinformation
The tactics of the two sides are similar, but Wikileaks is trying to help society. The bad guys instigated the use of these tactics, and are harming society. Supporting the former over the latter is only paradoxical to the willfully blind.
Since Newzbin2 profited from making it easier for users to find pirated movies online, the MPAA contends they can sue to take those profits on behalf of members who produced that content in the first place.
This is a bit like saying that asphalt manufacturers profit from making it easier for getaway drivers to whisk bank robbers away from the scene of the crime.
I've been working on a SIP router and using Linphone and Jitsi for testing. I've been working on getting ZRTP (key exchange/validation method for end-to-end encryption using SRTP) working through FreeSWITCH. I haven't gotten the config incantation right yet, but I think I'm close. Seeing this article led me to poke around in WebRTC a bit to see if I should be testing it as well.
I found some info about WebRTC using SDES-SRTP, and maybe that DTLS-SRTP is the new direction, but I haven't figured out how they handle key exchange, or even if they are intended for end-to-end without a trusted MiTM. Does anyone know offhand if WebRTC supports end-to-end? How is key exchange/verification handled with new peers?
Thanks for info or links.
Why in hell did the world give Microsoft control over computer bootup hardware?
Because our government leaders voted that the risk of allowing corporations to inhibit competition was less threatening than the risk of allowing the government to regulate such behavior. It reflects the laissez-faire notion that corrupt elected officials are more dangerous than corrupt corporate executives. Though, in practice, our lax policy regarding such anti-free-market behavior is the result of corrupt corporate executives financing corrupt elected officials.
'No artist will be able to survive to be professionals except those who have a significant live business, and thatâ(TM)s very few,'
I'm sure it is very few relative to a much larger number. It is probably also quite a few relative to a smaller number. Merely chanting this refrain does not make it a meaningful measure.
Copyright is not a free market system. It is a regulatory monopoly. That is a good thing, because zero cost reproduction means that artists would be under-paid if we did not have copyright. At the same time, however, the market does not naturally self-regulate. If we do not carefully monitor and adjust the strength of the regulation, the market can show shortages or surpluses.
Do we currently have a shortage of people entering the music field, or a surplus? Are we having a hard time finding people who want to get into music, or are there more people who want to be musicians than jobs? Is the music industry taking anyone it can find, even if they're a little raw, or is it cherry-picking the pretty people because it has a line of talented musicians around the corner to choose from? If the latter, then it suggests a surplus. It implies that our regulations are currently too strict, that we are paying too much. If we have a surplus in a regulated market, we should be happy that the price is decreasing, and we should be decreasing the strength and duration of the regulations.
This is what healthy competition is supposed to do to the market.
Indeed it is. And this isn't even healthy competition -- this is just a small-n n-opoly in which one party has a personal interest in disproving the bandwidth whining and excuses by the others. If most places had a major ISP that didn't voluntarily participate in Six Strikes -- which would get them a massive share of the business in that region -- then I'd believe we had healthy competition.
150 complaints out of the millions of accounts they claim is pretty darn good.
Indeed. Here's a quick thumbnail check against YouTube:
More than 120 million videos have been claimed by Content ID
If 150 notices is getting "stung", what does 120 million count as?
Patent trolls often wield bad patents. There are also companies that make things that wield bad patents. Beware of associating the bad of our patent system only with trolls -- the problem runs deeper. If all trolls disappeared tomorrow, we would still have vast minefields of bad patents and enormous, destructive patent battles.
We have just invented the greatest tool since Gutenberg for the dissemination of information. An almost incomprehensibly powerful tool for decentralizing problem solving. At the same time, we have been radically increasing the breadth and power of patents, which inhibit the decentralization of problem solving. Patents have a good mission, but their method is a hinderance to the information revolution. That conflict is inherent in patents; it does not require a troll to cause harm.
The problems with federal prosecutor over reach has been a problem for decades,
So can you think of a better time than now to start fixing it? If you really believe this is a problem, don't attack your allies. Be thankful for their support, even though you saw the problem before they did.
Otherwise, how is the blackmail strategy of Anonymous different from that of our governments.
Do you know why our government uses threats, horsetrading, grandstanding, and blackmail? Because they work.
Personally, I use different tools to work for what I believe in. But if I see a guy using tools I don't like to achieve good, and he's competing with a guy who is using those same tools to achieve evil, I cheer for the guy who is working to achieve good. If the only difference between Anonymous and our government is their objective, what else should I judge them on?
As long as we continue to use our justice system in this abusive way, more and more people are going to resort to the same dirty tools and tactics that we use. The way to stop the spiral is not to chide them for sinking to our level, it is to stop abusing our justice system.
But whatever hope anyone had about restoring [the term "Hacker"] to what it was just went up in a flame of digital smoke.
The White House, among others, seems to already be aware that "Hacker" has more than one definition. The fight to protect the TMRC sense of "hacker" is over. We won.
So what you're saying is you never need to talk to someone who uses Skype?
What is more reasonable; for me to ask them to install a second VoIP client that does not spy on them, or for them to ask me to install a second VoIP client that does spy on me?
Seems like they fell bass-ackwards into it, blind squirrel finding a nut with the wrong motive, but the answer itself is close to the theoretical ideal. Centralized silos of personal information are profitable and have a negative externality(*). Economic theory has an answer for that; taxation. You internalize the externality, the transactions become more efficient, and the system becomes more productive. I'm not saying they know what they're doing, but it is the textbook answer to maximizing the productivity of a system that includes externalities.
* There are others, but here is one quick example of the external cost: The network effect causes the value of social internet services (including social data mining) to increase faster than linear WRT quantity, making such services naturally anti-competitive.
I think it's still happening in places.
Definitely still happening.
Some really extreme stuff shows up at Burning Man.
Chunks might be identified by checksums, so if you have two users with a very similar file, or a very similar 1K, 2K, 4K, or 8K block. The different users' files will share the exact same "chunks".
Instead of having to store the same exact chunk multiple times.... then you increase an "in use" counter on the chunk, and have records from both separate user accounts pointing to the same "chunk"
That is a good description of data compression - see LZW, for example. Unfortunately, encrypted data can't be compressed. Any sufficiently strong encryption algorithm produces a bitstream which is virtually indistinguishable from random. For any given size dataset, random data does not repeat in sufficiently long sequences to achieve useful compression relative to the dataset size.
AIUI while the browser plugin is by far the most common use of the sandboxing and hence the most common way to exploit flaws in the sandboxing the sandboxing itself is a core feature of the java platform.
You are calling this a core feature because it was part of the central design more than a decade ago when Java was intended to be used in the browser. The overwhelming majority of Java that is live today does not use the sandbox. The sandbox is no more a core feature of Java than your appendix is a core feature of your digestive system.
I still find it odd how Java suddenly caught all the attention regarding security.
I think this is largely due to the bad reporting. Ignorant reporters keep referring to this as a Java exploit. It is not. It is a Java sandbox exploit. A Java exploit of this nature would be catastrophic, since there are millions of servers out there running Java. A Java sandbox exploit, on the other hand, is little more than a reminder: Hey, everybody: Disable the Java plugin in your browser, like everyone else did ten years ago.
If Java's reflection features violate Java platform's security, it's an API design flaw, not necessarily a problem with reflection as such.
Java is a progamming language, like C. It has access to the filesystem and can fork processes. Security is handled by the operating system, just like C. Any permission that the executing user has, the language has. That is as designed.
The Java browser plugin, on the other hand, has a sandbox which is supposed to make it safe to run untrusted code. Turns out that trying to make it safe to run untrusted Java code is just as difficult as trying to make it safe to run untrusted C code. The security hole is in the Java sandbox, and in the notion of executing untrusted code in a language that has system access, not in the Java language.
This is not a bug in Java. It is a bug in the Java browser plugin, called a sandbox exploit.
The Java Virtual Machine (JVM) has access to the filesystem and can fork processes. In an attempt to make this safe to use in a browser, Sun wrote a sandbox, that is supposed to block access to the filesystem and to process execution. The sandbox doesn't work, and may never work. Disabling the Java plugin in your browser is a good thing. It might have been nice if the sandbox worked, but it doesn't. Don't run untrusted code in the JVM, whether in a browser or otherwise -- just like not running untrusted C code.
You can Java on a server, open a port, expose that port to the Internet, and as long as you haven't written a hole, nothing bad will happen. That is because this is not a Java exploit. It is a Java sandbox exploit.
I finally had to forward my calls to a non-working number for a week. The "doo-doo-DOO you have reached a number that is not in service" message they got when they called convinced them I had changed my phone number and they couldn't call me anymore....
Nice! I am totally stealing that solution. Thanks!
Well said. Clear, rational, not rant-y. I don't agree 100%, but I think you did an excellent job of presenting your perspective, and we are all better for it. Thanks!
Sometimes you can't resist banging the drum. I could drag out some misleading numbers to support my arguments too but I don't. Studies show the authors of studies have very little honesty.
In this case, my numbers were actually wrong. Be sure to check the other replies to my post. The corrected figures are (IMO) much less clearly in support of my position.
As for misleading -- well, I (incorrectly, but then corrected) calculated the delta life expectancy caused by guns using the data from people who used life expectancy as an argument against guns. I'm not sure it is possible to be misleading by measuring the exact thing under scrutiny. Quite the contrary -- I think it is the exact definition of empiricism.
Agreed. Check the replies - I (the OP) was the first person to post the same correction, and I am sorry for the error. I wish I could edit my original post. 0.312 is the maximum possible corrected figure that I came up with, doing the calculation slightly differently (0.0039 per year * 80 years average lifespan).
Unfortunately, 0.312 gets it into "arguable" territory. I was rather hoping the data would give a good solid answer one way or the other. Is 4 months worth the right to keep and bear arms? I think so, but can see how others would disagree. 0.0039 years or 24 years (another factor of 80) would make it easier to pick a side. Alas.
Correction -- they are saying 6 per 100,000 per year -- in which case you have to multiply the 0.0039 by 80 years life expectancy, for 0.312 years, which is more significant.