While it's interesting that the scientists involved are waiting for the ethical debate to take place, I don't think it's going to make a difference. The procedure will be carried out no matter what the result is.
The progress of science is inherently unstoppable. It usually occurs not through breakthroughs but through small improvements made over time.
My guess is that there's nothing biologically revolutionary about the work these scientists are doing. Which means if they refuse to take the next step someone else will pick up where they left off. Even if some are convinced the practice is unethical others won't be. Given that and the influence of greed I think progress is certain.
I'm surprised you made a claim like this without backing it up...
R is definitely for Rivest. Check the "What is RSA?" section of RSA's cryptography FAQ. I quote directly:
RSA is a public-key cryptosystem that offers both encryption and digital signatures (authentication). Ron Rivest, Adi Shamir, and Leonard Adleman developed RSA in 1977 [RSA78]; RSA stands for the first letter in each of its inventors' last names.
Possibly worse is the fact that on the same page they say they've got a patent pending on the idea of a light which changes color to indicate the robot's operating mode.
Maybe this is only ludicrous to me because I've dabbled in robotics, but think about it... You have software which runs in one of a few modes and runs on a machine with no output. So, you hook up a mode indicator. It's for debugging, not for indicating any sort of emotion. Come on - navigating around a chair is a mood?
I figure it started out as a debugging tool and some marketing moron thought it was cool... "No, no... not a mode indicator... a MOOD indicator!"
Really? That surprises me. Do you just think it's unnecessarily mathematically involved?
Granted, the course I took was both a CS and a math course, and if you don't care about the math you'll end up skimming some of the text. It is fairly formal and academic.
Far more mathematically rigorous than the O'Reilly book (from what I read of the O'Reilly book in the bookstore - I didn't buy it because it didn't look like much I didn't already have). No actual code, just pseudocode. I think this is the book you want if you really want to learn about algorithms (but not if you just want to get stuff done in Perl).
It's expensive, but it's a tome (>1000 pages). It was a good class textbook and still makes a very good reference. Check out the Table of Contents.
I don't really see the rationale... Could they really think that somebody who doesn't have Linux will buy the Linux version of a game and install the O.S. to play it?
I don't know about other retailers, but at Fry's the Linux games are in the operating systems section, right next to the Linux distributions. There's no way you'd find them unless you specifically went looking for the Linux version.
Also, I hope they're not expressing a bias toward a particular Linux distribution... That seems like a really bad idea to me. (If I call tech support with problems and they tell me I really should be using SuSE, I'll have some strong words for them)
I most certainly do understand the web of trust model. I'm a PGP user and I develop cryptographic software professionally.
The PGP trust model is quite clever and works well for groups of people (e.g. friends, coworkers, etc.). I personally find PGP to be very good at what I use it for. However, the web of trust is no substitute for a real PKI with one or more trusted roots. Every time you contact someone with whom you've never communicated (and with whom the people you trust have never communicated) you need to establish a secure channel, like a phone call. This gets very tiresome if secure communications are widespread. If you don't believe me, think of the trouble of contacting a tech support organization or operating a large mailing list...
Worse yet, try explaining all of this to your grandmother, who has just acquired a new email account. She may not understand the concept of "mouse", let alone public key cryptography. If we want everyone on the system it has to be self-operating. PGP just isn't. (By the way, if you need to trust an organization like Thawte to sign keys you've stepped into the realm of PKI)
You're absolutely right, everyone needs to start using encrypted email. A PKI (Public Key Infrastructure) will also be necessary - however, PGP doesn't provide one.
PKIs are designed to solve the problem of key exchange - we all trust a central authority to sign my key and verify that it actually belongs to me. PGP doesn't solve this problem. It relies on the user to establish his own unspoofable channel (e.g. face-to-face exchange) for verification of keys.
If you plan to use someone's PGP public key you MUST verify the signature with that person in an unspoofable way or the whole system falls apart. Thus PGP can't work for widespread communications security (Don't get me wrong - I use it and love it). Instead we need a real, traditional PKI. Which introduces many more problems (Who gets to sign certificates and who doesn't? If I notify them that my key has been compromised, how do they notify everyone who has that key? And so on.)
There's a whole industry built around this (and I work in it). There's no simple solution.
I don't understand why control of the actual mailbox is so important when you can't possibly control all of the intermediate sites which relay your mail from one place to another... Okay, your ISP doesn't have direct access to the mail you've already received, but they could easily have records of everything coming and going one level up...
The only real solution is encryption. Any number of people can read your email as it goes through their servers - unless they need a key to do so. Until the use of strong encryption is widespread we'll all be sending our mail on postcards.
This guy claims he's performing an experiment to find out what life in the connected future might be like. While it's a mildly entertaining story, the experiment is very flawed.
Come on - he laments the fact that he can't stand around the office water cooler? Is it obvious only to me that if everyone were out of the office they'd gather for meaningless conversation in some other forum?
He also complains about the inconvenience and expense of ordering items like food and hygiene products. Of course the items are hard to find and expensive - nobody shops for these things online yet. Once there's a market the vendors will come to it.
What he's actually writing about is how difficult it is to live with only an internet connection today, when everybody else is working in offices and shopping in grocery stores. Gee, thanks.
I'm sure there are many clients which will attempt to start over if a connection can't be made. My point was just that requests will keep getting sent to the downed machine until you change something.
Real load balancing will not send ANY requests to the downed machine. Another advantage is that it can balance based on the response times of the machines - a really speedy machine can be given a bigger share of the hits automatically.
Actually, if you do round-robin DNS rather than intelligent redirection, you aren't okay if one machine goes down - you're dropping a full half of your traffic, right?
Seems to me that if you're going to go to the trouble of redundant servers you might as well add some smarts to make the best use of them.
Hmmm... I know little about copyright law, so I bow to your superior knowledge if you do... However, there is obviously a line to be drawn somewhere in defining derivative works. The fact that my description of a movie is derived from the movie itself doesn't necessarily mean it's violating a copyright. Otherwise I couldn't publish a review without permission, right?
There's really not much point in arguing about this. I'm sure there's a huge body of legal precedent which is used to determine what is and isn't a violation, and I for one don't know what it contains... So I'm not in any position to pass legal judgement. It just seems unlikely to me that the professors in question have the law on their side.
I have to disagree... Microsoft makes a lot more than operating systems. You won't often see anyone demoing their new games, and I guarantee you'll never see a demo of Visual Studio outside of a conference.
Of course, we're talking about the consumer market here... Still, they could push Encarta, Money, various games and so on. Instead they're pushing connectivity. I think that's noteworthy.
Legally I think the professors don't have a leg to stand on here. True, the lecture is a copyrighted presentation, so outright recording of voice or video for sale is definitely infringement. Analogous in my opinion to videotaping a film in the theatre and selling the tape.
However, if I go to the theatre with a legal pad and write down a scene-for-scene description of a film and later attempt to sell my account, am I violating the film's copyright? I'm not really going to be able to record much of the content - I can't get exact lines, describe costumes and cinematorgraphy in detail and so on.
Notetaking in class seems similar. I'm not photgraphing presentation slides. I can't duplicate diagrams, only imitate them. And I certainly can't get the professor's vocal inflections, gestures and so on.
That being said, I think selling notes from a lecture without the professors permission is highly immoral. The fact that it's probably legal doesn't make it right. Respect your professors and their hard work.
Wouldn't any clone not developed in a cleanroom environment be in violation of copyright? I would think anyone wanting to make a comparable product shouldn't go anywhere near this source code.
OTOH, you're entirely correct about the code review, which is the reason why this release is important. Auditable source code for security software is incredibly valuable.
In my opinion this is the reason why the code has been released for viewing but not opened. They lose no money on sales and gain verifiability. Good move.
The articles I've read seem to say they'll be signing people up for MSN, selling people WebTV units and so on... Not selling the usual software, books, etc.
This is a pretty smart move. Selling Win98 in Radio Shack would probably not be a bit hit, but nowadays at least my local Radio Shacks are havens for clueless people who for some reason desperately need cell phones. Great audience for pushing the consumer connectivity stuff.
As I understand it, it means you don't install the software on your computer. You access it only over the net.
Analogous to the difference between Hotmail and a local mailreader.
It's a VERY big change... I haven't yet decided if I like the idea. It has its good and bad points. Good points include automatic upgrades, easy document sharing and universal access (access your document from any web browser). Bad points include automatic upgrades (:-) and really really big security concerns.
The authentication you describe seems to me to be three step but not three factor authentication...
In my understanding the number of authentication factors refers to the presence of different types of authentication. The types presently used are 1) Things you know (e.g. username/password) 2) Things you have (e.g. physical authentication tokens) 3) Things you are (e.g. biometric measurements)
By this definition what you're describing is either one or two factor authentication. I don't really understand what you mean by the challenge/response (the web page is not much more helpful), but I'm pretty sure it's not biometric... and keypairs are REALLY hard to guess, but they're still just information and fundamentally reproducable, thus not "what you have" authentication unless they're contained in a secure, tamper-proof physical token.
Clearly if a system asked a user for three different passwords the process wouldn't be called three factor auth... right?
Your comments remind me of comments made by Maddog Hall at the last Linux World Expo here in San Jose.
He brought this up as a very understandable example of the value of open source in general... Lots of companies develop tools and components which are not really part of their products - generic applications for doing standard boring business things. These companies wouldn't hurt themselves by sharing such applications, at least from a marketing or legal perspective, and they're constantly wasting money developing these things when others already have them lying around.
I don't see why this concept should apply only to whole applications and not to smaller code fragments (e.g. a good hash table implementation).
Perl has just such a thing (as I'm sure most of you know) - CPAN, the Comprehensive Perl Archive Network. I've done Perl development from time to time and I've often found very useful things in CPAN which I could directly apply to my work.
I program primarily in C and have never seen the C CPAN equivalent... I would love to see a widely mirrored repository of reusable C code.
As far as quality goes, CPAN seems to be of very good quality... I have no idea how submissions are handled, but I assume there's some sort of acceptance process. If it's all self-regulated I'm impressed.
Homeworld - navigating 3D with a mouse
on
3D Window Manager
·
· Score: 1
Sierra's recent game Homeworld is a 3D real time strategy game controlled by mouse and in my opinion a fairly good example of how a mouse can be used to control a 3D interface. Windoze users should download the demo and try it.
It's very simple. There's a pointer on the screen, and you can click to select (with various modifier keys to perform certain actions). At any given time your interface is focused on some object (e.g. a ship). Hold down the right mouse button and move the mouse to rotate around the point of focus. Hold down both buttons and move the mouse (or roll a scroll wheel if you have one) to zoom in and out.
If you want an overview you just press the space bar and you jump to a very long tactical view. However, the controls are the same - you still have a point of focus, and you still zoom and rotate as normal.
I think this would work for any 3D interface. Say I'm editing a bunch of source files in emacs - if I want a different one I just hit space, focus on the file I want and hit space again. Couple this with the ability to move files around and group them arbitrarily and make the filename visible from a distance and you have a useful system for navigating code.
Of course, this is just one application - why not drag files in and out of source control?
Let's not forget that Win2K includes some new public key crypto pieces, such as certificate management infrastructure. I'm betting that every cert required by IIS will be found in the system database, meaning that every connection using such a cert is going to need a license.
Now this doesn't mean that all e-commerce sites will need to pay through the nose. Most don't require client authentication - when you go to Amazon, you have a username and password, not a certificate. Which means you probably won't need a license for each order being processed concurrently.
However, there are plenty of other applications which could be hit by this. Most controlled access today is done through passwords, but it won't be long before it's all done with certificates, and it seems Microsoft is ready. What's worse is that Win2K pricing will be reasonable now, but in a few years when companies start taking the next step it'll sharply increase...
Slashdot Mirror
While it's interesting that the scientists involved are waiting for the ethical debate to take place, I don't think it's going to make a difference. The procedure will be carried out no matter what the result is.
The progress of science is inherently unstoppable. It usually occurs not through breakthroughs but through small improvements made over time.
My guess is that there's nothing biologically revolutionary about the work these scientists are doing. Which means if they refuse to take the next step someone else will pick up where they left off. Even if some are convinced the practice is unethical others won't be. Given that and the influence of greed I think progress is certain.
I'm surprised you made a claim like this without backing it up...
R is definitely for Rivest. Check the "What is RSA?" section of RSA's cryptography FAQ. I quote directly:
RSA is a public-key cryptosystem that offers both encryption and digital signatures (authentication). Ron Rivest, Adi Shamir, and Leonard Adleman developed RSA in 1977 [RSA78]; RSA stands for the first letter in each of its inventors' last names.
Amen.
Possibly worse is the fact that on the same page they say they've got a patent pending on the idea of a light which changes color to indicate the robot's operating mode.
Maybe this is only ludicrous to me because I've dabbled in robotics, but think about it... You have software which runs in one of a few modes and runs on a machine with no output. So, you hook up a mode indicator. It's for debugging, not for indicating any sort of emotion. Come on - navigating around a chair is a mood?
I figure it started out as a debugging tool and some marketing moron thought it was cool... "No, no... not a mode indicator... a MOOD indicator!"
Really? That surprises me. Do you just think it's unnecessarily mathematically involved?
Granted, the course I took was both a CS and a math course, and if you don't care about the math you'll end up skimming some of the text. It is fairly formal and academic.
Yup. I have a secret - I put the forks in my pocket while I think.
Pisses off the other philosophers, but what do I care?
Introduction to Algorithms, Cormen, Leiserson and Rivest (yes, Ron Rivest, the R in RSA).
Far more mathematically rigorous than the O'Reilly book (from what I read of the O'Reilly book in the bookstore - I didn't buy it because it didn't look like much I didn't already have). No actual code, just pseudocode. I think this is the book you want if you really want to learn about algorithms (but not if you just want to get stuff done in Perl).
It's expensive, but it's a tome (>1000 pages). It was a good class textbook and still makes a very good reference. Check out the Table of Contents.
Am I the only one who thinks this is bizarre?
I don't really see the rationale... Could they really think that somebody who doesn't have Linux will buy the Linux version of a game and install the O.S. to play it?
I don't know about other retailers, but at Fry's the Linux games are in the operating systems section, right next to the Linux distributions. There's no way you'd find them unless you specifically went looking for the Linux version.
Also, I hope they're not expressing a bias toward a particular Linux distribution... That seems like a really bad idea to me. (If I call tech support with problems and they tell me I really should be using SuSE, I'll have some strong words for them)
I most certainly do understand the web of trust model. I'm a PGP user and I develop cryptographic software professionally.
The PGP trust model is quite clever and works well for groups of people (e.g. friends, coworkers, etc.). I personally find PGP to be very good at what I use it for. However, the web of trust is no substitute for a real PKI with one or more trusted roots. Every time you contact someone with whom you've never communicated (and with whom the people you trust have never communicated) you need to establish a secure channel, like a phone call. This gets very tiresome if secure communications are widespread. If you don't believe me, think of the trouble of contacting a tech support organization or operating a large mailing list...
Worse yet, try explaining all of this to your grandmother, who has just acquired a new email account. She may not understand the concept of "mouse", let alone public key cryptography. If we want everyone on the system it has to be self-operating. PGP just isn't. (By the way, if you need to trust an organization like Thawte to sign keys you've stepped into the realm of PKI)
You're absolutely right, everyone needs to start using encrypted email. A PKI (Public Key Infrastructure) will also be necessary - however, PGP doesn't provide one.
PKIs are designed to solve the problem of key exchange - we all trust a central authority to sign my key and verify that it actually belongs to me. PGP doesn't solve this problem. It relies on the user to establish his own unspoofable channel (e.g. face-to-face exchange) for verification of keys.
If you plan to use someone's PGP public key you MUST verify the signature with that person in an unspoofable way or the whole system falls apart. Thus PGP can't work for widespread communications security (Don't get me wrong - I use it and love it). Instead we need a real, traditional PKI. Which introduces many more problems (Who gets to sign certificates and who doesn't? If I notify them that my key has been compromised, how do they notify everyone who has that key? And so on.)
There's a whole industry built around this (and I work in it). There's no simple solution.
I don't understand why control of the actual mailbox is so important when you can't possibly control all of the intermediate sites which relay your mail from one place to another... Okay, your ISP doesn't have direct access to the mail you've already received, but they could easily have records of everything coming and going one level up...
The only real solution is encryption. Any number of people can read your email as it goes through their servers - unless they need a key to do so. Until the use of strong encryption is widespread we'll all be sending our mail on postcards.
This guy claims he's performing an experiment to find out what life in the connected future might be like. While it's a mildly entertaining story, the experiment is very flawed.
Come on - he laments the fact that he can't stand around the office water cooler? Is it obvious only to me that if everyone were out of the office they'd gather for meaningless conversation in some other forum?
He also complains about the inconvenience and expense of ordering items like food and hygiene products. Of course the items are hard to find and expensive - nobody shops for these things online yet. Once there's a market the vendors will come to it.
What he's actually writing about is how difficult it is to live with only an internet connection today, when everybody else is working in offices and shopping in grocery stores. Gee, thanks.
I'm sure there are many clients which will attempt to start over if a connection can't be made. My point was just that requests will keep getting sent to the downed machine until you change something.
Real load balancing will not send ANY requests to the downed machine. Another advantage is that it can balance based on the response times of the machines - a really speedy machine can be given a bigger share of the hits automatically.
Actually, if you do round-robin DNS rather than intelligent redirection, you aren't okay if one machine goes down - you're dropping a full half of your traffic, right?
Seems to me that if you're going to go to the trouble of redundant servers you might as well add some smarts to make the best use of them.
Hmmm... I know little about copyright law, so I bow to your superior knowledge if you do... However, there is obviously a line to be drawn somewhere in defining derivative works. The fact that my description of a movie is derived from the movie itself doesn't necessarily mean it's violating a copyright. Otherwise I couldn't publish a review without permission, right?
There's really not much point in arguing about this. I'm sure there's a huge body of legal precedent which is used to determine what is and isn't a violation, and I for one don't know what it contains... So I'm not in any position to pass legal judgement. It just seems unlikely to me that the professors in question have the law on their side.
I have to disagree... Microsoft makes a lot more than operating systems. You won't often see anyone demoing their new games, and I guarantee you'll never see a demo of Visual Studio outside of a conference.
Of course, we're talking about the consumer market here... Still, they could push Encarta, Money, various games and so on. Instead they're pushing connectivity. I think that's noteworthy.
Legally I think the professors don't have a leg to stand on here. True, the lecture is a copyrighted presentation, so outright recording of voice or video for sale is definitely infringement. Analogous in my opinion to videotaping a film in the theatre and selling the tape.
However, if I go to the theatre with a legal pad and write down a scene-for-scene description of a film and later attempt to sell my account, am I violating the film's copyright? I'm not really going to be able to record much of the content - I can't get exact lines, describe costumes and cinematorgraphy in detail and so on.
Notetaking in class seems similar. I'm not photgraphing presentation slides. I can't duplicate diagrams, only imitate them. And I certainly can't get the professor's vocal inflections, gestures and so on.
That being said, I think selling notes from a lecture without the professors permission is highly immoral. The fact that it's probably legal doesn't make it right. Respect your professors and their hard work.
Wouldn't any clone not developed in a cleanroom environment be in violation of copyright? I would think anyone wanting to make a comparable product shouldn't go anywhere near this source code.
OTOH, you're entirely correct about the code review, which is the reason why this release is important. Auditable source code for security software is incredibly valuable.
In my opinion this is the reason why the code has been released for viewing but not opened. They lose no money on sales and gain verifiability. Good move.
The articles I've read seem to say they'll be signing people up for MSN, selling people WebTV units and so on... Not selling the usual software, books, etc.
This is a pretty smart move. Selling Win98 in Radio Shack would probably not be a bit hit, but nowadays at least my local Radio Shacks are havens for clueless people who for some reason desperately need cell phones. Great audience for pushing the consumer connectivity stuff.
As I understand it, it means you don't install the software on your computer. You access it only over the net.
Analogous to the difference between Hotmail and a local mailreader.
It's a VERY big change... I haven't yet decided if I like the idea. It has its good and bad points. Good points include automatic upgrades, easy document sharing and universal access (access your document from any web browser). Bad points include automatic upgrades (:-) and really really big security concerns.
The authentication you describe seems to me to be three step but not three factor authentication...
In my understanding the number of authentication factors refers to the presence of different types of authentication. The types presently used are
1) Things you know (e.g. username/password)
2) Things you have (e.g. physical authentication tokens)
3) Things you are (e.g. biometric measurements)
By this definition what you're describing is either one or two factor authentication. I don't really understand what you mean by the challenge/response (the web page is not much more helpful), but I'm pretty sure it's not biometric... and keypairs are REALLY hard to guess, but they're still just information and fundamentally reproducable, thus not "what you have" authentication unless they're contained in a secure, tamper-proof physical token.
Clearly if a system asked a user for three different passwords the process wouldn't be called three factor auth... right?
Your comments remind me of comments made by Maddog Hall at the last Linux World Expo here in San Jose.
He brought this up as a very understandable example of the value of open source in general... Lots of companies develop tools and components which are not really part of their products - generic applications for doing standard boring business things. These companies wouldn't hurt themselves by sharing such applications, at least from a marketing or legal perspective, and they're constantly wasting money developing these things when others already have them lying around.
I don't see why this concept should apply only to whole applications and not to smaller code fragments (e.g. a good hash table implementation).
Perl has just such a thing (as I'm sure most of you know) - CPAN, the Comprehensive Perl Archive Network. I've done Perl development from time to time and I've often found very useful things in CPAN which I could directly apply to my work.
I program primarily in C and have never seen the C CPAN equivalent... I would love to see a widely mirrored repository of reusable C code.
As far as quality goes, CPAN seems to be of very good quality... I have no idea how submissions are handled, but I assume there's some sort of acceptance process. If it's all self-regulated I'm impressed.
Sierra's recent game Homeworld is a 3D real time strategy game controlled by mouse and in my opinion a fairly good example of how a mouse can be used to control a 3D interface. Windoze users should download the demo and try it.
It's very simple. There's a pointer on the screen, and you can click to select (with various modifier keys to perform certain actions). At any given time your interface is focused on some object (e.g. a ship). Hold down the right mouse button and move the mouse to rotate around the point of focus. Hold down both buttons and move the mouse (or roll a scroll wheel if you have one) to zoom in and out.
If you want an overview you just press the space bar and you jump to a very long tactical view. However, the controls are the same - you still have a point of focus, and you still zoom and rotate as normal.
I think this would work for any 3D interface. Say I'm editing a bunch of source files in emacs - if I want a different one I just hit space, focus on the file I want and hit space again. Couple this with the ability to move files around and group them arbitrarily and make the filename visible from a distance and you have a useful system for navigating code.
Of course, this is just one application - why not drag files in and out of source control?
Let's not forget that Win2K includes some new public key crypto pieces, such as certificate management infrastructure. I'm betting that every cert required by IIS will be found in the system database, meaning that every connection using such a cert is going to need a license.
Now this doesn't mean that all e-commerce sites will need to pay through the nose. Most don't require client authentication - when you go to Amazon, you have a username and password, not a certificate. Which means you probably won't need a license for each order being processed concurrently.
However, there are plenty of other applications which could be hit by this. Most controlled access today is done through passwords, but it won't be long before it's all done with certificates, and it seems Microsoft is ready. What's worse is that Win2K pricing will be reasonable now, but in a few years when companies start taking the next step it'll sharply increase...
I knew I wouldn't be the only one.
My 4 main machines at home are Destiny, Despair, Desire and Delirium.
I just can't bring myself to name one Death... Seems somewhat heretical to me.