They promised that for Windows 2000, and it's actually true. You can install/uninstall/reinstall almost any service without a reboot. You can also reconfigure the network stack which wasn't possible in older versions. Most of the patches require reboots because they are replacing files that are in use by the system.
Wow, 590,000,000 something barrels of oil is an inadequate reserve? The fact that we could go 3 months with zero imports and zero domestic production, or over a year with significantly decreased imports is stupid? What rock do you live under? As for CO2, that's not a constraint on consumption, but it does lead to junk scientists demanding aftificial constratints. My only response is, who gives a damn? Not the environmentalists. If they really cared about cutting carbon emissions, they wouldn't block fuel sources that produce zero emissions like nuclear while at the same time demanding subsidies for "clean" power sources like electric cars and corn oil which actually increase emissions through inefficiency.
There are no "real" fuel consuption constraints. We could be sitting pretty with oil and natural gas for several centuries. The lack of caving to the environmental sissies and the sheik oil barrons who are in favor of ARTIFICIAL consumption constraints certainly does not count as a subsidy. Anytime the oil market is constrained the prices skyrocket and SUV owners certainly pay their share. The only source resembling an oil subsidy is our strategic reserves. Since those reserves are bought and sold on the open market that isn't really a subsidy either.
Every single point you mentioned that a voting systems needs, also exists in a live lottery POS terminal.
No. There is no requirement for anonymity in either lottery machines or gambling. In fact it is undesirable. I'm sure in the machines you designed there was a timestamp and unique ID assigned to every transaction, and every transaction logged and capable of external audit in real time and after the fact. Anonymity is an ABSOLUTE REQUIREMENT of a voting system. That means you must develop and audit trail that can ascertain that everyone only votes once, and that the vote was recorded accurately, but you can record when or how they voted. You also can't record when or how any particular vote was placed. Anyone can right a system that is very secure. It's hard, but it is for the most part a solved problem. The interesting part is PROVING it is secure (in real time and externally auditable) without compromising anonymity.
It is non-trivial to create a machine that will perfectly record every vote, without being vulnerable to tampering or loss of data. These machines are expected to record every single legitimate vote, discard any ilegitimate vote, be invulnerable to physical tampering, but if tampered with they must detect and report the tampering while still retaining the previous votes and be able to be restored to service quickly. There must be an internal mechanism for assuring that the reported votes are correct, and there must be a means of external verification that can assure the reported votes without linking them to specific transactions.
Compared to this, lotteries and slot machines are easy, yet both have been succesfully attacked.
I'm not sure that "1-Click Ordering" is obvious. In fact, it's so non-obvious that after Bezos instructed the developers what he wanted them to do, they came back with 2-Click Ordering (1-click plus a confirmation page). Presumably these developers were "Sufficiently skilled in the art" of developing websites, yet the thought of actually letting a user buy something with one click was completely foreign even after sitting in a meeting and having it described to them. This is in Cooper's book, "The Inmates are Running the Asylum."
You are correct, Verisign manages A and J, but A is not primary anything. None of the root servers are special they all have a database given to them by IANA. There are 11 other servers run by 11 other organizations. If A and J went off line it wouldn't be that big of a deal.
The only potential problem would be if ICANN took.com and.net away from Verisign and Verisign refused to update A and J to point to the new tld servers. This is incredibly unlikely (IIRC it's not even the same group at Verisign) and I'm sure it would quickly be solved.
I don't remember a Boba Fett cereal offer but I do remember collecting a lot of UPC's from other action figures to mail off for a special Boba Fett figure. Too bad my mom gave away all my figures, they're apparantly worth something.
You have to remember what allows verisign todo wildcarding, the fact that they still manage the root servers.
Verisign does not manage the root servers (except for A root). The root servers are managed by a bunch of different folks and you can find them at root-servers.org, but that is completely orthogonal to this discussion.
What is relevant is that Verisign manages the.com and.net TLD servers (dig com. SOA). This is NOT the same as the root (dig . SOA). The only "thing" of real importance that Verisign has is the master zone files for these domains, but others have those, too.
"... this a formal demand to return the operation of the.com and.net domains to their state before the 15 September changes..."
This could be interpreted by Verisgin to undo all changes since the 15th of Sept. Verisign could easily roll back any.com and.net registrations since the 15th of Sept and then claim "ICANN ordered us to!".
It could be read that way only by someone who didn't actually read it. ICANN's letter makes no mention of a "restore from backup" of the zone files. It makes mention of specific changes and asks that those changes be backed out. It demands that the operation not the content of the domains be returned to a previous state. These folks know what they are talking about and they know what they are asking for.
We have here a service which has, to some extend, broken how many of the tried-and-true mechanisms work. While it might be true that there are no RFC's to cover this, when something has been function for a long duration and a change, in effects, damages that functionality, I think there are greater considerations.
Your premisses are flawed. There ARE RFC's that cover this, and the wildcards in the DNS are fully RFC compliant. This is why ISC refused to change the default behavior of BIND when they introduced the new delegation-only feature. Enabling the delegation-only feature makes your DNS server be non-RFC compliant.
The other flaw is with the folks that built systems based on the supposition that there would never be wildcards or A records in the root zones. This wasn't a safe assumption to begin with since there are already examples of root zones with wildcards and A records from day one.
The charge is new, it didn't exist when I signed up. I seriously doubt they are making any money off of it though, most likely just a speed bump to keep people from registering all their friends and neighbors like people did with the national list.
No, it's more like 50 million* people have asked the US gov't to put up premptive no music zones around their homes. You don't have any problem with that?
*That number is most likely made up. Otherwise you would have to believe that 50% of the households in the US (more than the number that have Internet access) went to that website and put in their phone number.
He didn't change his argument. His argument is there is no need for THIS regulation. In addition to regulations on cell phone and pager calls there are also existing laws regarding telemarketing calls to landlines. Should all of this legislation be repealed? Ron Paul might think so, but I don't see anything in ichimunki's post to lead me to believe that is what he is arguing for.
The ones who voted against it did so because they realize that the federal gov't shouldn't be telling companies who they can and can't call. There also is an equal protection problem with the law because it exempts certain telemarketers from the list. Surprise, suprise, the exemptions include telemarketers raising money for political candidates. So have no fear, all those reps who voted in favor of this bill will be using their own telemarketers to remind you of that fact next November.
This law isn't a good use of legislative muscle anyway, there are already very good ways that you can get yourself off the telemarketers dial list, not the least of which is the do not call list that the Direct Marketing Association has been maintaining themselves for years. You can use the same list to opt out of most junk snail mail too. Call the credit reporting angencies and tell them you don't want unsolicited credit offers and you'll be down to very few calls. The remaining ones will go away (for the most part) if you use the magic words, "Please put me on your do not call list."
In this context I think "security" is a process of minimizing risks to acceptable levels for an arbitrary application.
If the public can't review something, they can't know it's safe.
So? 99.999% of the population can't determine good programming even if the source is open. I guess by your theory there is no secure software in use at the CIA or the NSA because "the public" hasn't seen the code.
The sanely paranoid won't take anyone's word on security, they need the ability to check it personally.
"The sanely paranoid" != "The public"
Only those using the software need to know it is secure. This can be accomplished whether the software is Open Source or not.
The question should be, is it possible to create a truly secure product when there's no opportunity for public code review? My answer would be "no".
Your answer is false, and obviously so. It can be shown that all security vulnerabilities which are found in any code will be found by a finite number of people. Assuming the correct set, only this number of people need to see the code. The difficulty with closed source is not the number of eyes, but which eyes those are since the vast majority of the people who look at source find nothing of value. While open source security software may be appealing from a market perspective it is by no means a requirement to write secure code.
You ever notice that when you go the bank at least one of the ATMs is non-functional. Makes you think maybe it's not the best engineering feat.
Have you ever gone to the bank and seen one of the ATM's spewing cash on the floor? No? The it's doing it's job. The ATM is only supposed to give cash to the right person under a tightly controlled transaction model. If it can't do that it's supposed to do nothing. That's why they have multiple ATM's at most locations, not because they necessarily expect them to be used simultaneously, but because they expect them to go down occasionally.
Um, ATM's are COTS. No bank builds their own ATM's, and the stuff inside is not really proprietary either. It's all standards based, and available to the public, it's just different standards than TCP/IP. It isn't even hard to get your hands on the stuff. The guy in the cube next door owns a couple of ATM's and makes good money off the fees.
So you're saying they should be easy to shut down? Good enough for me.
Are you under the impression that current ATM's are difficult to shut down? Try sticking gum in the card slot, or taking a baseball bat to the screen. Heck, many of the standalone machines even have a power cord that you could yank out of the wall. One or another of the ATM's at my bank is down most of the time, but it doesn't really matter, 'cause there's a lot of them. The security of ATM's does not revolve around uptime, it revolves around keeping the money inside.
Then it dawns on me... if I were a terrorist with a big ol' fruitcake bomb in my carryon or a plastic shiv down my sock, I'd just calmly walk out of there since they've told me that I'm slated to be searched.
Congress shall make no law...abridging the freedom of speech" (library surveillence)
I'm sorry, I don't see the connection between the FBI being able to search the library checkout records of suspected terrorists and abridgement of anyone's first ammendment rights.
"...no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized." (lax warrant rules)
AFAIK the USAPA doesn't change any of the guidlines for issuance of warrants. I think this confusion comes from the fact that some public information can now be gathered on the basis of a sworn statement by a Department of Justice official. I don't have an issue with this, since I think it's silly that they should need a warrant to collect public information.
"...nor be deprived of life, liberty, or property, without due process of law..." (detainment, lax warrant rules)
There is nothing in USAPA that obviates the requirement of due proccess.
"...be informed of the nature and cause of the accusation; to be confronted with the witnesses against him..." (lack of disclosure)
While the USAPA does explicitly allow for searches (with appropriate warrants) without the knowledge of the target of the search I am not certain that this would not be allowed exclusive of USAPA. The warrant would have to specifically allow this under USAPA. I think it is fairly obvious that in some cases it would be very important that the FBI be able to collect evidence without the subjects knowledge.
Is all this actually untrue, and the PATRIOT Act should give everyone warm fuzzies, where being spied on should be considered the height of patriotic contribution?
I would suggest that you read the law and decide for yourself. It isn't that long and it's posted all over the web. You may want to take the additional time to read some of the USC that it modifies as well. I haven't done as much research as I'd like, but I have examined the specific concerns of these groups enough to know that they are FOS.
Keep in mind when reading that the SCOTUS will usually apply the "compelling state interest" test when considering allegations of civil rights violations. Do you believe that the state's interest in inteligence gathering is greater than a suspected terrorist's right to know a search warrant has been issued for his library records? The ACLU doesn't. You might agree with them, I don't.
Slashdot Mirror
They promised that for Windows 2000, and it's actually true. You can install/uninstall/reinstall almost any service without a reboot. You can also reconfigure the network stack which wasn't possible in older versions. Most of the patches require reboots because they are replacing files that are in use by the system.
Wow, 590,000,000 something barrels of oil is an inadequate reserve? The fact that we could go 3 months with zero imports and zero domestic production, or over a year with significantly decreased imports is stupid? What rock do you live under? As for CO2, that's not a constraint on consumption, but it does lead to junk scientists demanding aftificial constratints. My only response is, who gives a damn? Not the environmentalists. If they really cared about cutting carbon emissions, they wouldn't block fuel sources that produce zero emissions like nuclear while at the same time demanding subsidies for "clean" power sources like electric cars and corn oil which actually increase emissions through inefficiency.
There are no "real" fuel consuption constraints. We could be sitting pretty with oil and natural gas for several centuries. The lack of caving to the environmental sissies and the sheik oil barrons who are in favor of ARTIFICIAL consumption constraints certainly does not count as a subsidy. Anytime the oil market is constrained the prices skyrocket and SUV owners certainly pay their share. The only source resembling an oil subsidy is our strategic reserves. Since those reserves are bought and sold on the open market that isn't really a subsidy either.
Every single point you mentioned that a voting systems needs, also exists in a live lottery POS terminal.
No. There is no requirement for anonymity in either lottery machines or gambling. In fact it is undesirable. I'm sure in the machines you designed there was a timestamp and unique ID assigned to every transaction, and every transaction logged and capable of external audit in real time and after the fact. Anonymity is an ABSOLUTE REQUIREMENT of a voting system. That means you must develop and audit trail that can ascertain that everyone only votes once, and that the vote was recorded accurately, but you can record when or how they voted. You also can't record when or how any particular vote was placed. Anyone can right a system that is very secure. It's hard, but it is for the most part a solved problem. The interesting part is PROVING it is secure (in real time and externally auditable) without compromising anonymity.
It is non-trivial to create a machine that will perfectly record every vote, without being vulnerable to tampering or loss of data. These machines are expected to record every single legitimate vote, discard any ilegitimate vote, be invulnerable to physical tampering, but if tampered with they must detect and report the tampering while still retaining the previous votes and be able to be restored to service quickly. There must be an internal mechanism for assuring that the reported votes are correct, and there must be a means of external verification that can assure the reported votes without linking them to specific transactions.
Compared to this, lotteries and slot machines are easy, yet both have been succesfully attacked.
I'm not sure that "1-Click Ordering" is obvious. In fact, it's so non-obvious that after Bezos instructed the developers what he wanted them to do, they came back with 2-Click Ordering (1-click plus a confirmation page). Presumably these developers were "Sufficiently skilled in the art" of developing websites, yet the thought of actually letting a user buy something with one click was completely foreign even after sitting in a meeting and having it described to them. This is in Cooper's book, "The Inmates are Running the Asylum."
He also makes it sound like users didn't know how to use search engines to find websites before sitefinder.
Instead of getting an error page, its users get an option to search the Internet, try a similar name or search popular categories.
You are correct, Verisign manages A and J, but A is not primary anything. None of the root servers are special they all have a database given to them by IANA. There are 11 other servers run by 11 other organizations. If A and J went off line it wouldn't be that big of a deal.
.com and .net away from Verisign and Verisign refused to update A and J to point to the new tld servers. This is incredibly unlikely (IIRC it's not even the same group at Verisign) and I'm sure it would quickly be solved.
The only potential problem would be if ICANN took
I don't remember a Boba Fett cereal offer but I do remember collecting a lot of UPC's from other action figures to mail off for a special Boba Fett figure. Too bad my mom gave away all my figures, they're apparantly worth something.
You have to remember what allows verisign todo wildcarding, the fact that they still manage the root servers.
.com and .net TLD servers (dig com. SOA). This is NOT the same as the root (dig . SOA). The only "thing" of real importance that Verisign has is the master zone files for these domains, but others have those, too.
Verisign does not manage the root servers (except for A root). The root servers are managed by a bunch of different folks and you can find them at root-servers.org, but that is completely orthogonal to this discussion.
What is relevant is that Verisign manages the
"... this a formal demand to return the operation of the .com and .net domains to their state before the 15 September changes ..."
.com and .net registrations since the 15th of Sept and then claim "ICANN ordered us to!".
This could be interpreted by Verisgin to undo all changes since the 15th of Sept. Verisign could easily roll back any
It could be read that way only by someone who didn't actually read it. ICANN's letter makes no mention of a "restore from backup" of the zone files. It makes mention of specific changes and asks that those changes be backed out. It demands that the operation not the content of the domains be returned to a previous state. These folks know what they are talking about and they know what they are asking for.
We have here a service which has, to some extend, broken how many of the tried-and-true mechanisms work. While it might be true that there are no RFC's to cover this, when something has been function for a long duration and a change, in effects, damages that functionality, I think there are greater considerations.
Your premisses are flawed. There ARE RFC's that cover this, and the wildcards in the DNS are fully RFC compliant. This is why ISC refused to change the default behavior of BIND when they introduced the new delegation-only feature. Enabling the delegation-only feature makes your DNS server be non-RFC compliant.
The other flaw is with the folks that built systems based on the supposition that there would never be wildcards or A records in the root zones. This wasn't a safe assumption to begin with since there are already examples of root zones with wildcards and A records from day one.
The charge is new, it didn't exist when I signed up. I seriously doubt they are making any money off of it though, most likely just a speed bump to keep people from registering all their friends and neighbors like people did with the national list.
No, it's more like 50 million* people have asked the US gov't to put up premptive no music zones around their homes. You don't have any problem with that?
*That number is most likely made up. Otherwise you would have to believe that 50% of the households in the US (more than the number that have Internet access) went to that website and put in their phone number.
He didn't change his argument. His argument is there is no need for THIS regulation. In addition to regulations on cell phone and pager calls there are also existing laws regarding telemarketing calls to landlines. Should all of this legislation be repealed? Ron Paul might think so, but I don't see anything in ichimunki's post to lead me to believe that is what he is arguing for.
The ones who voted against it did so because they realize that the federal gov't shouldn't be telling companies who they can and can't call. There also is an equal protection problem with the law because it exempts certain telemarketers from the list. Surprise, suprise, the exemptions include telemarketers raising money for political candidates. So have no fear, all those reps who voted in favor of this bill will be using their own telemarketers to remind you of that fact next November.
This law isn't a good use of legislative muscle anyway, there are already very good ways that you can get yourself off the telemarketers dial list, not the least of which is the do not call list that the Direct Marketing Association has been maintaining themselves for years. You can use the same list to opt out of most junk snail mail too. Call the credit reporting angencies and tell them you don't want unsolicited credit offers and you'll be down to very few calls. The remaining ones will go away (for the most part) if you use the magic words, "Please put me on your do not call list."
No, what do you think "security" is?
In this context I think "security" is a process of minimizing risks to acceptable levels for an arbitrary application.
If the public can't review something, they can't know it's safe.
So? 99.999% of the population can't determine good programming even if the source is open. I guess by your theory there is no secure software in use at the CIA or the NSA because "the public" hasn't seen the code.
The sanely paranoid won't take anyone's word on security, they need the ability to check it personally.
"The sanely paranoid" != "The public"
Only those using the software need to know it is secure. This can be accomplished whether the software is Open Source or not.
The question should be, is it possible to create a truly secure product when there's no opportunity for public code review? My answer would be "no".
Your answer is false, and obviously so. It can be shown that all security vulnerabilities which are found in any code will be found by a finite number of people. Assuming the correct set, only this number of people need to see the code. The difficulty with closed source is not the number of eyes, but which eyes those are since the vast majority of the people who look at source find nothing of value. While open source security software may be appealing from a market perspective it is by no means a requirement to write secure code.
You ever notice that when you go the bank at least one of the ATMs is non-functional. Makes you think maybe it's not the best engineering feat.
Have you ever gone to the bank and seen one of the ATM's spewing cash on the floor? No? The it's doing it's job. The ATM is only supposed to give cash to the right person under a tightly controlled transaction model. If it can't do that it's supposed to do nothing. That's why they have multiple ATM's at most locations, not because they necessarily expect them to be used simultaneously, but because they expect them to go down occasionally.
Do YOU have an MBA from Harvard?
Um, ATM's are COTS. No bank builds their own ATM's, and the stuff inside is not really proprietary either. It's all standards based, and available to the public, it's just different standards than TCP/IP. It isn't even hard to get your hands on the stuff. The guy in the cube next door owns a couple of ATM's and makes good money off the fees.
So you're saying they should be easy to shut down? Good enough for me.
Are you under the impression that current ATM's are difficult to shut down? Try sticking gum in the card slot, or taking a baseball bat to the screen. Heck, many of the standalone machines even have a power cord that you could yank out of the wall. One or another of the ATM's at my bank is down most of the time, but it doesn't really matter, 'cause there's a lot of them. The security of ATM's does not revolve around uptime, it revolves around keeping the money inside.
Then it dawns on me... if I were a terrorist with a big ol' fruitcake bomb in my carryon or a plastic shiv down my sock, I'd just calmly walk out of there since they've told me that I'm slated to be searched.
How would this be a bad thing?
That would be an RJ-48.
Congress shall make no law...abridging the freedom of speech" (library surveillence)
I'm sorry, I don't see the connection between the FBI being able to search the library checkout records of suspected terrorists and abridgement of anyone's first ammendment rights.
"...no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized." (lax warrant rules)
AFAIK the USAPA doesn't change any of the guidlines for issuance of warrants. I think this confusion comes from the fact that some public information can now be gathered on the basis of a sworn statement by a Department of Justice official. I don't have an issue with this, since I think it's silly that they should need a warrant to collect public information.
"...nor be deprived of life, liberty, or property, without due process of law..." (detainment, lax warrant rules)
There is nothing in USAPA that obviates the requirement of due proccess.
"...be informed of the nature and cause of the accusation; to be confronted with the witnesses against him..." (lack of disclosure)
While the USAPA does explicitly allow for searches (with appropriate warrants) without the knowledge of the target of the search I am not certain that this would not be allowed exclusive of USAPA. The warrant would have to specifically allow this under USAPA. I think it is fairly obvious that in some cases it would be very important that the FBI be able to collect evidence without the subjects knowledge.
Is all this actually untrue, and the PATRIOT Act should give everyone warm fuzzies, where being spied on should be considered the height of patriotic contribution?
I would suggest that you read the law and decide for yourself. It isn't that long and it's posted all over the web. You may want to take the additional time to read some of the USC that it modifies as well. I haven't done as much research as I'd like, but I have examined the specific concerns of these groups enough to know that they are FOS.
Keep in mind when reading that the SCOTUS will usually apply the "compelling state interest" test when considering allegations of civil rights violations. Do you believe that the state's interest in inteligence gathering is greater than a suspected terrorist's right to know a search warrant has been issued for his library records? The ACLU doesn't. You might agree with them, I don't.