Wake up, you brits: the police state envisioned by Orwell is becoming real. If you look at the loss of liberty in the last fifteen years, and extrapolate forward fifteen more, we'll be RFID tagging the populace.
We're in trouble, people: it really seems that there is a transnational, concerted effort to clamp down on our privacy and rights as far as people will stand for it, using terrorism as an excuse.
In fact, the populace is being systematically denuded of what makes us citizens rather than property of the state. I never used to buy all of that conspiracy theory bullshit, but the more of this stuff I see, the more I wonder what's really going on...
Seems to me that we need some kind of international political voice to speak for our privacy and freedom: globally, the lock down is going on, and I don't see any effective transnational resistance.
Yeah, but the whole surveilence thing got seriously started in the UK at least ten years ago, and there have been cameras everywhere for at least the last five...
Seriously, what the hell are these governments up to? Seems to me you'd have to be pretty afraid of something to mandate surveilence on the scale of what's going on in Europe these days, and last time I checked the climate wasn't right for a revolution (not enough poverty!).
After all, we're now pretty well aware that people are not looking through open source code looking for bugs and back doors: yes, flaws get discovered, but it's usually through the "exploit-patch-fix" cycle, rather than pre-emptive security work.
OpenBSD is, of course, not dead and a very notable exception.
Sometimes secrecy is useful in security: ask the NSA; yes, in theory, all of their algorithms would stand if they were placed in the open.
But they still keep them secret because it is one more obstacle for an intruder to have to overcome to compromise a system.
Of course, none of this matters because we're talking about M$, those nice folks asking to keep with Windows source secret because it has security flaws large enough to be considered economic and national security risks.
But, in theory, I think there are times when closes source might be the way to go.
Let me suggest an example: RMS's config utility for Fetchmail. It's in Python, is relatively simple, and he's well on top of his game.
Plenty of changelogs available, and he'd probably talk you through a big chunk of the design process if asked nicely.
I do think that people can change the way you think about things, but I think 90% of the time it's done by "call-and-response" - you ask a question which reflects your current state, then they emit a response which changes your current state into some new state, and you fall on your ass wondering how you could have lived not knowing the world could be seen like that: code gurus.
Our models of education, alas, assume this is to happen by chance during lectures based on rough ideas of the makeup of a class.
I think the best programming education of all is apprenticeship and the open source community provides an excellent pool of masters from which to learn.
Email somebody: I bet within the first couple of dozen, you'll find somebody who's willing to mail you their source code to comment or standardize.
Although there are a lot of useful models like the ones you outlined, I'm not sure that there is any way to teach problem solving, and it's most important step, problem conceptualization.
I think you could take people through graded series of exercises soluble in different approaches, but there's no "one size fits all" way to develop intuition.
One approach used widely in architecture, a sibling profession if we ever had one, is "masterworks" - taking students through the works of other great architects, examining each decision made in some detail with reference to notebooks and discussions.
I think that this approach may make a lot more sense than teaching theory because it gives some access to an experienced mind, rather than just a methodology created by such a mind.
I know that I learned more from working with great programmers and absorbing their tricks than from any book I ever read or course I took.
The guy who did the work on the islamic dinar is one of the most dangerous men alive, if you're a capitalist:-)
Seriously, I think you're very right about the possibility for an enlightened Islamic state: history has shown that Islam is capable of it, and god knows we need an alternative philosophy somewhere on the planet to hypercapitalism, which is as toxic a way of life as has yet to be found.
The state has to adapt to modernity; the church should be able to stand for eternity. I think this is why they must be separated.
I forgot to mention: the co-host is *not* internet routable: put a second NIC in the web host, and hide the co-host behind that. Anything touching the co-host other than a decrypt request should trigger a shut-down: John Q. Hacker roots your web server & database, sees requests going to the co-host, pokes it a bit to see what it is and in the process shuts the box down cold.
Not perfect security, but done right unlikely to be the weakest link: a determined hacker will root your web server and simply copy all of the credit card numbers as they are used, by backdooring your e-commerce application.
But at least that's a trickle: you lose numbers to him as they are used, rather than your whole database at once. Read Bruce Schnier's stuff about all security being target hardening.....
You answered your own question: you don't put the decryption key on the same box.
You put it on another box, close all of the ports, and have a simple protocol running over something low-level which you trust like SCP or a PERL socket reader.
Your "co-host" stores the secret key, and does all decryption: the main host passes it a datum to decrypt, the co-host decrypts it, and passes back the cleartext.
The key never leaves the box, and the co-host should erase it's copy of the key and shutdown on any unexpected network activity (like an attempt to log-in). If you're really paranoid, have it also look for patterns in the access and die if anything unexpected show up - or return bogus, flagged test data (i.e. a list of bogus credit card numbers in stead of real ones).
A people which aspires to practice Islam properly will always desire Islamic government and Islamic jurisprudence.
Then I fear that Muslims are, at least until a different form of Sharia (right word?) comes to the fore, doomed to poverty and strife.
I mean this quite seriously: although I do believe that there are interpretations, forms of Islam which are well suited to the modern age, the forms of Islam which currently predominate are so out of step with the social, technological and political realities of the age that I fear the only way they can survive and remain internally consistent is war against time.
Any philosophy which relies on an "inside" and an "outside" is unsuited for the modern age: we are becoming one world, through trade and communication (beneficially) and through shared problems like the environment and AIDS (maelificly). The forms of Islam which sharply discriminate against non-believers have no future because, at the end of the day, most people are non-believers, and are not going to convert except by force.
So unless one can find a form of Islam which is open enough to modernity to cope with a multivalent, diverse society and culture - to cope with other systems of belief like science and the remains of the other world religions - and not just to cope with them but to join with them in a spirit of brotherhood, I think that Islam is eventually going to be destroyed as a political and social force.
A great proportion of the world's current conflicts are caused by just this problem: Islamic people trying to attain Islamic government in places which have a mixed population: what do you suggest is a good solution to this problem?
Should these Muslims emigrate to Muslim nations? What if their countrymen have no wish to live under Islamic law?
This is not an abstract question: this is a battle being fought all over the world, which has been fought in Indonesia, Morocco, Kashmir and so on.
This link between religion and political dominance is destroying Islam.
Heh.... trading nations, good, empires, usually bad.
One of the tragedies of Islam is that it did not get kicked out of government: Catholicism has got a chance to age disgracefully, falling into squalor without causing too much damage because the people running nations stopped taking orders from the church long ago.
Islam, to my eye, seems to be in a similar decline, but still has massive power in government: the result is a religion in decline has turned into a culture in decline which is turning into many millions of people with little hope.
I think that the star of organized religions is falling. I hope that the Muslim world has the sense not to go down with that sinking ship.
However, the interpretation of the life of Muhammad varies, I'm sure, as all other histories vary: depending on the time of the analysis, and those involved.
Warlike folks stress the wars fought against Mecca, others, the more peaceful and conciliatory aspects of the story.
It's clear to me that, for a long period, Muslim civilization was considerably ahead of European civilization in nearly all regards: arts, culture, even war - the rights of the individual, the rule of law, in science and in mathematics.
But that was when it was a trading culture, open to other nations and ways of life, when it protected diversity rather than attempting to crush it under the jackboot of fundamentalism.
Nothing wrong with the religion, but somebody left a bunch of idiots in charge.
Erm.... bullshit, repoleved. The Prophet Muhammad fought wars for Islam, and that is the tradition in which Jihad exists.
Working a job, doing research - some scholar may have called these Jihad and tried to make a justification for it, but the president is the life of Muhammad, isn't it?
Or do you have some entirely other explanation for the theology (i.e. directly going to heaven if killed in battle - common among religions, but present without a doubt in Islam) and rhetoric?
Jihad is a war for Islam, and nothing else.
Now certainly you could argue that bin Laden and co. have hijacked that concept and are in fact using the cry of Jihad to further their own aims, but let's not be unclear about what a Jihad is: a Jihad is a holy war to defend or promote Islam.
Right now, it's not our foreign policy which causes that war: it's our existence - fundamentalist forms of Islam are completely threatened by our secular, multi-faith society which is dominant in trade and arms.
The Islam of the trading empires, like the Ottoman and those which came before that, indeed, the Islam which defended the Jews against the Christian crusaders, would not be threatened by America except politically.
But the fundamentalists have hijacked your religion (I assume you are muslim) and redefining Jihad won't help a little bit.
I'm not convinced that terrorism (or more correctly jihad) is really a product of our foreign policy - the wars between Muslims and Christians predate the foundation of the United States by around a millennium - and the issues have not changed much: control of the Holy Land.
Ahh, this is too good - finally the future takes a twist even Bruce Sterling couldn't predict.
But seriously, this is actually pretty impressive: the weight of Islamic law behind software theft. I'm not familiar with the situation in Egypt, but in a lot of places (like Saudi Arabia) the penalty for theft is having your hand cut off. First left, then right.
You heard me right: people may be getting their hands cut off for pirating software.
As I've said before on the dot, our choices, in the long run, are
1> To comply with Copyright Law as it stands, whether we like it or not.
2> To change the law to something sane.
It's very much like the War On Drugs - Marijuana is simply not very harmful, grows everywhere, and our jails are full of people doing time for selling a dime bag: even an irrational, impossible-to-enforce law can still ruin lives.
Copyright is heading towards being this kind of an issue, and we need to take smart action to prevent it before we have college students going to jail for their MP3 collections.
And poor muslim bastards losing their hands over a pirated copy of Word.
The person breaking the law is the person with the file. You scan the internet for the files, write them tickets, and move on with your day.
In case y'all hadn't noticed, those copyright holders (yeah, remember the GPL rests on copyright law too) aren't just going to go away: they're going to keep trying to enforce the current law and make new laws to suit their estate.
Just to clarify, a pile of guns sitting on the ground is a technical fix - and a group of people picking up those guns and using them is a social problem! (or, in some circumstances, a social solution).
Repeat after me: there are no technical fixes for social problems, there are no technical fixes for social problems, there are no technical fixes for social problems.
I don't care what code you put on the SACD, or what rights management comes with the software: until we get a consistency of governance, with the same clear law implemented uniformly, protecting both fair use, individual rights, and copyright law (what's left of it after Eldred Vs. Ashcroft all of this is just screwing around: people will hack around it, of course, and it'll be DeCSS all over again.
Slashdot Mirror
Wake up, you brits: the police state envisioned by Orwell is becoming real. If you look at the loss of liberty in the last fifteen years, and extrapolate forward fifteen more, we'll be RFID tagging the populace.
We're in trouble, people: it really seems that there is a transnational, concerted effort to clamp down on our privacy and rights as far as people will stand for it, using terrorism as an excuse.
In fact, the populace is being systematically denuded of what makes us citizens rather than property of the state. I never used to buy all of that conspiracy theory bullshit, but the more of this stuff I see, the more I wonder what's really going on...
sorry, that should be Amnesty International
Seems to me that we need some kind of international political voice to speak for our privacy and freedom: globally, the lock down is going on, and I don't see any effective transnational resistance.
Perhaps Amnesty International would be a good place to start?
Yeah, but the whole surveilence thing got seriously started in the UK at least ten years ago, and there have been cameras everywhere for at least the last five...
Seriously, what the hell are these governments up to? Seems to me you'd have to be pretty afraid of something to mandate surveilence on the scale of what's going on in Europe these days, and last time I checked the climate wasn't right for a revolution (not enough poverty!).
So, what's going on in Europe?
It's the classic disaster scenario: the designers/programmers know it's hosed, the management forces them to ship anyway.
You Have Been Warned.
After all, we're now pretty well aware that people are not looking through open source code looking for bugs and back doors: yes, flaws get discovered, but it's usually through the "exploit-patch-fix" cycle, rather than pre-emptive security work.
OpenBSD is, of course, not dead and a very notable exception.
Sometimes secrecy is useful in security: ask the NSA; yes, in theory, all of their algorithms would stand if they were placed in the open.
But they still keep them secret because it is one more obstacle for an intruder to have to overcome to compromise a system.
Of course, none of this matters because we're talking about M$, those nice folks asking to keep with Windows source secret because it has security flaws large enough to be considered economic and national security risks.
But, in theory, I think there are times when closes source might be the way to go.
Life imitating fiction, particularly that particular piece of fiction, is becoming passe.
Yeah, sorry, I'm a moron!
Let me suggest an example: RMS's config utility for Fetchmail. It's in Python, is relatively simple, and he's well on top of his game.
Plenty of changelogs available, and he'd probably talk you through a big chunk of the design process if asked nicely.
I do think that people can change the way you think about things, but I think 90% of the time it's done by "call-and-response" - you ask a question which reflects your current state, then they emit a response which changes your current state into some new state, and you fall on your ass wondering how you could have lived not knowing the world could be seen like that: code gurus.
Our models of education, alas, assume this is to happen by chance during lectures based on rough ideas of the makeup of a class.
I think the best programming education of all is apprenticeship and the open source community provides an excellent pool of masters from which to learn.
Email somebody: I bet within the first couple of dozen, you'll find somebody who's willing to mail you their source code to comment or standardize.
Although there are a lot of useful models like the ones you outlined, I'm not sure that there is any way to teach problem solving, and it's most important step, problem conceptualization.
I think you could take people through graded series of exercises soluble in different approaches, but there's no "one size fits all" way to develop intuition.
One approach used widely in architecture, a sibling profession if we ever had one, is "masterworks" - taking students through the works of other great architects, examining each decision made in some detail with reference to notebooks and discussions.
I think that this approach may make a lot more sense than teaching theory because it gives some access to an experienced mind, rather than just a methodology created by such a mind.
I know that I learned more from working with great programmers and absorbing their tricks than from any book I ever read or course I took.
The guy who did the work on the islamic dinar is one of the most dangerous men alive, if you're a capitalist :-)
Seriously, I think you're very right about the possibility for an enlightened Islamic state: history has shown that Islam is capable of it, and god knows we need an alternative philosophy somewhere on the planet to hypercapitalism, which is as toxic a way of life as has yet to be found.
The state has to adapt to modernity; the church should be able to stand for eternity. I think this is why they must be separated.
Wa alakum al salaam!
I forgot to mention: the co-host is *not* internet routable: put a second NIC in the web host, and hide the co-host behind that. Anything touching the co-host other than a decrypt request should trigger a shut-down: John Q. Hacker roots your web server & database, sees requests going to the co-host, pokes it a bit to see what it is and in the process shuts the box down cold.
Not perfect security, but done right unlikely to be the weakest link: a determined hacker will root your web server and simply copy all of the credit card numbers as they are used, by backdooring your e-commerce application.
But at least that's a trickle: you lose numbers to him as they are used, rather than your whole database at once. Read Bruce Schnier's stuff about all security being target hardening.....
You answered your own question: you don't put the decryption key on the same box.
You put it on another box, close all of the ports, and have a simple protocol running over something low-level which you trust like SCP or a PERL socket reader.
Your "co-host" stores the secret key, and does all decryption: the main host passes it a datum to decrypt, the co-host decrypts it, and passes back the cleartext.
The key never leaves the box, and the co-host should erase it's copy of the key and shutdown on any unexpected network activity (like an attempt to log-in). If you're really paranoid, have it also look for patterns in the access and die if anything unexpected show up - or return bogus, flagged test data (i.e. a list of bogus credit card numbers in stead of real ones).
Does that answer your question?
A people which aspires to practice Islam properly will always desire Islamic government and Islamic jurisprudence.
Then I fear that Muslims are, at least until a different form of Sharia (right word?) comes to the fore, doomed to poverty and strife.
I mean this quite seriously: although I do believe that there are interpretations, forms of Islam which are well suited to the modern age, the forms of Islam which currently predominate are so out of step with the social, technological and political realities of the age that I fear the only way they can survive and remain internally consistent is war against time.
Any philosophy which relies on an "inside" and an "outside" is unsuited for the modern age: we are becoming one world, through trade and communication (beneficially) and through shared problems like the environment and AIDS (maelificly). The forms of Islam which sharply discriminate against non-believers have no future because, at the end of the day, most people are non-believers, and are not going to convert except by force.
So unless one can find a form of Islam which is open enough to modernity to cope with a multivalent, diverse society and culture - to cope with other systems of belief like science and the remains of the other world religions - and not just to cope with them but to join with them in a spirit of brotherhood, I think that Islam is eventually going to be destroyed as a political and social force.
A great proportion of the world's current conflicts are caused by just this problem: Islamic people trying to attain Islamic government in places which have a mixed population: what do you suggest is a good solution to this problem?
Should these Muslims emigrate to Muslim nations? What if their countrymen have no wish to live under Islamic law?
This is not an abstract question: this is a battle being fought all over the world, which has been fought in Indonesia, Morocco, Kashmir and so on.
This link between religion and political dominance is destroying Islam.
Heh.... trading nations, good, empires, usually bad.
One of the tragedies of Islam is that it did not get kicked out of government: Catholicism has got a chance to age disgracefully, falling into squalor without causing too much damage because the people running nations stopped taking orders from the church long ago.
Islam, to my eye, seems to be in a similar decline, but still has massive power in government: the result is a religion in decline has turned into a culture in decline which is turning into many millions of people with little hope.
I think that the star of organized religions is falling. I hope that the Muslim world has the sense not to go down with that sinking ship.
I do have a deep regard for the muslim faith.
However, the interpretation of the life of Muhammad varies, I'm sure, as all other histories vary: depending on the time of the analysis, and those involved.
Warlike folks stress the wars fought against Mecca, others, the more peaceful and conciliatory aspects of the story.
It's clear to me that, for a long period, Muslim civilization was considerably ahead of European civilization in nearly all regards: arts, culture, even war - the rights of the individual, the rule of law, in science and in mathematics.
But that was when it was a trading culture, open to other nations and ways of life, when it protected diversity rather than attempting to crush it under the jackboot of fundamentalism.
Nothing wrong with the religion, but somebody left a bunch of idiots in charge.
Erm.... bullshit, repoleved. The Prophet Muhammad fought wars for Islam, and that is the tradition in which Jihad exists.
Working a job, doing research - some scholar may have called these Jihad and tried to make a justification for it, but the president is the life of Muhammad, isn't it?
Or do you have some entirely other explanation for the theology (i.e. directly going to heaven if killed in battle - common among religions, but present without a doubt in Islam) and rhetoric?
Jihad is a war for Islam, and nothing else.
Now certainly you could argue that bin Laden and co. have hijacked that concept and are in fact using the cry of Jihad to further their own aims, but let's not be unclear about what a Jihad is: a Jihad is a holy war to defend or promote Islam.
Right now, it's not our foreign policy which causes that war: it's our existence - fundamentalist forms of Islam are completely threatened by our secular, multi-faith society which is dominant in trade and arms.
The Islam of the trading empires, like the Ottoman and those which came before that, indeed, the Islam which defended the Jews against the Christian crusaders, would not be threatened by America except politically.
But the fundamentalists have hijacked your religion (I assume you are muslim) and redefining Jihad won't help a little bit.
I'm not convinced that terrorism (or more correctly jihad) is really a product of our foreign policy - the wars between Muslims and Christians predate the foundation of the United States by around a millennium - and the issues have not changed much: control of the Holy Land.
Ahh, this is too good - finally the future takes a twist even Bruce Sterling couldn't predict.
But seriously, this is actually pretty impressive: the weight of Islamic law behind software theft. I'm not familiar with the situation in Egypt, but in a lot of places (like Saudi Arabia) the penalty for theft is having your hand cut off. First left, then right.
You heard me right: people may be getting their hands cut off for pirating software.
As I've said before on the dot, our choices, in the long run, are
1> To comply with Copyright Law as it stands, whether we like it or not.
2> To change the law to something sane.
It's very much like the War On Drugs - Marijuana is simply not very harmful, grows everywhere, and our jails are full of people doing time for selling a dime bag: even an irrational, impossible-to-enforce law can still ruin lives.
Copyright is heading towards being this kind of an issue, and we need to take smart action to prevent it before we have college students going to jail for their MP3 collections.
And poor muslim bastards losing their hands over a pirated copy of Word.
ooops.... we went bust... sorry about your bandwidth.....
Now if only they would take Qwest with them!
The person breaking the law is the person with the file. You scan the internet for the files, write them tickets, and move on with your day.
In case y'all hadn't noticed, those copyright holders (yeah, remember the GPL rests on copyright law too) aren't just going to go away: they're going to keep trying to enforce the current law and make new laws to suit their estate.
Just to clarify, a pile of guns sitting on the ground is a technical fix - and a group of people picking up those guns and using them is a social problem! (or, in some circumstances, a social solution).
Repeat after me: there are no technical fixes for social problems, there are no technical fixes for social problems, there are no technical fixes for social problems.
I don't care what code you put on the SACD, or what rights management comes with the software: until we get a consistency of governance, with the same clear law implemented uniformly, protecting both fair use, individual rights, and copyright law (what's left of it after Eldred Vs. Ashcroft all of this is just screwing around: people will hack around it, of course, and it'll be DeCSS all over again.
That's not progress, or a solution.
Anyway, last I heard the new Macs are going to ship with USB2 and FireWire - so who cares which is better?