Analogies to the no-fly list are flawed: the no-fly list is a policy maintained by people. What's at issue here is an automated "behavioral detection" system. When "foolproof" systems make a lot of noise on prominent people, those systems are "put under review", which basically results in crippling them to the point of uselessness to the tune of millions of dollars (or GBP, in this case).
However, even if I accept your analogy, the Kennedy fiasco did start down the path of neutering the no-fly list to the point that it's nearly useless. It doesn't happen suddenly and publicly, it happens because no one involved wants to be the guy that put the next prominent person on the list.
Taxpayers end up footing the bill for dozens of pointless systems -- things that were of dubious efficacy when they were conceived, and which have since been neutered to the point of absurdity.
At some point, some government official will either be exposed to be pervert or some such, or will be wrongfully and horribly flagged as some sort of terrorist.
In fact, I'm willing to bet the European hacker community will take steps to ensure that such a thing happens. As soon as it does, there will be all sorts of running about to cripple the system to the point that it's inert, but oddly still very expensive.
"people can't be bothered targeting us" isn't the best security policy.
Not by itself, of course not. Note how I mention several other security advantages immediately after that. But you do realize that lowering desirability of target is a key component of risk management, right?
Look, risk is "likelihood times impact". You can't really affect impact in most cases, but you can nearly always impact likelihood. Strong passwords make it less likely that someone will breach your system. Separation of duties makes it less likely that a single legitimate user will be the source of a compromise. Choosing something that requires unusual skills to attack (like a mainframe) reduces the likelihood people will even try.
And, choosing to use something that isn't worthwhile to attack reduces the likelihood that an attacker will go after you instead of someone else.
The only caveat is that, like any security decision, it can't stand on its own. You still need to practice defense in depth, you still need other security controls in place.
A shitty Linux admin is just as bad as a shitty Windows admin.
A-farking-men.
Linux -- really, the Unix family in general -- does have some security advantages over Windows. For example, lower desktop market share makes it less attractive (and, yes, that is a security advantage); a straightforward access control system makes it easier to harden; text-based config files make it easier to audit; etc.
However, security features don't matter if you don't use them. If the average idiot uses Linux, they only safety they have right now is that it's not being targeted especially actively. As soon as there are a few "useful" trojans out there, J Random User will happily enter his password at the sudo prompt to get the strip-poker game (or whatever) the malware is riding on.
This is only untrue if you have a professional administrating the machine, and disallowing stupid user tricks.
Yes, but it just does not have the same je nais se qua as the iPhone.
Hm, really? Personally, I returned my n810 - it was too fiddly. A jailbroken iPhone has so far been the only smart phone I can stand to use; I'm able to easily pick it up, do something useful in short order, and put it away again.
The attraction to the iPhone is partly novelty - it's the only touchscreen-only phone I've ever seen that's actually usable - but also partly that it's intuitive. Watching my wife and non-geek friends pick up the phone and immediately be productive has been amazing.
This is what Apple is very good at: finding the right places to sacrifice power and flexibility to increase utility for most users.
It's embarrassing to admit they're paying hundreds of dollars extra in order to purchase some plastic respect.
Ah, slashdot, home of the social over-simplification.
The iPhone is a fine smart phone. It's a decent phone, with a quite respectable OS and available set of applications. Apple is doing a shit job of managing the app store - which tends to happen when you have an artificial monopoly - but, that doesn't make the phone shit.
I'm sure there are people out there who buy iPhones because everyone else seems to have one. But inferring from this that the iPhone must suck is fallacious.
Support for his initiative is likely to be seen as support for so-called Christian values and the perverted/repressed view that nakedness is sex is sin -- not as support for civil liberties like not being searched at all without probable cause.
Funny, he's citing invasion of privacy as the main reason to object. Try not to assume that everything is always "sex is bad".
If we want to reinforce good behavior like this, you have to applaud the people who do the right thing.
Once users learn whether they put in their password or not they can still see or not see the dancing squirrels
You're way too optimistic. Users will not learn because users don't care. No matter how much information you give people, no matter how much code signing you do - users will do whatever they have to do to get something they believe they want to work.
You can't stop this without initiating draconian "all code must be signed by a trusted cert or it won't run" - the iPhone does this, but the trade-off is that you can only get iPhone apps from Apple. (unless you hack your phone, which also removes any of the security advantage of the signing system).
We'll always have to allow unsigned, untrusted apps to run in some circumstances. And the user will happily click and enter their password or do a jig or whatever to allow those trojans to run.
They will revamp the program to just automatically generate a ticket to the owner of the vehicle instead.
I don't know much about the UK's legal system, but that's already routinely failed Constitutional tests in the US.
Ticketing the owner of the car is not the same as ticketing the offender. In my home state, red light cameras were pulled based on this argument: I shouldn't be held responsible for someone running a red light in my car.
I do agree that politicians can be very creative when it comes to revenue. I can easily imagine a state that requires people to biometrically identify themselves before driving, then tickets them for even minor offenses...
they are more than happy to key in their password for anything that asks, even if they don't know what they are doing. After all, they are on a Mac, they don't have virus protection because it doesn't need it, so how is something bad going to get on the system.
Unfortunately, the only patches for user stupidity are illegal. If you get caught.
OS-X has a pretty good balance between honestly trying to protect the user from doing stupid things and implementing a Vista-esque approach (i.e. so draconian that users find a way to turn it off entirely). You get asked for a password whenever something needs root equivalence.
But that's not going to help people who will do anything to see the dancing squirrels...
Take a moment, e-mail this guy your thanks. Then take one extra minute and tell your representative and senators that this guy has the right idea and should be supported.
One message may not make a difference, but millions of slashdotters cheering them on will.
Setting aside all the implementation and nanny-state issues: no government in their right mind would approve a device that would effectively stop people from speeding. There's simply far too much money in handing out speeding tickets.
Everyone's situation will be a little different, but here's how the cost of driving breaks down:
Costs of car ownership
Car payment
Repairs and maintenance
Costs of driving
Insurance
Parking fees/permits
Fuel
For most people, these expenses will be after-tax expenses. Commuting daily on public transit does not affect the car payment. However:
The care needs fewer repairs and less maintenance because it's not driven nearly as much
The cost to insure the car goes down, because it becomes a recreation-only vehicle instead of a commuter vehicle
Parking fees are either reduced (because parking near transit is often cheaper than parking near work) or eliminated (since many park-n-ride's are free). This probably varies widely depending on where you live.
Fuel cost is dramatically reduced because you're not driving as much.
On top of those savings:
Many employers offer partial subsidy for transit passes
Many areas allow for transit passes to be purchased with pre-tax dollars
As an end result, my car costs went from $530/mo to $310/mo; my transit cost is only $60/mo, and that's pre-tax. I save $2000/yr, and my commute is relaxing, productive time instead of a stressful, all-consuming drive.
It's not $12k, but it's still a significant savings.
you dont[sic] need to understand free licences[sic] - there's nothing to stop you releasing proprietary software that runs on linux.
That's true, but unfortunately beside the point. Many product managers and the like have such confusion over the terms of the GPL that they believe any software they write to run on a GPL'd platform (like Linux) must also have a free license.
Or, at the very least, they believe that they'll be sued into releasing the source code.
It doesn't really matter that their perception is a fiction: unless people who already have these managers' attention can make a convincing case ("convincing" in the PHB sense, not the reasonable-person sense), the perception won't change. And there won't be as much commercial software for Linux.
This results in the wonderfully circuitous circumstance that consumers don't adopt Linux because the games/etc. they want aren't available for it; and those games don't get ported to Linux because there's no market share.
Bah, "ain't" is a perfectly valid contraction for "am not", and has been since at least 1706. (See http://www.etymonline.com/index.php?search=ain't&searchmode=none) Proscriptionists object to it largely because it's often used for "is not", or "are not", which was seen as somehow "perverting" the English language.
In fact, though, "ain't" has been used that way since at least the 19th century.
About the worst that you can say of "ain't" is that it's inappropriate for a formal register, but so are most contractions.
You won't ever get that. If you share one copyright-protected item without permission, the copyright-holder has standing to sue you. Whether or not you actually get sued depends entirely on whether the plaintiff (a)notices you, and (b)considers you worth the effort.
I assume the sued-people are hushed, but don't they leak out the lawsuit details somewhere so we can all learn?
You don't know how the legal system works, do you? Specifics of a settlement are commonly sealed, but the rest of the proceeding -- including the details of the complaints -- is public record. It's possible to seal them, but very unusual (pretty much, the complaints themselves must, by necessity, contain information that would be harmful if released [e.g. in trade-secret litigation] -- this has never, to my knowledge, happened in a copyright-infringement suit).
Go to the library and ask your reference librarian about how you'd find relevant cases. Remember that they're not allowed to give legal advice, but they can help you find what you're looking for.
The "Piracy" argument is misdirection. Thet's not what they're really worried about.
Partly, but it's way more complex than that.
There are three basic things that the media industries, as represented by MPAA and RIAA, care about when it comes to copyright infringement:
lost sales. Whether or not it's true doesn't really enter into it. Leadership of these organizations and their largest members truly believe that if all infringement could be stopped, people would have to buy their music. They don't understand downloading as a discovery process, they only understand it as an ownership process.
legal perception. There are people, mostly abroad, who massively copy media for the purpose of sale. This represents a real business risk. If the industry chooses to accept the infringement of their copyrights in enough "harmless" cases, they fear that they will lose their standing to ask for help with the stuff that really is hurting them. Their fear is not entirely unjustified.
control. This is related to what you were talking about. Copyright is about control; the executives fear losing control over the marketing and management of their talent and their talent's products. They don't want to invest millions in marketing a band only to have their sales fall flat because we already heard their album, and there's only the one good song.
As with most things in Corporate America, the decisions are being made by people who are by nature disconnected with what's really going on. If most people knew how many major business decisions are made by looking at data, then ignoring that data and going with a gut feeling, they'd blanch in seconds.
So I can run a website saying I am making heroin, illegal firearms and small children available for purchase, and that's fine right up until the money changes hands?
I'm not an attorney, but I do have some legal experience. Let me show you the imperfections in your analogy. (Note, none of this is legal advice; if you need that, hire a real lawyer).
Announcing on a website that "hey, I'm making heroin, I'll be selling it later" is not, of itself illegal. It's quite possibly probable cause for investigation, perhaps even a search warrant. If you actually were making heroin, you'll be charged with a crime. If you actually were planning to sell heroin, you'll be charged with a crime. If you did neither of those things, you'll end up with some hassle, but you've done nothing wrong.
Pay special attention to the "crime" portion of that explanation -- under most circumstances, copyright infringement is not a crime (see this article for an explanation) -- it's a civil matter.
My saying "hey, I have a Beatles CD that you could make a copy of" is legal. Making the copy is almost always legal. Actually giving the copy to someone is probably illegal, but not a crime -- if I'm Apple Records, I can file suit to get you to stop, and maybe I can even collect some damages.
Now, if you start selling the copy, now you might be in crime territory. If you sell enough copies, it could even be a felony. But simply announcing that you have them for sale isn't illegal, it's actually selling or attempting to sell (making a general offer like "I have some copied music I might be willing to sell" usually isn't enough, but making a specific offer like "give me $0.99 for this song copy" is probably enough to qualify as "selling").
US law is a murky, murky world; this is why lawyers are rich -- more money is made from advising people on how to interpret all the twisty little packages than is made on filing and defending lawsuits.
Anyone who paid attention and had even a hobbyist's legal training could see that the goal of the RIAA lawsuit in question was primarily intimidation.
Transmitting copyright material without authorization (or without a solid fair use claim) is illegal, and I don't begrudge copyright-holders their ability to do so. But simply advertising that you might have some information someone might want? This gets far into the realm of Orwellian and rightly doesn't have any legal teeth.
My bet is that the RIAA is quietly formulating ideas about how to push for legislation that will allow them to draw and quarter... *ahem* litigate against individuals who imply that they might have some copyright content available. Hopefully those of us who get the silliness can educate Congress and keep that from happening.
Reading a modern hard disk that's been written over with zeroes is not that simple, and would likely require very specialized, very precise hardware.
The historical problem with writing over with zeroes was that the amount of magnetic surface between tracks on the platter was fairly large. This space between tracks would keep a "ghost" of previous data should there be only zeroes written to the nearby tracks. Guttman's research and the DoD wiping method were designed to overwrite the track data and make sure that that "ghost data" would be wiped as well.
Modern disks have such narrow gaps between tracks that overwriting with zeroes is sufficient to stump any commercial data-recovery attempts. (See, e.g. The Great Zero Challenge).
The military takes more extreme measures with highly-classified data because there are ridiculously expensive and time-consuming methods that one could use to recover data that's been "merely" wiped. There are governments and organizations that have those resources that might be willing to expend them to get their hands on such data.
There are not criminal organizations that have or will expend the insane effort to recover the information that might be on an individual's drive. The cost-benefit just isn't there. An individual who boots something like DBAN and does a one-pass wipe of all zeroes across the entire disk is entirely safe from anyone who has less resources than a major government intelligence agency.
Slashdot Mirror
However, even if I accept your analogy, the Kennedy fiasco did start down the path of neutering the no-fly list to the point that it's nearly useless. It doesn't happen suddenly and publicly, it happens because no one involved wants to be the guy that put the next prominent person on the list.
Taxpayers end up footing the bill for dozens of pointless systems -- things that were of dubious efficacy when they were conceived, and which have since been neutered to the point of absurdity.
At some point, some government official will either be exposed to be pervert or some such, or will be wrongfully and horribly flagged as some sort of terrorist.
In fact, I'm willing to bet the European hacker community will take steps to ensure that such a thing happens. As soon as it does, there will be all sorts of running about to cripple the system to the point that it's inert, but oddly still very expensive.
Not by itself, of course not. Note how I mention several other security advantages immediately after that. But you do realize that lowering desirability of target is a key component of risk management, right?
Look, risk is "likelihood times impact". You can't really affect impact in most cases, but you can nearly always impact likelihood. Strong passwords make it less likely that someone will breach your system. Separation of duties makes it less likely that a single legitimate user will be the source of a compromise. Choosing something that requires unusual skills to attack (like a mainframe) reduces the likelihood people will even try.
And, choosing to use something that isn't worthwhile to attack reduces the likelihood that an attacker will go after you instead of someone else.
The only caveat is that, like any security decision, it can't stand on its own. You still need to practice defense in depth, you still need other security controls in place.
A-farking-men.
Linux -- really, the Unix family in general -- does have some security advantages over Windows. For example, lower desktop market share makes it less attractive (and, yes, that is a security advantage); a straightforward access control system makes it easier to harden; text-based config files make it easier to audit; etc.
However, security features don't matter if you don't use them. If the average idiot uses Linux, they only safety they have right now is that it's not being targeted especially actively. As soon as there are a few "useful" trojans out there, J Random User will happily enter his password at the sudo prompt to get the strip-poker game (or whatever) the malware is riding on.
This is only untrue if you have a professional administrating the machine, and disallowing stupid user tricks.
Yes, but it just does not have the same je nais se qua as the iPhone.
Hm, really? Personally, I returned my n810 - it was too fiddly. A jailbroken iPhone has so far been the only smart phone I can stand to use; I'm able to easily pick it up, do something useful in short order, and put it away again.
The attraction to the iPhone is partly novelty - it's the only touchscreen-only phone I've ever seen that's actually usable - but also partly that it's intuitive. Watching my wife and non-geek friends pick up the phone and immediately be productive has been amazing.
This is what Apple is very good at: finding the right places to sacrifice power and flexibility to increase utility for most users.
It's embarrassing to admit they're paying hundreds of dollars extra in order to purchase some plastic respect.
Ah, slashdot, home of the social over-simplification.
The iPhone is a fine smart phone. It's a decent phone, with a quite respectable OS and available set of applications. Apple is doing a shit job of managing the app store - which tends to happen when you have an artificial monopoly - but, that doesn't make the phone shit.
I'm sure there are people out there who buy iPhones because everyone else seems to have one. But inferring from this that the iPhone must suck is fallacious.
Funny, he's citing invasion of privacy as the main reason to object. Try not to assume that everything is always "sex is bad".
If we want to reinforce good behavior like this, you have to applaud the people who do the right thing.
You're way too optimistic. Users will not learn because users don't care. No matter how much information you give people, no matter how much code signing you do - users will do whatever they have to do to get something they believe they want to work.
You can't stop this without initiating draconian "all code must be signed by a trusted cert or it won't run" - the iPhone does this, but the trade-off is that you can only get iPhone apps from Apple. (unless you hack your phone, which also removes any of the security advantage of the signing system).
We'll always have to allow unsigned, untrusted apps to run in some circumstances. And the user will happily click and enter their password or do a jig or whatever to allow those trojans to run.
I don't know much about the UK's legal system, but that's already routinely failed Constitutional tests in the US. Ticketing the owner of the car is not the same as ticketing the offender. In my home state, red light cameras were pulled based on this argument: I shouldn't be held responsible for someone running a red light in my car. I do agree that politicians can be very creative when it comes to revenue. I can easily imagine a state that requires people to biometrically identify themselves before driving, then tickets them for even minor offenses...
Unfortunately, the only patches for user stupidity are illegal. If you get caught.
OS-X has a pretty good balance between honestly trying to protect the user from doing stupid things and implementing a Vista-esque approach (i.e. so draconian that users find a way to turn it off entirely). You get asked for a password whenever something needs root equivalence.
But that's not going to help people who will do anything to see the dancing squirrels...
Take a moment, e-mail this guy your thanks. Then take one extra minute and tell your representative and senators that this guy has the right idea and should be supported. One message may not make a difference, but millions of slashdotters cheering them on will.
Setting aside all the implementation and nanny-state issues: no government in their right mind would approve a device that would effectively stop people from speeding. There's simply far too much money in handing out speeding tickets.
Arbiet Also Macht Pie. And Pi*R*tasty.
Everyone's situation will be a little different, but here's how the cost of driving breaks down:
For most people, these expenses will be after-tax expenses. Commuting daily on public transit does not affect the car payment. However:
On top of those savings:
As an end result, my car costs went from $530/mo to $310/mo; my transit cost is only $60/mo, and that's pre-tax. I save $2000/yr, and my commute is relaxing, productive time instead of a stressful, all-consuming drive. It's not $12k, but it's still a significant savings.
No, I'm not - but game company managers might be.
I suggest you improve your reading comprehension before attacking people.
That's true, but unfortunately beside the point. Many product managers and the like have such confusion over the terms of the GPL that they believe any software they write to run on a GPL'd platform (like Linux) must also have a free license.
Or, at the very least, they believe that they'll be sued into releasing the source code.
It doesn't really matter that their perception is a fiction: unless people who already have these managers' attention can make a convincing case ("convincing" in the PHB sense, not the reasonable-person sense), the perception won't change. And there won't be as much commercial software for Linux.
This results in the wonderfully circuitous circumstance that consumers don't adopt Linux because the games/etc. they want aren't available for it; and those games don't get ported to Linux because there's no market share.
It's possible this "could" lead to bendable screens, but the technology isn't complete enough to be used in that way.
Saying this tech could lead to bendable screens is a lot like saying that nanotubes "could lead to" a space elevator.
"banished from correct English" is properly interpreted as a snide remark, since there's no such thing as "correct English".
Bah, "ain't" is a perfectly valid contraction for "am not", and has been since at least 1706. (See http://www.etymonline.com/index.php?search=ain't&searchmode=none) Proscriptionists object to it largely because it's often used for "is not", or "are not", which was seen as somehow "perverting" the English language.
In fact, though, "ain't" has been used that way since at least the 19th century.
About the worst that you can say of "ain't" is that it's inappropriate for a formal register, but so are most contractions.
Cheers,
Your Friendly Neighborhood Pedant
You won't ever get that. If you share one copyright-protected item without permission, the copyright-holder has standing to sue you. Whether or not you actually get sued depends entirely on whether the plaintiff (a)notices you, and (b)considers you worth the effort.
You don't know how the legal system works, do you? Specifics of a settlement are commonly sealed, but the rest of the proceeding -- including the details of the complaints -- is public record. It's possible to seal them, but very unusual (pretty much, the complaints themselves must, by necessity, contain information that would be harmful if released [e.g. in trade-secret litigation] -- this has never, to my knowledge, happened in a copyright-infringement suit).
Go to the library and ask your reference librarian about how you'd find relevant cases. Remember that they're not allowed to give legal advice, but they can help you find what you're looking for.
+1, Insightful. I wish more people realized that this is how things work.
Partly, but it's way more complex than that.
There are three basic things that the media industries, as represented by MPAA and RIAA, care about when it comes to copyright infringement:
As with most things in Corporate America, the decisions are being made by people who are by nature disconnected with what's really going on. If most people knew how many major business decisions are made by looking at data, then ignoring that data and going with a gut feeling, they'd blanch in seconds.
I'm not an attorney, but I do have some legal experience. Let me show you the imperfections in your analogy. (Note, none of this is legal advice; if you need that, hire a real lawyer).
Announcing on a website that "hey, I'm making heroin, I'll be selling it later" is not, of itself illegal. It's quite possibly probable cause for investigation, perhaps even a search warrant. If you actually were making heroin, you'll be charged with a crime. If you actually were planning to sell heroin, you'll be charged with a crime. If you did neither of those things, you'll end up with some hassle, but you've done nothing wrong.
Pay special attention to the "crime" portion of that explanation -- under most circumstances, copyright infringement is not a crime (see this article for an explanation) -- it's a civil matter.
My saying "hey, I have a Beatles CD that you could make a copy of" is legal. Making the copy is almost always legal. Actually giving the copy to someone is probably illegal, but not a crime -- if I'm Apple Records, I can file suit to get you to stop, and maybe I can even collect some damages.
Now, if you start selling the copy, now you might be in crime territory. If you sell enough copies, it could even be a felony. But simply announcing that you have them for sale isn't illegal, it's actually selling or attempting to sell (making a general offer like "I have some copied music I might be willing to sell" usually isn't enough, but making a specific offer like "give me $0.99 for this song copy" is probably enough to qualify as "selling").
US law is a murky, murky world; this is why lawyers are rich -- more money is made from advising people on how to interpret all the twisty little packages than is made on filing and defending lawsuits.
Anyone who paid attention and had even a hobbyist's legal training could see that the goal of the RIAA lawsuit in question was primarily intimidation.
Transmitting copyright material without authorization (or without a solid fair use claim) is illegal, and I don't begrudge copyright-holders their ability to do so. But simply advertising that you might have some information someone might want? This gets far into the realm of Orwellian and rightly doesn't have any legal teeth.
My bet is that the RIAA is quietly formulating ideas about how to push for legislation that will allow them to draw and quarter... *ahem* litigate against individuals who imply that they might have some copyright content available. Hopefully those of us who get the silliness can educate Congress and keep that from happening.
The system does, kinda-sorta, work. ;-)
Reading a modern hard disk that's been written over with zeroes is not that simple, and would likely require very specialized, very precise hardware.
The historical problem with writing over with zeroes was that the amount of magnetic surface between tracks on the platter was fairly large. This space between tracks would keep a "ghost" of previous data should there be only zeroes written to the nearby tracks. Guttman's research and the DoD wiping method were designed to overwrite the track data and make sure that that "ghost data" would be wiped as well.
Modern disks have such narrow gaps between tracks that overwriting with zeroes is sufficient to stump any commercial data-recovery attempts. (See, e.g. The Great Zero Challenge).
The military takes more extreme measures with highly-classified data because there are ridiculously expensive and time-consuming methods that one could use to recover data that's been "merely" wiped. There are governments and organizations that have those resources that might be willing to expend them to get their hands on such data.
There are not criminal organizations that have or will expend the insane effort to recover the information that might be on an individual's drive. The cost-benefit just isn't there. An individual who boots something like DBAN and does a one-pass wipe of all zeroes across the entire disk is entirely safe from anyone who has less resources than a major government intelligence agency.