"(Discussing our first contact with aliens) is a bit like iguanas on the Galapagos Islands sitting around trying to figure out how to treat the first human visitors. Should we offer them dead flies, or live flies? Shall we line up the flies in a row? How shall we defend ourselves? All of that is irrelevant."
-- Seth Shostak, SETI
"In conclusion, the main thing we did wrong when designing ATM security systems in the early to mid-1980s was to worry about criminals being clever; we should rather have worried about our customers - the banks' system designers, implementers, and testers - being stupid."
Ross Anderson, "Security Engineering"
As with anything, common sense helps. The Burning Man people have been playing around with stuff like this for years, without anyone getting hurt. But then, we tend to be pretty careful with our toys (I have a poofer that shoots 30 ft. fireballs that I've been using for ten years). A friend of mine spearheaded Dance Dance Immolation a while back, where she shot propane torches at dancers (wearing full fire suits) who missed their moves. Yes, we play with fire, but we're good at it. If anyone's interested, there are several fire art collectives in the San Francisco Bay Area, including The Crucible and the Flaming Lotus Girls, that you could contact about safety issues. The Crucible even has classes.
I found it fascinating that in Roger Zelazny's "Creatures of Light and Darkness", the most powerful being in the universe was a teleportationist. Think about it.
"Think of the Viagra ads that flood your e-mail inboxes now. They work because the cost of e-mailing thousands of people at once is so low, only 1% to 3% or so need to respond for it to be worth it, Ingevaldson says."
That's gotta be a misquote or typo, or Ingevaldson is nuts. 1% to 3% is around the accepted minimum for dead tree spam. In an interview with a professional email spammer about a year ago (yeah, I'm too lazy to look it up) she said that she could make a good profit with a 1 in 10,000 response rate! Probably helps explain why I still get penile enlargement spam even though almost everyone on the planet who'd fall for it has undoubtedly already sent in the $50 and gotten the rock and the string.
"(Discussing our first contact with aliens) is a bit like iguanas on the Galapagos Islands sitting around trying to figure out how to treat the first human visitors. Should we offer them dead flies, or live flies? Shall we line up the flies in a row? How shall we defend ourselves? All of that is irrelevant."
-- Seth Shostak, astronomer with the SETI project
So I buy a bunch of Cisco stuff. Since the software can't be transferred, and the hardware will end up costing the buyer as much as, or more than, new equipment, all this new Cisco stuff immediately is worth $0 on the open market. Now according to GAAP (Generally Accepted Accounting Principals) assets are valued at the lower of cost or market. So these assets are now worth $0. Instant depreciation, and I get to write off the entire cost of the hardware and software as a business expense during one year, instead of spreading the cost out over five years or so.
I Wonder what the IRS will say when somebody tries this?
There's been some early analysis of the WASTE system on the cryptography mailing list, which tends to attract some pretty high-powered crypto talent. While a lot of the discussion has centered on factors that would require a highly sophisticated attack (is MD5 broken, would AES be better than Blowfish, is PCBC mode appropriate, etc.) the main argument is that using a well established crypto system such as SSL/TLS would be far better than trying to design a whole new system from scratch, a conclusion that I highly agree with.
Brunner's "Shockwave Rider" gets all the credit, but it's far from his best. Find a copy of "Stand on Zanzabar" and enjoy the ride!
Brian Aldiss' "Helliconia" trilogy is a fascinating look at human nature, in a world where man is only the dominant species during the thousand year long summer. Highly underrated.
If you've ever read Stephenson and marveled at his use of language, you're ready for the big leagues. Find a copy of Thomas Pynchon's "The Crying of Lot 49". If you like it, dive into "V" or "Gravity's Rainbow".
Anything by Phillip K. Dick.
Ditto J.G. Ballard. His recent "SuperCannes" is a good starting point. Save "Crash" for later.
If you haven't read Neil Gaiman's "Sandman" comics, you're missing one of the greatest artworks of the century.
A lot of David Brin sucks, but I really liked "Startide Rising".
And one of the most fascinating, frustrating things I've ever read three times, Samuel Delany's "Dhalgren".
"In conclusion, the main thing we did wrong when designing ATM security systems in the early to mid 1980s was to worry about criminals being clever; we should rather have worried about our customers - the bank's system designers, implementers, and testers - being stupid."
While this is an obvious Microsoft bash, there ARE things in the new 64bit processors that will help do this. See the discussion of systrace in the BSDs, and why it can't be fully implemented on i386, for details.
Theo deRaadt of OpenBSD fame has put together a nasty little spamd, a daemon that attempts to tie up a spammer's resources. Basically, it slows down connection attempts and then sends a temporary error code back, sticking the spam in the mailqueue and letting the spammer try again, and again, and again. Designed to use up as few of your resources and as many of the spammer's as possible.
Excellent description of how to use it with your own self generated blacklist at http://www.benzedrine.cx/relaydb.html.
Unfortunately, it's only on OpenBSD so far. Can some one please port this to Linux by tomorrow?
When I was a kid back in the late '60s (yeah, I AM that old) everybody wanted a guitar, or drums, or a PA. We all wanted to be rock stars.
Now, instead of instruments, all the kids I hang out with are buying mixing decks. They all want to be club DJs.
They play four hour sets of techno. House, trance, bass&drums, whatever. It's got no lyrics. It's got no melody. It's got a GREAT groove. And without a melody, or lyrics, it's REALLY HARD to copyright. I like a lot of it.
They've done it again. Rock, punk, whatever it takes to take the music back from the corporations. The kids are alright.
Fuck the RIAA. Just wait, they WILL try to copyright 120 beats per minute.
Another cool feature in OpenBSD (as of 3.0) is the 'modulate state' option in pf, the firewall/nat module. Maintains state for both filter and NAT, and 'scrubs' the ISNs to OpenBSD standards. Just the thing for those old Windoze boxen.
My father was part of the team at Climax Steel in New York that created thre first titanium alloy. I don't have the exact date handy, but it was in the 1950's.
When he married my mother in 1961, both their wedding rings were titanium. At the time, it was the most expensive metal on the planet.
I gotta throw in a plug form some of my favorites, even though they may not be considered mainstream sci-fi:
JG Ballard
Phillip K. Dick
Samuel Delaney (especially Dhalgren!)
I think that in a few years, when technology has passed by most of the old space opera authors, these guys are still gonna be read by people more interested in the human race's psychological reactions to change than the changes themselves.
State of the Art no longer involves encryption itself - the question now is how to get it widely implemented.
The "State of the Art" right now is probably the FreeSWAN idea of optimistic IPSEC. Using secure DNS (DNSSEC), it provides the ability for any two hosts running FreeSWAN to set up a secure encrypted tunnel between themselves with no prior communication or other arrangement. The basic idea is that ALL communications between such hosts will be encrypted. Check it out.
Pop-ups. Pop-unders. Spam. Redirections. One typo gets you 27 pop-up porn windows. Get rich quick. Dear friend. Hijacked ads. Hijacked sites. Web bugs. Sites that require special downloads before you can even view them.
To the average person, the web looks like a slime pit. They'll put up with it for a while, but it gets old, and they go elsewhere. And people in the tech industry really thought that everyone was going to go through all that just to buy dogfood that they'd have to wait 3 days to get?
The web has always treated it's customers like shit. Idiots. Fools who wouldn't mind getting insulted over and over again, who would just point and click their dollars away. And now the web has turned on it's advertisers, treating them like shit also. Does ANYBODY think that this is going to work in the long-term?
The commercial web is dead, killed by the greed and arrogance of our corporate culture and its basic hatred for its customers, who don't always do what the advertisers spend 3 billion dollars a year telling them to do.
Maybe out of the ruins of the tech revolution, we'll learn to respect our customers, that they, and not the shareholders, are really the kings. And maybe we'll learn to build a web that treats them like human beings, and not pre-programmed consumer units.
But I doubt it.
--
You guys, I don't hear any noise. Are you sure you're doing it right?
--My Life With The Thrill Kill cult
If you're serious about the 'ton of money' thing, try http://www.bugei.com. They've got great samurai swords with some serious metallurgy, but they ARE expensive.
Slashdot Mirror
Because of OpenBSD? :)
"(Discussing our first contact with aliens) is a bit like iguanas on the Galapagos Islands sitting around trying to figure out how to treat the first human visitors. Should we offer them dead flies, or live flies? Shall we line up the flies in a row? How shall we defend ourselves? All of that is irrelevant."
-- Seth Shostak, SETI
"In conclusion, the main thing we did wrong when designing ATM security systems in the early to mid-1980s was to worry about criminals being clever; we should rather have worried about our customers - the banks' system designers, implementers, and testers - being stupid."
Ross Anderson, "Security Engineering"
As with anything, common sense helps. The Burning Man people have been playing around with stuff like this for years, without anyone getting hurt. But then, we tend to be pretty careful with our toys (I have a poofer that shoots 30 ft. fireballs that I've been using for ten years). A friend of mine spearheaded Dance Dance Immolation a while back, where she shot propane torches at dancers (wearing full fire suits) who missed their moves. Yes, we play with fire, but we're good at it. If anyone's interested, there are several fire art collectives in the San Francisco Bay Area, including The Crucible and the Flaming Lotus Girls, that you could contact about safety issues. The Crucible even has classes.
Encryption is easy. Authentication is hard. Quantum cryptography is a solution of the wrong problem.
I found it fascinating that in Roger Zelazny's "Creatures of Light and Darkness", the most powerful being in the universe was a teleportationist. Think about it.
"Think of the Viagra ads that flood your e-mail inboxes now. They work because the cost of e-mailing thousands of people at once is so low, only 1% to 3% or so need to respond for it to be worth it, Ingevaldson says."
That's gotta be a misquote or typo, or Ingevaldson is nuts. 1% to 3% is around the accepted minimum for dead tree spam. In an interview with a professional email spammer about a year ago (yeah, I'm too lazy to look it up) she said that she could make a good profit with a 1 in 10,000 response rate! Probably helps explain why I still get penile enlargement spam even though almost everyone on the planet who'd fall for it has undoubtedly already sent in the $50 and gotten the rock and the string.
"(Discussing our first contact with aliens) is a bit like iguanas on the
Galapagos Islands sitting around trying to figure out how to treat the
first human visitors. Should we offer them dead flies, or live flies?
Shall we line up the flies in a row? How shall we defend ourselves?
All of that is irrelevant."
-- Seth Shostak, astronomer with the SETI project
Mark Pauline and Survival Research Laboratories did this with a hamster YEARS ago. And it was a BIG fricking robot!
"The Practice of System and Network Administration" by Limoncelli and Hogan.
The book I wish I'd had when I started doing this 35 years ago.
"Security Engineering" by Ross Anderson.
Even if you think you don't need it. Especially if you think you don't need it.
It might not qualify as a movie, since it was on HBO, but it's the best thing I saw this year.
Don't know how it would play with the geek crowd, though.
So I buy a bunch of Cisco stuff. Since the software can't be transferred, and the hardware will end up costing the buyer as much as, or more than, new equipment, all this new Cisco stuff immediately is worth $0 on the open market. Now according to GAAP (Generally Accepted Accounting Principals) assets are valued at the lower of cost or market. So these assets are now worth $0. Instant depreciation, and I get to write off the entire cost of the hardware and software as a business expense during one year, instead of spreading the cost out over five years or so.
I Wonder what the IRS will say when somebody tries this?
There's been some early analysis of the WASTE system on the cryptography mailing list, which tends to attract some pretty high-powered crypto talent. While a lot of the discussion has centered on factors that would require a highly sophisticated attack (is MD5 broken, would AES be better than Blowfish, is PCBC mode appropriate, etc.) the main argument is that using a well established crypto system such as SSL/TLS would be far better than trying to design a whole new system from scratch, a conclusion that I highly agree with.
Lotta replies already, but here's my $.02 anyway:
Brunner's "Shockwave Rider" gets all the credit, but it's far from his best. Find a copy of "Stand on Zanzabar" and enjoy the ride!
Brian Aldiss' "Helliconia" trilogy is a fascinating look at human nature, in a world where man is only the dominant species during the thousand year long summer. Highly underrated.
If you've ever read Stephenson and marveled at his use of language, you're ready for the big leagues. Find a copy of Thomas Pynchon's "The Crying of Lot 49". If you like it, dive into "V" or "Gravity's Rainbow".
Anything by Phillip K. Dick.
Ditto J.G. Ballard. His recent "SuperCannes" is a good starting point. Save "Crash" for later.
If you haven't read Neil Gaiman's "Sandman" comics, you're missing one of the greatest artworks of the century.
A lot of David Brin sucks, but I really liked "Startide Rising".
And one of the most fascinating, frustrating things I've ever read three times, Samuel Delany's "Dhalgren".
That's enough for now.
In his book "Security Engineering"
"In conclusion, the main thing we did wrong when designing ATM security systems in the early to mid 1980s was to worry about criminals being clever; we should rather have worried about our customers - the bank's system designers, implementers, and testers - being stupid."
"A screaming comes across the sky ..."
Come on. Gibson's good, and I really enjoy his books, but he ain't anywhere near even being in Pynchon's league.
Stephenson's getting close, though.
While this is an obvious Microsoft bash, there ARE things in the new 64bit processors that will help do this. See the discussion of systrace in the BSDs, and why it can't be fully implemented on i386, for details.
Theo deRaadt of OpenBSD fame has put together a nasty little spamd, a daemon that attempts to tie up a spammer's resources. Basically, it slows down connection attempts and then sends a temporary error code back, sticking the spam in the mailqueue and letting the spammer try again, and again, and again. Designed to use up as few of your resources and as many of the spammer's as possible.
Excellent description of how to use it with your own self generated blacklist at http://www.benzedrine.cx/relaydb.html.
Unfortunately, it's only on OpenBSD so far. Can some one please port this to Linux by tomorrow?
When I was a kid back in the late '60s (yeah, I AM that old) everybody wanted a guitar, or drums, or a PA. We all wanted to be rock stars.
Now, instead of instruments, all the kids I hang out with are buying mixing decks. They all want to be club DJs.
They play four hour sets of techno. House, trance, bass&drums, whatever. It's got no lyrics. It's got no melody. It's got a GREAT groove. And without a melody, or lyrics, it's REALLY HARD to copyright. I like a lot of it.
They've done it again. Rock, punk, whatever it takes to take the music back from the corporations. The kids are alright.
Fuck the RIAA. Just wait, they WILL try to copyright 120 beats per minute.
Another cool feature in OpenBSD (as of 3.0) is the 'modulate state' option in pf, the firewall/nat module. Maintains state for both filter and NAT, and 'scrubs' the ISNs to OpenBSD standards. Just the thing for those old Windoze boxen.
My father was part of the team at Climax Steel in New York that created thre first titanium alloy. I don't have the exact date handy, but it was in the 1950's.
When he married my mother in 1961, both their wedding rings were titanium. At the time, it was the most expensive metal on the planet.
I gotta throw in a plug form some of my favorites, even though they may not be considered mainstream sci-fi:
JG Ballard
Phillip K. Dick
Samuel Delaney (especially Dhalgren!)
I think that in a few years, when technology has passed by most of the old space opera authors, these guys are still gonna be read by people more interested in the human race's psychological reactions to change than the changes themselves.
State of the Art no longer involves encryption itself - the question now is how to get it widely implemented.
The "State of the Art" right now is probably the FreeSWAN idea of optimistic IPSEC. Using secure DNS (DNSSEC), it provides the ability for any two hosts running FreeSWAN to set up a secure encrypted tunnel between themselves with no prior communication or other arrangement. The basic idea is that ALL communications between such hosts will be encrypted. Check it out.
Because of stuff like this.
Pop-ups. Pop-unders. Spam. Redirections. One typo gets you 27 pop-up porn windows. Get rich quick. Dear friend. Hijacked ads. Hijacked sites. Web bugs. Sites that require special downloads before you can even view them.
To the average person, the web looks like a slime pit. They'll put up with it for a while, but it gets old, and they go elsewhere. And people in the tech industry really thought that everyone was going to go through all that just to buy dogfood that they'd have to wait 3 days to get?
The web has always treated it's customers like shit. Idiots. Fools who wouldn't mind getting insulted over and over again, who would just point and click their dollars away. And now the web has turned on it's advertisers, treating them like shit also. Does ANYBODY think that this is going to work in the long-term?
The commercial web is dead, killed by the greed and arrogance of our corporate culture and its basic hatred for its customers, who don't always do what the advertisers spend 3 billion dollars a year telling them to do.
Maybe out of the ruins of the tech revolution, we'll learn to respect our customers, that they, and not the shareholders, are really the kings. And maybe we'll learn to build a web that treats them like human beings, and not pre-programmed consumer units.
But I doubt it.
--
You guys, I don't hear any noise. Are you sure you're doing it right?
--My Life With The Thrill Kill cult
If you're serious about the 'ton of money' thing, try http://www.bugei.com. They've got great samurai swords with some serious metallurgy, but they ARE expensive.
--