Don't delude yourself. As long as something is free, people won't pay for it.
Completely wrong. I have myself and many of my friends as counter-examples. There have been occasions when I was in the music store and the only CDs I bought were ones that I already had on MP3s, all the tracks, and good quality rips. Why? Because I like music, and I like musicians. The only thing that is going to get me to stop buying CDs other than lack of money is the evil machinations of RIAA et al that make me want to take a shower before and after contemplating doing anything that would put money in their pockets.
For the most part the people that have the largest MP3 collections are people who are music fans. Music fans like music (duh). Music fans buy music. Of all the people I know there are very few exceptions to the rule that the people with the largest MP3 collections are also the same people with the largest CD collections.
A patent does not specifically have any legal standing by itself. It is up to the courts to decide the legitimacy of a patent. To require a full level of investigation of a patent and prior art would make getting any patent far too difficult. The way patents work now are they way they *should* work.
The problem comes when we have blatantly stupid patents and blatantly stupid courts and blatantly stupid people. A company can use a baseless patent with no backing in the courts to harrass other companies, organizations, or individuals, especially if those organizations have less resources for things like legal battles.
Tools > Internet Options... > Security tab > Internet Zone / Custom Settings... keep hitting disable / prompt until the cows come home. Problem solved. If you *really* need to activate some feature or other for a site, you can always add it to the trusted sites.
And $12 for 60MB of traffic? Puhleeeeeeze. 60MB on cheap DSL (512k) represents about 17 minutes of download time. If it was say 10 GB I might believe $12. And bandwidth usage charges tend to be on the upload side, rather than the download side. Moreover, despite the overdramatic exagerration of the current afflictions of online activity it misses almost completely the true dangers possible with new trends in computing and networking. Spam, pop-ups, viruses, and costly operating system releases are a circus side show, nothing more.
Wow, it's so wonderful to see such incisive an understanding of programmer productivity. Who knew that lines of code is a bad measurement of productivity? This changes everything!
Oh...wait a minute...this would be old news if it were posted on slashdot circa 1975, it's positively fossilized now. Sheesh.
Wow! Yet more proof that Robert Cringely is an idiot of legendary proportions and doesn't know a *damn* thing about anything of importance happening in computing today (or even yesterday). I think he and John Dvorak are soon to have a competition in making the least substantive comments about computing any human has ever uttered.
All these "forcasts" are stuff that is either non-important, or was obvious to even the most dim-witted long ago.
Calibration is the ultimate tool of the scientist, in that it allows you to measure your measuring instruments! Generate test articles, measure them, and determine the accuracy of the instrument. Bing, bang, boom, done! This is a no brainer, you would need to do it with any scientific instrument, regardless of its origin (whether it came from bestbuy or from perkin-elmer).
Believing what a pundit says is about like giving change for a 3 dollar bill. Tech pundits can't tell their ass from a hole in the ground. If you listen to Bob Cringely predict the future you might as well read PC Magazine's John Dvorak. God, I hate these morons, they think they are "on the edge", or "ahead of the trend", or "with it", or "legit", or "hip", or "knowledgeable about the industry", or "into the scene", or "not completely moronic" because they used napster or once saw a NeXT box or somesuch. Bah! They know nothing. They are about as disconnected from the trends and about as ill equipped (informationally as well as mentally) to predict future trends as is possible outside of living in a tribe in papua new guinea that still eats human flesh.
Keep in mind that these are the same morons who thought vrml, push technology, and internet advertising would be the "next big thing".
The fact is that broadband still has a substantial customer base that is willing to pay premium prices *AND* still has a large base of potential customers who do not have broadband but wish they do. The number of broadband users will only *increase*. Now, the number of small broandband ISPs may do all kinds of gymnastic activities and will most likely be much much smaller in the future. Nevertheless, broadband is still a viable technology, a hot commodity, a viable business, and a profitable enterprise. Broadband will not go away, not now, not ever.
The degree to which someone will take you seriously and to which they will respond to your message is roughly directly proportional to the effort it takes to send that message. It takes essentially zero effort to send an email, therefore it garners essentially zero consideration. Snail mail, phone calls, etc. especially if well thought out, garner considerably more attention.
That problem wouldn't even exist if the software was open source. They're just script kiddies. Use vfs. Linux whatever. It needs higher level access. C'mon Guys, This article is one man's attempt to excuse his own actions.
Seriously though, if you are highly technically savvy (which I will assume since we are speaking about the state of the art) then you can not only create near unbreakable encryption, but near undetectable (or untraceable) encryption. Steganography is a child's toy compared to some of the things that are possible. The internet is a vast 86,400 / 365 information sea, slipping a few megabytes of low profile data into it is going to be hard to notice. By utilizing multiple techniques at the same time (hard encryption, low signal to noise ratio channels, low detectability communications, difficult traceability, etc.) you can be confident that even if someone found your data they would not be able to understand it or extract useful information from it.
For example, let's say you want to send data to someone else. Let's say it's a short text message, though it could be anything up to gigabytes of data without too much trouble. The sender encrypts the text using public key cryptography with a large key (4096-bits or larger), then breaks the encrypted message into several really small chunks, then uses a program to generate thousands of fake chunks. Then, using a sequence of hacked ISP and shell accounts (preferably spanning the world), the sender embeds this "chunk stream" into some nondescript form of communication. Let's say they use a large number of spam messages, or pornographic multimedia posted to a highly trafficked usenet newsgroup over several days and a simple steganographic technique for the embeddding. The receiver downloads the source files, extracts the "chunk stream", selects out the valid chunks, then decrypts the data.
Let's say that Los Federales were able to detect that something funky was going on. That alone, in the firehose of the internet, is a significant challenge. They would need to first be able to extract the data from the embedding system. Not impossible, but difficult. Next they would need to cull out the invalid chunks in the pile they now have. This can be made as difficult a problem as breaking hard-encryption in and of itself. If they manage to wade through that mountain of sludge, they end up faced with near unbreakable encryption. For added fun, repeat some of the steps multiple times! (for example, double encryption, double stage steganography, etc.), preferably with different techniques for each iteration (encryption cycle 1 uses RSA, while cycle 2 uses elliptic curves, etc.)
Or, you could take the route the US has taken since before WWII and use one time pads. One time pads are provably cryptographically secure (if you don't have the key you simply CAN'T break the encryption). The only difficulty is distributing the keys.
Nevertheless, I would imagine that the main goal these days would be low-detectability rather than pure cryptographic security. If they can't find your pigeon in a flock of wild birds then they very well can't even try to decrypt the message it carries. There is a LOT of noise on the internet, that provides a huge amount of hiding space.
This is absolutely fucking rediculous. Why are hard-working, intellectual, middle class, "white collar" tech-geeks some sort of "fring group" or "underclass"? Are we really *that* different than the mainstream? The only thing I can think of is politics. "They" don't like our radical ideas, the subversion of the status quo.
Anywho, it is completely bogus that the inventor of PGP would come under attack in a time like this. What about all the major corporations around the world (General Electric prime among them) who, through poor controls on nuclear technology, contributed *heavily* to nuclear proliferation? Pakistan and India have the bomb in the here and now because of technology sold (or given) to them by the west (by the US, by Canada, by Germany, by the UK).
And let us not forget all the corporations selling conventional weapons. Especially so since, unlike nuclear weapons, these ARE used. France sells Mirage fighter jet's and anti-shipping Exocet missiles to just about anyone and they're brother. Corporations in all western countries sell arms of all kinds to countries of all kinds. A timely case in point would be the US made F-16 Israel has been using to attack Palestine.
Phillip Zimmerman is far from a wealthy man from his efforts to create a free encryption program. And yet, worldwide arms sales topped 35 *billion* dollars last year, half of that sales from the US. And more than 2/3 of those weapons sales were to poor countries. Yes my friends, the industrialized world is the equivalent of the sleezy gun shop on the street corner in the ghetto.
And yet, do the news media outlets turn a scornfull eye toward these activites? Toward the generation of cold hard cash by selling weapons of war to the poorest countries of the world? It really makes you wonder....
We're talking about adults, paying for their education here. If they need a nanny, kick them out and send them home. If a college can't trust students to manage their time on their own then they are doing them no favors.
Whenever an employer fucks up a pension plan, or terminates someone without good reason it's always "a shame". But whenever an employee walks away with a printer you can buy for 100 bucks on eBay after their severance package has been cancelled and their pay check bounced, it's "a criminal act".
It seems like you are assuming that it would be semi-centralized, which it does not need to be. Duplicate and distribute database updates in a timely fashion (i.e. hours to days delay time) to enough boxen to enable suitable performance (i.e. down to a state, regional, county, city, or site level depending on population density and usage). There's no reason why an airport couldn't have it's own box with the database on it. And Oracle (with inexpensive hardware) is very much sufficient for a task on that scale. There's not much need to update such a database on a finer timescale than a few hours so you don't lose much. Plus, you don't have to worry about some nimrod at alter.net spilling coffee on the router and screwing up your connection to "the one true ID database" and having to slow to a halt to wait for the connection to come back up (similarly, a skiddie couldn't close down an airport with a DDoS attack).
It's just like any identification system (credit card, driver's licence, passport, etc.) except it has the ability to be instantly verified (scan bar code on ID card and you get a picture / name from the database). Yes, it has a great potential for abuse (it would be fairly simple to track usage of such a system and thus track a person's activities / whereabouts to some degree)). But this is not a NEW potential for a buse. And most heartening is that a government run system has ACCOUNTABILITY. Take out your wallet, now take a look at your credit / debit cards. Think about the fact that every purchase you've made with those is stored away in a database and accessable (and researchable!) by someone who is not directly accountable to you.
Now, think about other ways this could be used. Imagine being able to have a verifiable identification system for police, government agents and employees.
What ARE you using then? They have a flash plugin for netscape AND mozilla (on linux as well).
Take a gander at what platforms shockwave/flash runs on. And with most browsers (except older netscapes, icky icky) downloading a plugin takes a few clicks.
Back in the early days, everyone lauded Java as a means to add multimedia content to the web. However, specialized system (flash/shockwave) for this have proved so much better at this than Java that Java is essentially dead in this area. If someone is using Java for multimedia on a webpage nowadays it simply means they haven't learned how to use flash yet.
Why do I say unix is a security nightmare? Simple: experience. Unix is a vast, convoluted, complex system with many little cracks just waiting for someone to exploit them. It takes an extraordinary amount of knowledge to configure unix to a basic level of security. It takes a goodly amount of diligence to keep it that way. And even then you are not guaranteed in any reasonable sense to be secure. And it's not like it takes a criminal mastermind to break into your system, all it takes is a bored kid with some automated tools and a little general knowledge. There is an asymetry, it requires less sophistication and less tools to break in than it requires to prevent a break in. That asymetry is due to the security weaknesses in unix.
Theoretically, if you're system is ship shape, then only root, or someone with root access, can REALLY fuxor it up. However, there are many levels of fuxored below "REALLY fuxored", and no system is 100.0000% perfect. Unix is a security nightmare. It's security model is decrepit and is only being patched / kludged into anything resembling reasonable security. I fear that it is too established to be replaced with something completely different at this point (i.e. something that was still unix, but fundamentally different in security model).
In general, I don't think it's a good idea to measure security success compared to the gimp of the security world (MS).
This is somewhat offtopic, but I dispute your allegation that Unix assumes that the user cannot be trusted. This is simply not the case. If it had been, unix would not be the security seive that it is (admit it, it is, the only reason it doesn't look so bad at the moment is that in comparison windows is like those dogs that eat their own poo, relatively speaking unix looks like a friggin' fortress). Unix assumes that not all users can be trusted *to the same degree*, but fundamentally, the basic unix structure assumes that all users can be trusted at least partially.
Yes, most @homes specifically say you can't run servers in their AUPs, although DSL ISPs (and some @homes) typically let you run servers to your heart's content. However, one real advantage that blocking port 80 WOULD have is denying the ability to access the backdoors created by nimda / code red on those machines.
Slashdot Mirror
Don't delude yourself. As long as something is free, people won't pay for it.
Completely wrong. I have myself and many of my friends as counter-examples. There have been occasions when I was in the music store and the only CDs I bought were ones that I already had on MP3s, all the tracks, and good quality rips. Why? Because I like music, and I like musicians. The only thing that is going to get me to stop buying CDs other than lack of money is the evil machinations of RIAA et al that make me want to take a shower before and after contemplating doing anything that would put money in their pockets.
For the most part the people that have the largest MP3 collections are people who are music fans. Music fans like music (duh). Music fans buy music. Of all the people I know there are very few exceptions to the rule that the people with the largest MP3 collections are also the same people with the largest CD collections.
A patent does not specifically have any legal standing by itself. It is up to the courts to decide the legitimacy of a patent. To require a full level of investigation of a patent and prior art would make getting any patent far too difficult. The way patents work now are they way they *should* work.
The problem comes when we have blatantly stupid patents and blatantly stupid courts and blatantly stupid people. A company can use a baseless patent with no backing in the courts to harrass other companies, organizations, or individuals, especially if those organizations have less resources for things like legal battles.
Tools > Internet Options... > Security tab > Internet Zone / Custom Settings... keep hitting disable / prompt until the cows come home. Problem solved. If you *really* need to activate some feature or other for a site, you can always add it to the trusted sites.
And $12 for 60MB of traffic? Puhleeeeeeze. 60MB on cheap DSL (512k) represents about 17 minutes of download time. If it was say 10 GB I might believe $12. And bandwidth usage charges tend to be on the upload side, rather than the download side. Moreover, despite the overdramatic exagerration of the current afflictions of online activity it misses almost completely the true dangers possible with new trends in computing and networking. Spam, pop-ups, viruses, and costly operating system releases are a circus side show, nothing more.
Wow, it's so wonderful to see such incisive an understanding of programmer productivity. Who knew that lines of code is a bad measurement of productivity? This changes everything!
Oh...wait a minute...this would be old news if it were posted on slashdot circa 1975, it's positively fossilized now. Sheesh.
Wow! Yet more proof that Robert Cringely is an idiot of legendary proportions and doesn't know a *damn* thing about anything of importance happening in computing today (or even yesterday). I think he and John Dvorak are soon to have a competition in making the least substantive comments about computing any human has ever uttered.
All these "forcasts" are stuff that is either non-important, or was obvious to even the most dim-witted long ago.
Calibration is the ultimate tool of the scientist, in that it allows you to measure your measuring instruments! Generate test articles, measure them, and determine the accuracy of the instrument. Bing, bang, boom, done! This is a no brainer, you would need to do it with any scientific instrument, regardless of its origin (whether it came from bestbuy or from perkin-elmer).
Yes you are missing the point, here's a dollar, buy a clue.
Believing what a pundit says is about like giving change for a 3 dollar bill. Tech pundits can't tell their ass from a hole in the ground. If you listen to Bob Cringely predict the future you might as well read PC Magazine's John Dvorak. God, I hate these morons, they think they are "on the edge", or "ahead of the trend", or "with it", or "legit", or "hip", or "knowledgeable about the industry", or "into the scene", or "not completely moronic" because they used napster or once saw a NeXT box or somesuch. Bah! They know nothing. They are about as disconnected from the trends and about as ill equipped (informationally as well as mentally) to predict future trends as is possible outside of living in a tribe in papua new guinea that still eats human flesh.
Keep in mind that these are the same morons who thought vrml, push technology, and internet advertising would be the "next big thing".
The fact is that broadband still has a substantial customer base that is willing to pay premium prices *AND* still has a large base of potential customers who do not have broadband but wish they do. The number of broadband users will only *increase*. Now, the number of small broandband ISPs may do all kinds of gymnastic activities and will most likely be much much smaller in the future. Nevertheless, broadband is still a viable technology, a hot commodity, a viable business, and a profitable enterprise. Broadband will not go away, not now, not ever.
The degree to which someone will take you seriously and to which they will respond to your message is roughly directly proportional to the effort it takes to send that message. It takes essentially zero effort to send an email, therefore it garners essentially zero consideration. Snail mail, phone calls, etc. especially if well thought out, garner considerably more attention.
That problem wouldn't even exist if the software was open source. They're just script kiddies. Use vfs. Linux whatever. It needs higher level access. C'mon Guys, This article is one man's attempt to excuse his own actions.
END OF LINE
Give it up.
"Daisy, Daisy give me your answer true...."
Trust me, I know.
I've said it before and I'll say it again. bah! Windows. That has nothing to do with anything.
GNOME makes that a lot easier.
I heard a rumor... Oh look! Over there! It's the point!
Like caffeine
An image had better be worth a 1000 words-- it takes longer to download. Just kidding. That should be GPL'd.
(KERNEL PANIC)
Seriously though, if you are highly technically savvy (which I will assume since we are speaking about the state of the art) then you can not only create near unbreakable encryption, but near undetectable (or untraceable) encryption. Steganography is a child's toy compared to some of the things that are possible. The internet is a vast 86,400 / 365 information sea, slipping a few megabytes of low profile data into it is going to be hard to notice. By utilizing multiple techniques at the same time (hard encryption, low signal to noise ratio channels, low detectability communications, difficult traceability, etc.) you can be confident that even if someone found your data they would not be able to understand it or extract useful information from it.
For example, let's say you want to send data to someone else. Let's say it's a short text message, though it could be anything up to gigabytes of data without too much trouble. The sender encrypts the text using public key cryptography with a large key (4096-bits or larger), then breaks the encrypted message into several really small chunks, then uses a program to generate thousands of fake chunks. Then, using a sequence of hacked ISP and shell accounts (preferably spanning the world), the sender embeds this "chunk stream" into some nondescript form of communication. Let's say they use a large number of spam messages, or pornographic multimedia posted to a highly trafficked usenet newsgroup over several days and a simple steganographic technique for the embeddding. The receiver downloads the source files, extracts the "chunk stream", selects out the valid chunks, then decrypts the data.
Let's say that Los Federales were able to detect that something funky was going on. That alone, in the firehose of the internet, is a significant challenge. They would need to first be able to extract the data from the embedding system. Not impossible, but difficult. Next they would need to cull out the invalid chunks in the pile they now have. This can be made as difficult a problem as breaking hard-encryption in and of itself. If they manage to wade through that mountain of sludge, they end up faced with near unbreakable encryption. For added fun, repeat some of the steps multiple times! (for example, double encryption, double stage steganography, etc.), preferably with different techniques for each iteration (encryption cycle 1 uses RSA, while cycle 2 uses elliptic curves, etc.)
Or, you could take the route the US has taken since before WWII and use one time pads. One time pads are provably cryptographically secure (if you don't have the key you simply CAN'T break the encryption). The only difficulty is distributing the keys.
Nevertheless, I would imagine that the main goal these days would be low-detectability rather than pure cryptographic security. If they can't find your pigeon in a flock of wild birds then they very well can't even try to decrypt the message it carries. There is a LOT of noise on the internet, that provides a huge amount of hiding space.
This is absolutely fucking rediculous. Why are hard-working, intellectual, middle class, "white collar" tech-geeks some sort of "fring group" or "underclass"? Are we really *that* different than the mainstream? The only thing I can think of is politics. "They" don't like our radical ideas, the subversion of the status quo.
Anywho, it is completely bogus that the inventor of PGP would come under attack in a time like this. What about all the major corporations around the world (General Electric prime among them) who, through poor controls on nuclear technology, contributed *heavily* to nuclear proliferation? Pakistan and India have the bomb in the here and now because of technology sold (or given) to them by the west (by the US, by Canada, by Germany, by the UK).
And let us not forget all the corporations selling conventional weapons. Especially so since, unlike nuclear weapons, these ARE used. France sells Mirage fighter jet's and anti-shipping Exocet missiles to just about anyone and they're brother. Corporations in all western countries sell arms of all kinds to countries of all kinds. A timely case in point would be the US made F-16 Israel has been using to attack Palestine.
Phillip Zimmerman is far from a wealthy man from his efforts to create a free encryption program. And yet, worldwide arms sales topped 35 *billion* dollars last year, half of that sales from the US. And more than 2/3 of those weapons sales were to poor countries. Yes my friends, the industrialized world is the equivalent of the sleezy gun shop on the street corner in the ghetto.
And yet, do the news media outlets turn a scornfull eye toward these activites? Toward the generation of cold hard cash by selling weapons of war to the poorest countries of the world? It really makes you wonder....
We're talking about adults, paying for their education here. If they need a nanny, kick them out and send them home. If a college can't trust students to manage their time on their own then they are doing them no favors.
Whenever an employer fucks up a pension plan, or terminates someone without good reason it's always "a shame". But whenever an employee walks away with a printer you can buy for 100 bucks on eBay after their severance package has been cancelled and their pay check bounced, it's "a criminal act".
It seems like you are assuming that it would be semi-centralized, which it does not need to be. Duplicate and distribute database updates in a timely fashion (i.e. hours to days delay time) to enough boxen to enable suitable performance (i.e. down to a state, regional, county, city, or site level depending on population density and usage). There's no reason why an airport couldn't have it's own box with the database on it. And Oracle (with inexpensive hardware) is very much sufficient for a task on that scale. There's not much need to update such a database on a finer timescale than a few hours so you don't lose much. Plus, you don't have to worry about some nimrod at alter.net spilling coffee on the router and screwing up your connection to "the one true ID database" and having to slow to a halt to wait for the connection to come back up (similarly, a skiddie couldn't close down an airport with a DDoS attack).
What this is:
A verifiable ID card.
It's just like any identification system (credit card, driver's licence, passport, etc.) except it has the ability to be instantly verified (scan bar code on ID card and you get a picture / name from the database). Yes, it has a great potential for abuse (it would be fairly simple to track usage of such a system and thus track a person's activities / whereabouts to some degree)). But this is not a NEW potential for a buse. And most heartening is that a government run system has ACCOUNTABILITY. Take out your wallet, now take a look at your credit / debit cards. Think about the fact that every purchase you've made with those is stored away in a database and accessable (and researchable!) by someone who is not directly accountable to you.
Now, think about other ways this could be used. Imagine being able to have a verifiable identification system for police, government agents and employees.
What ARE you using then? They have a flash plugin for netscape AND mozilla (on linux as well).
Take a gander at what platforms shockwave/flash runs on. And with most browsers (except older netscapes, icky icky) downloading a plugin takes a few clicks.
Back in the early days, everyone lauded Java as a means to add multimedia content to the web. However, specialized system (flash/shockwave) for this have proved so much better at this than Java that Java is essentially dead in this area. If someone is using Java for multimedia on a webpage nowadays it simply means they haven't learned how to use flash yet.
Why do I say unix is a security nightmare? Simple: experience. Unix is a vast, convoluted, complex system with many little cracks just waiting for someone to exploit them. It takes an extraordinary amount of knowledge to configure unix to a basic level of security. It takes a goodly amount of diligence to keep it that way. And even then you are not guaranteed in any reasonable sense to be secure. And it's not like it takes a criminal mastermind to break into your system, all it takes is a bored kid with some automated tools and a little general knowledge. There is an asymetry, it requires less sophistication and less tools to break in than it requires to prevent a break in. That asymetry is due to the security weaknesses in unix.
Theoretically, if you're system is ship shape, then only root, or someone with root access, can REALLY fuxor it up. However, there are many levels of fuxored below "REALLY fuxored", and no system is 100.0000% perfect. Unix is a security nightmare. It's security model is decrepit and is only being patched / kludged into anything resembling reasonable security. I fear that it is too established to be replaced with something completely different at this point (i.e. something that was still unix, but fundamentally different in security model).
In general, I don't think it's a good idea to measure security success compared to the gimp of the security world (MS).
This is somewhat offtopic, but I dispute your allegation that Unix assumes that the user cannot be trusted. This is simply not the case. If it had been, unix would not be the security seive that it is (admit it, it is, the only reason it doesn't look so bad at the moment is that in comparison windows is like those dogs that eat their own poo, relatively speaking unix looks like a friggin' fortress). Unix assumes that not all users can be trusted *to the same degree*, but fundamentally, the basic unix structure assumes that all users can be trusted at least partially.
Yes, most @homes specifically say you can't run servers in their AUPs, although DSL ISPs (and some @homes) typically let you run servers to your heart's content. However, one real advantage that blocking port 80 WOULD have is denying the ability to access the backdoors created by nimda / code red on those machines.