Somehow I think (or at least hope) if it got to the point police or military units were ordered to deploy under conditions where they knew they be required to start shooting civilians there would be some disciplinary issues
Which is what the UAVs and other robots are for.
The first time the police/National Guard meet any seriously organized armed resistance, someone in Virginia will make a choice: do we deploy troops (who may or may not follow orders depending) or do we deploy UAVs and tell the poor saps in the control room that the targets are in Pakistan not Idaho?
Your prius gets 50mpg? Well that's not bad, should I tell you that I just finished driving nearly 5000mi, in a '96 saturn and got around 49mpg on the highway. Yep, a car that's 15 years old, getting nearly the same performance.
I'm gonna go right ahead and call BS on that. It's not hard to look up EPA ratings even for old cars, and in 1996 Saturn sold nothing rated higher than 36mpg highway. EPA ratings don't always hit the mark spot on, but they aren't that bad.
Probably a significant tail wind in play. Or the driver likes to tailgate large trucks.
Ok, since you asked, here is my anecdotal evidence. I have owned my Kindle for about a year. With daily use, it was worked flawlessly for all of that year, with three exceptions. In each of these cases, the reader froze, and had to be hard-reset and recharged.
All three happened while I was on trans-Atlantic flights.
It's a bit of a coincidence. I personally would not outright dismiss the possibility that there is something going on.
Did it get really cold at some point?
My original Kindle always needed a hard reset after I walked to the subway from work in temperatures below freezing.
How hard is it to write a DNS server without any vulnerabilities? I know it's complex, but still, come on. It's only the backbone of the Internet we're talking about.
The usual suspects: enterprise and legacy. Rather than just being a passive lookup engine, BIND has all kinds of extra interfaces and message-passing schemes that keep secondaries in sync with the master and allow automated processes to update and reload zones semi-automatically. I suspect there are also a bunch of legacy record types and zone file syntaxen that need to be supported.
It's similar to (but not as bad as) the problem with mail transport agents (MTAs aka SMTP servers). To be feature-complete and reliable they have to support a bunch of ancient protocols like UUNET and understand the quirks of legacy MTAs and work with other systems that expect an MTA to behave in a particular (if inelegant) way.
Well exactly, but now it's the general public's turn to get pissed off and yell Fuck da police! and show up for rallies in support of the ousted protesters.
It's not entirely clear how any of this actually changes policy, except by forces that are glacial and generational.
But at least it highlights the hypocrisy of an administration that is happy to foment populist protests in other countries and equally happy to shut them down in our own.
If the DHS and other federal agencies were helping to coordinate, that's a pretty big stain on Obama-the-organizer's record as an organizer.
If you've got something so secret that it has to remain secret for a century or more, then you're just going to have to re-encrypt it periodically as requirements change.
Or you can simply rely on the fact that after about 20 years, no one will be able to read the data stored on that USB stick anyway without some seriously ancient, clunky equipment that's so full of tin hairs and accumulated smoke and coffee breath that the error-correcting code slows it to a crawl and prevents even quantum-style brute force in any reasonable time scale.
It's fun to imagine the future, and think that people will value then what you value today, but you're most likely going to be proven wrong. Secrets may very well be of utterly no consequence in a world where everything of consequence is already transparent.
The majority of the people looking for those bugs are going to sell them, not report them.
Citation needed.
I agree that Free isn't a magic guarantee of trustworthiness, tho.
Surely there are evil developers out there with a Free-software philosophy that nevertheless get off on sneaking backdoors and malicious bugs into their code. I think it would be fascinating to actually find one. The legendary black-hat greybeard!
It might have been nice to mention that in the article summary.
Indeed. From the article:
Both Mozilla and Microsoft made sure to note that there is no relationship between DigiCert Malaysia and Utah-based DigiCert Inc., which is a member of the Windows Root Certificate Program and Mozilla’s root program.
This is stupid. Virus and Trojans are not coming through the App Store. People are installing pirated software that has been infected or purposely contains a trojan. If people stop installing pirated software or being dumb and installing software without questioning it, this problem would go away in the MacOSX space.
Or look at it another way. If people who don't know any better can manage to limit themselves to only installing software via the AppStore, then the problem will go away.
The sandboxing is further prevention against malware in the AppStore. So it's now the safest repository of apps for clueless Mac users, and they should simply refuse to install any programs outside of the store.
People might get sick of the restrictive nature of Apple products.
People might.
But people are *already* sick of malware and trojans disguised as legitimate apps, not to mention normal apps that stick their digital tentacles into a million different locations in the filesystem (I'm looking at YOU Adobe).
I know that when I install something through the AppStore that Apple has done some sanity checks on it. That doesn't mean that I don't want to be able to install applications the old-fashioned way. It just means that there is a whole class of apps out there (besides Free software of course, which I would rather use) that I don't need to have trust issues about.
Yes, let's please use DNSSEC so that our domain registrar becomes our effective CA. I'm not kidding. It would simplify things enormously, and greatly improve security, especially for high-risk domains.
After all, I can go to any corrupt or government-operated CA and get a certificate for Google.com. But in order to to spoof DNSSEC I need to compromise Google's specific registrar, who has a very strong business incentive to not sign my fake google.com zone. The bigger the domain, the bigger the incentive to protect it.
You might not like the ICANN bureaucracy or the mechanics of DNSSEC, but compared to the existing CA/Certificate mess we have now, domain registration is a well-oiled machine.
Why do you call them solar nut jobs, when solar energy per square meter is several orders of magnitude more than thermal ?
Because a square meter of surface area is several orders of magnitude more valuable than a square meter of earth 6km underground. Geothermal has an incredibly small footprint on the surface, where it counts.
This isn't Google somehow modifying the way SSL and referrers work in your browser -- after all, in the normal course of things, you browser is in charge of deciding whether to send a Referer header or not.
This is Google using a JavaScript method to intercept and handle clicks on their site. In some cases the JavaScript does a redirect through non-HTTPS Google so that the referer is sent. In other cases it goes directly to the result site, no referer (as expected).
They could (and probably do?) use a similar trick for non-HTTPS search users.
So: it's inevitable that it becomes much harder to be anonymous online, not just in the UK, but in the USA and elsewhere. Sure, those in the know will post through anonymous proxies and VPNs and so on, at least until such encrypted traffic is blocked. And then there is steganography, but at each of these steps, the number of people knowledgeable enough to do it becomes 3, maybe 4 orders of magnitude smaller.
It's only a matter of time until the internet becomes the most powerful panopticon the world has ever known. There aren't enough people who care, to stop it from happening.
And yet, proving that a particular human knowingly did something online is devilishly hard. Well nigh impossible, in fact. TCP packets don't have fingerprints. It's impossible to tell one bit from another. The number of cryptographic hoops that we need to jump through to make an online payment should tell you something about how hard it is to hold someone accountable for electronic communications between networked systems.
So while you can argue that IP address and MAC address are identifiers, I can argue that they are bloody well not. Both are ridiculously easy to spoof. NAT firewalls and wireless aps further cloud identity. The fact is that even if a message is cryptographically signed by "you", there is absolutely no proof that the message wasn't created and signed by an attacker with a keylogger on your system.
So while I agree that given the general panopticon nature of ubiquitous devices and deep data mining and strongly-correlated social graphs that it gets harder and harder to remain anonymous or do things in private, I think that there is a very strong case to be made against using such digital evidence in a court of law, especially when the stakes are high. It's too easy to fake, and too difficult to pin on a specific human.
I'm hoping that the 2012 Olympics really push the "intellectual property" rights of the individual over the top.
This will be the first Summer Olympics held in a city where personal phones double as media streaming devices.
Every four years, big media pays boatloads of money for the exclusive rights to broadcast the games in their home territories. As a result, the organizers try to ban cameras and recording devices at venues, and restrict people who attempt to disseminate information or stream media coverage to viewers in other countries. It's utterly fucking ridiculous given the spirit of the Olympics as an amateur competition, but we all know that's naive so whatever. We just have to be glad that ABC or FOX or whoever is showing the event we want to see at all, and not complain that it gets timeshifted to 4:30am two days later.
How are they going to stop it in 2012? Take away people's iPhones at the gate? Turn of data coverage? Disable VPNs like Iran?
How will people react to that kind of restriction on their freedom to communicate... in London?
They have the source, all they have to do is make it publicly available. How is that so distracting from providing support? Some folks on their discussions groups want the source so they can help fix issues, why don't they provide support for them?
Maybe there is something embarrassing or illegal in there that needs to be refactored before they can release the source. Which should give you pause if you use Growl.
Chances are that in converting to an App Store app, they copied a chunk of code or included a library from some other source---a source that is not willing to assign copyright to the project. Like Apple, or some other app framework developer.
I dunno, maybe it's something else. But the simplest explanation (since they already have mechanisms for distributing the source) is that they dare not do so in its present state.
Presumably they are using something like the OS X Services framework to allow Siri to carry out actions in Apple iOS apps.
But remember that Siri's brains are server-side. So there is a lot of coordination that has to happen regarding a) knowing which apps provide which services, and b) knowing which provider(s) of a given service are installed on the user's phone. If there are two competing providers of the "reminder" service, which one does Siri use?
Apple are pretty damn clever when it comes to developers, but it seems to me that opening 3rd-party apps to Siri services is going to take a lot of engineering on both sides, and potentially complicate things for the end user.
I'm one of the dozens nodding my head, great comment.
Play the enlightenment game to its logical conclusions and we *do* get to tease the yolk and the whites apart someday, if we aren't fixated on much more important problems by then. In the meantime, the someone will figure out how to use these studies to make back all the money that went into them, and more.
Slashdot Mirror
Somehow I think (or at least hope) if it got to the point police or military units were ordered to deploy under conditions where they knew they be required to start shooting civilians there would be some disciplinary issues
Which is what the UAVs and other robots are for.
The first time the police/National Guard meet any seriously organized armed resistance, someone in Virginia will make a choice: do we deploy troops (who may or may not follow orders depending) or do we deploy UAVs and tell the poor saps in the control room that the targets are in Pakistan not Idaho?
Back in the 1970s tight underpants and tight jeans used to be the big threat to male fertility. Health scares move with the times.
I don't think you understand how tight some of those jeans were: they would still be a problem if worn today.
Fortunately in the meantime all those boomers got fat so now everything is "relaxed fit" and size-inflated for safety.
Your prius gets 50mpg? Well that's not bad, should I tell you that I just finished driving nearly 5000mi, in a '96 saturn and got around 49mpg on the highway. Yep, a car that's 15 years old, getting nearly the same performance.
I'm gonna go right ahead and call BS on that. It's not hard to look up EPA ratings even for old cars, and in 1996 Saturn sold nothing rated higher than 36mpg highway. EPA ratings don't always hit the mark spot on, but they aren't that bad.
Probably a significant tail wind in play. Or the driver likes to tailgate large trucks.
Even a simple "Big-Trak"-type (See: http://en.wikipedia.org/wiki/Big_Trak ) application would technically violate such terms.
OMG the Big Trak! Somebody needs to bring that thing back so I can finally own one.
Ok, since you asked, here is my anecdotal evidence. I have owned my Kindle for about a year. With daily use, it was worked flawlessly for all of that year, with three exceptions. In each of these cases, the reader froze, and had to be hard-reset and recharged.
All three happened while I was on trans-Atlantic flights.
It's a bit of a coincidence. I personally would not outright dismiss the possibility that there is something going on.
Did it get really cold at some point?
My original Kindle always needed a hard reset after I walked to the subway from work in temperatures below freezing.
How hard is it to write a DNS server without any vulnerabilities? I know it's complex, but still, come on. It's only the backbone of the Internet we're talking about.
The usual suspects: enterprise and legacy. Rather than just being a passive lookup engine, BIND has all kinds of extra interfaces and message-passing schemes that keep secondaries in sync with the master and allow automated processes to update and reload zones semi-automatically. I suspect there are also a bunch of legacy record types and zone file syntaxen that need to be supported.
It's similar to (but not as bad as) the problem with mail transport agents (MTAs aka SMTP servers). To be feature-complete and reliable they have to support a bunch of ancient protocols like UUNET and understand the quirks of legacy MTAs and work with other systems that expect an MTA to behave in a particular (if inelegant) way.
Well exactly, but now it's the general public's turn to get pissed off and yell Fuck da police! and show up for rallies in support of the ousted protesters.
It's not entirely clear how any of this actually changes policy, except by forces that are glacial and generational.
But at least it highlights the hypocrisy of an administration that is happy to foment populist protests in other countries and equally happy to shut them down in our own.
If the DHS and other federal agencies were helping to coordinate, that's a pretty big stain on Obama-the-organizer's record as an organizer.
If you've got something so secret that it has to remain secret for a century or more, then you're just going to have to re-encrypt it periodically as requirements change.
Or you can simply rely on the fact that after about 20 years, no one will be able to read the data stored on that USB stick anyway without some seriously ancient, clunky equipment that's so full of tin hairs and accumulated smoke and coffee breath that the error-correcting code slows it to a crawl and prevents even quantum-style brute force in any reasonable time scale.
It's fun to imagine the future, and think that people will value then what you value today, but you're most likely going to be proven wrong. Secrets may very well be of utterly no consequence in a world where everything of consequence is already transparent.
The majority of the people looking for those bugs are going to sell them, not report them.
Citation needed.
I agree that Free isn't a magic guarantee of trustworthiness, tho.
Surely there are evil developers out there with a Free-software philosophy that nevertheless get off on sneaking backdoors and malicious bugs into their code. I think it would be fascinating to actually find one. The legendary black-hat greybeard!
Ignorance is bliss. I'll take my chances.
It might have been nice to mention that in the article summary.
Indeed. From the article:
Both Mozilla and Microsoft made sure to note that there is no relationship between DigiCert Malaysia and Utah-based DigiCert Inc., which is a member of the Windows Root Certificate Program and Mozilla’s root program.
Whew!
I'm not saying I want to physically live in that world, but I definitely want my computers operating in that world
Freedom for processes! Down with the oppressive Kernel!
Tron lives!
This is stupid. Virus and Trojans are not coming through the App Store. People are installing pirated software that has been infected or purposely contains a trojan. If people stop installing pirated software or being dumb and installing software without questioning it, this problem would go away in the MacOSX space.
Or look at it another way. If people who don't know any better can manage to limit themselves to only installing software via the AppStore, then the problem will go away.
The sandboxing is further prevention against malware in the AppStore. So it's now the safest repository of apps for clueless Mac users, and they should simply refuse to install any programs outside of the store.
People might get sick of the restrictive nature of Apple products.
People might.
But people are *already* sick of malware and trojans disguised as legitimate apps, not to mention normal apps that stick their digital tentacles into a million different locations in the filesystem (I'm looking at YOU Adobe).
I know that when I install something through the AppStore that Apple has done some sanity checks on it. That doesn't mean that I don't want to be able to install applications the old-fashioned way. It just means that there is a whole class of apps out there (besides Free software of course, which I would rather use) that I don't need to have trust issues about.
Yes, let's please use DNSSEC so that our domain registrar becomes our effective CA. I'm not kidding. It would simplify things enormously, and greatly improve security, especially for high-risk domains.
After all, I can go to any corrupt or government-operated CA and get a certificate for Google.com. But in order to to spoof DNSSEC I need to compromise Google's specific registrar, who has a very strong business incentive to not sign my fake google.com zone. The bigger the domain, the bigger the incentive to protect it.
You might not like the ICANN bureaucracy or the mechanics of DNSSEC, but compared to the existing CA/Certificate mess we have now, domain registration is a well-oiled machine.
This idea rocks as long as you don't mind Google building a Magma Station in your backyard.
You know what that stuff smells like, right?
Why do you call them solar nut jobs, when solar energy per square meter is several orders of magnitude more than thermal ?
Because a square meter of surface area is several orders of magnitude more valuable than a square meter of earth 6km underground. Geothermal has an incredibly small footprint on the surface, where it counts.
Oooh, I can't wait to play "Operation" on one of these!
This isn't Google somehow modifying the way SSL and referrers work in your browser -- after all, in the normal course of things, you browser is in charge of deciding whether to send a Referer header or not.
This is Google using a JavaScript method to intercept and handle clicks on their site. In some cases the JavaScript does a redirect through non-HTTPS Google so that the referer is sent. In other cases it goes directly to the result site, no referer (as expected).
They could (and probably do?) use a similar trick for non-HTTPS search users.
So: it's inevitable that it becomes much harder to be anonymous online, not just in the UK, but in the USA and elsewhere. Sure, those in the know will post through anonymous proxies and VPNs and so on, at least until such encrypted traffic is blocked. And then there is steganography, but at each of these steps, the number of people knowledgeable enough to do it becomes 3, maybe 4 orders of magnitude smaller.
It's only a matter of time until the internet becomes the most powerful panopticon the world has ever known. There aren't enough people who care, to stop it from happening.
And yet, proving that a particular human knowingly did something online is devilishly hard. Well nigh impossible, in fact. TCP packets don't have fingerprints. It's impossible to tell one bit from another. The number of cryptographic hoops that we need to jump through to make an online payment should tell you something about how hard it is to hold someone accountable for electronic communications between networked systems.
So while you can argue that IP address and MAC address are identifiers, I can argue that they are bloody well not. Both are ridiculously easy to spoof. NAT firewalls and wireless aps further cloud identity. The fact is that even if a message is cryptographically signed by "you", there is absolutely no proof that the message wasn't created and signed by an attacker with a keylogger on your system.
So while I agree that given the general panopticon nature of ubiquitous devices and deep data mining and strongly-correlated social graphs
that it gets harder and harder to remain anonymous or do things in private, I think that there is a very strong case to be made against using such digital evidence in a court of law, especially when the stakes are high. It's too easy to fake, and too difficult to pin on a specific human.
I'm hoping that the 2012 Olympics really push the "intellectual property" rights of the individual over the top.
This will be the first Summer Olympics held in a city where personal phones double as media streaming devices.
Every four years, big media pays boatloads of money for the exclusive rights to broadcast the games in their home territories. As a result, the organizers try to ban cameras and recording devices at venues, and restrict people who attempt to disseminate information or stream media coverage to viewers in other countries. It's utterly fucking ridiculous given the spirit of the Olympics as an amateur competition, but we all know that's naive so whatever. We just have to be glad that ABC or FOX or whoever is showing the event we want to see at all, and not complain that it gets timeshifted to 4:30am two days later.
How are they going to stop it in 2012? Take away people's iPhones at the gate? Turn of data coverage? Disable VPNs like Iran?
How will people react to that kind of restriction on their freedom to communicate... in London?
In the time it took to write the FAQ entry, they could have posted the source code.
Perhaps they were hoping for a little free publicity for the App Store version in the tech press?
They have the source, all they have to do is make it publicly available. How is that so distracting from providing support? Some folks on their discussions groups want the source so they can help fix issues, why don't they provide support for them?
Maybe there is something embarrassing or illegal in there that needs to be refactored before they can release the source. Which should give you pause if you use Growl.
Chances are that in converting to an App Store app, they copied a chunk of code or included a library from some other source---a source that is not willing to assign copyright to the project. Like Apple, or some other app framework developer.
I dunno, maybe it's something else. But the simplest explanation (since they already have mechanisms for distributing the source) is that they dare not do so in its present state.
Presumably they are using something like the OS X Services framework to allow Siri to carry out actions in Apple iOS apps.
But remember that Siri's brains are server-side. So there is a lot of coordination that has to happen regarding a) knowing which apps provide which services, and b) knowing which provider(s) of a given service are installed on the user's phone. If there are two competing providers of the "reminder" service, which one does Siri use?
Apple are pretty damn clever when it comes to developers, but it seems to me that opening 3rd-party apps to Siri services is going to take a lot of engineering on both sides, and potentially complicate things for the end user.
I'm one of the dozens nodding my head, great comment.
Play the enlightenment game to its logical conclusions and we *do* get to tease the yolk and the whites apart someday, if we aren't fixated on much more important problems by then. In the meantime, the someone will figure out how to use these studies to make back all the money that went into them, and more.
This is a perfect example of taking a bad situation and making it worse by putting a plastic bag over your head.
OMG, priceless quote!