"Maybe they'll get Lucy Lawless to demonstrate the proper application of a spinning disk."
The proper application of the spinning disk is demonstrated in the RunRun Shaw Hong Kong kung fu production, 'Master of the Flying Guillotine'. Accept no substitutes.
If limited access, or pay-per-byte, becomes common, expect to see a MASSIVE increase in ad/spam filtering. Products like Junkbuster will become common, because they'll save people money, and doubleclick will go the way of the dinosaur.
Right now, people put up with ads, spam, etc. as a part of using the Internet, and while filtering tools are available, they aren't in widespread use. But when people realize they have to PAY to have those ads delivered, sales and usage of filtering programs will explode. And I doubt that the big commercial sites that depend on ad revenues will allow that to happen.
You know, there's a real simple way to deal with this kind of thing. On the day that Aimster gets shut down, everybody who's ever used Napster, Gnutella, Aimster, etc. should STOP BUYING CD'S FOR A MONTH! Just start making a list of the CD's you WOULD have bought, and get them a month later.
Hell, you've got how many CD's? And how many gigs of mp3's? You can put off new CD's for a month, can't you?
Don't think it won't be noticed. These suckers keep REAL careful track. A sudden drop is gonna be noticed BIGTIME.
The article (at least the one in the dead tree version of the WSJ) makes it pretty clear that Shipley was being very careful not to actually look at any emails, data, etc. - just notice that; "Oh, look, there's an online printer, yup, there goes an email...", just enumerating what he COULD have done.
He's pretty damn sharp, I'm sure he knows more about the legality of it than I do. And *I'm* sure that his chances of getting sued are close to zero.
And it's pretty hard to claim he's stealing resources when all he's doing is sucking up free electrons.
One day I'm working on trying to get RAS working on an NT server. After way too much work, I finally got authorization to spend the 2 hundred to make a call to MS tech support.
I could dial in, but I couldn't get the application to run and display at the remote location. So MS dials in.
MS: Can you give us a shared directory that we can try and map?
Me: Sure. Try D colon slash temp.
MS: Is that a front slash or a back slash?
My jaw hurt for two days from hitting the floor so hard.
Reminds me of a quote from Seth Shostak, of the Seti project:
"(Discussing our first contact with aliens) is a bit like iguanas on the Galapagos Islands sitting around trying to figure out how to treat the first human visitors. Should we offer them dead flies, or live flies? Shall we line up the flies in a row? How shall we defend ourselves? All of that is irrelevant."
So I gotta pay $X extra when I buy a CDRW, and the money somehow goes to the music industry. So I'm paying them now for the POSSIBILITY that I might use it to burn a copywrited song. OK. I'm paying for it. Does that mean that it's LEGAL now for me to do so?
Is that the sound of lawyers drooling on the table that I hear?
I really prefer paper manuals, but most of them suck, including ones you have to pay for, like MS's resource kits. So I've got this great idea... subcontract! If we had docs for MS products like we do for Linux, even if we had to pay for 'em, the world would be an easier place to deal with.
;-) Note that I specifically said "via brute (force)" here.
Brute forcing a 128 bit key is presently technically infesable, and will be for quite some time. There are other ways, weaknesses in algorithm, implementation, random number generation, etc. And I agree that assuming that the NSA doesn't have such a bag of tricks up their sleeve would be dangerous.
But unless they've got something like quantum computing that they're hiding, brute forcing 128 bit keys is out of the question, even for them. (And quantum computers, which would be extremely fast at factoring, ala RSA, probably wouldn't speed up symmetrical key breaking anyway.)
Regarding your comment about the government brute forcing Kevin's encrypted files in five years:
As an example, the most recent DES crack, done by distributed.net, and aided by John Gilmore's Deep Crack DES cracker machine, decrypted a 56 bit DES encrypted message in about 23 hours. A reasonable estimate of the time that the same machine-power would take to brute force a 128 bit symmetric key is 10^19 YEARS! (see Schneier, p. 153) This is the whole point behind strong encryption, it's extremely doubtful that even the NSA can break a 128 bit key via brute in anything resembling a useful time frame. And 128 bit symmetric keys have been available in PGP since it was first released.
We did something similar a long time ago, over seven years if I remember correctly. The ISP hadn't been invented yet, and the only Internet connectivity was through the local University or a commercial outfit that wouldn't do residential or anything less than ISDN.
We ran 25 POTS lines and a 64k ISDN line into a residence. We did our own DNS, routing, etc. and owned all our own equipment, including the co-located stuff. 24/7 connectivity, with each member getting a/28 hunk of a class C. We had 20 members, with over 100 computers hung off the thing, all for about $50/month each. Slow, but we were all masters of our own domains.
We're still around, but now we're on a T1 providing 128k ISDN for about half of what it would cost from any of our local ISPs.
So welcome to the world of co-op connectivity, guys! May a thousand co-ops bloom!
And no, I ain't gonna tell you who we are. We're all too familiar with the/. effect...
Distributed Net is presently working on breaking a 64 bit RC5 key. They are presently testing about 70 GigaKeys per second. (70,000,000,000/sec). Distributed Net is undoubtedly the fastest computer on the planet, even assuming that the NSA has some pretty state of the art stuff.
At this rate, it would take Distributed Net over 10e20 years to break a 128 bit RC5 key.
Recent calculations by astronomers say that the universe is about 10e12 years old.
It should be noted that the FreeSwan project - which I've been following for quite a while now - is merely an implementation of the IPSEC standards from IPv6. As such, the FreeSwan team is highly concerned that it interoperate with any other program, commercial or free, that also uses IPSEC. Much of their present work is interoperability testing, and so far, FreeSwan works with almost all of the IPSEC products its been tested against. They're working on the others.
Those of us in the US owe a tremendous debt to the people in the free worls who are doing this. We can't help, but we can test and report. If you want to help, or just see what's going on, go to the FreeSwan site at http://www.xs4all.nl/~freeswan
When properly used and configured, FreeSwan, using high quality encryption, should be proof against even the NSA. (And yes, it DOES work with 2.2.x kernels.) BTW John Gilmore refused (thanks, John!) to include standard DES in the FreeSwan implementation, even though some people wanted it for backwards compatibility.
High level encryption, 128 bit symmetrical keys and 1024 bit public-private keys, would take more computational power to crack than presently exists on the planet. Check out how long Distributed.net has been working on a 64 bit key.
The problem with all this is traffic analysis. Even though they can't read the messages, they can tell a LOT about things just by keeping track of who's talking to whom.
So just by keeping track of who is sending encoded messages to whom, they can find out a lot.
The real power of FreeSwan, and especially IPSEC, won't be seen until it operates as a standard, and everybody uses it. Then Echelon disappears into history, along with all the other police states that have plagued us recently.
About the only thing I can think of that RedHat has done recently that might adversly affect the Linux community is their refusal to jump on the file system standards bandwagon. And there could be some good reasons that they haven't.
Now, maybe people are afraid that all of that money that's presently flowing to RedHat is gonna have some strings attached. And that maybe those strings are gonna pull RedHat away from the goals of the Open Source movement and more towards the goals of corporate America, whatever we may perceive those goals to be. But to expect them to blindly follow the 'conventional wisdom' of the Open Source community, just so they can prove that they aren't beholden to their new investors, is going to damage them in the long run, just as bowing down to every wish of their 'Big Brother' investors would. They've got a tricky course to steer for the next year or so. I say give them a chance. They seem to be doing just fine so far.
Well, OK, except for crowding so much crap into/usr/bin.
Lotta these cathedral proposals floating around. Looks like I'm gonna have to write my own essay on why they're NOT needed, and will probably make matters worse instead of better. But until I make the time, a few points. Mainly about money.
What's been called the gift culture can also be described in economic terms as the accumulation of "Reputation Capital". Basically, if you have a good reputation, you can convert it to REAL capital without too much trouble. Anyone think that Linus, Larry Wall, Alan Cox, etc. will have any trouble making a good living? Hell, anyone know ANY competent Open Source Engineer having trouble putting food on the table? A good reputation with Open Source can lead directly to a good high paying career without having to charge for the software at all.
And companies can accumulate reputation capital too. I have several friends (lucky dogs) who work for big cap companies doing NOTHING but hacking Open Source for good money. Why? Because the companies see long term benefits that have nothing to do with charging people money for software. Hardware sales, e-commerce, support, any number of things.
And there's another big benefit to open source. Sofware can be thought of as a kind of INFRASTRUCTURE. It has no intrinsic value of itself, only in what it can do. In that respect, it can be seen as akin to the road system or the telcos, something that no one can afford on their own, but everyone needs. And that has no real value of its own, except that it allows something else (movement, travel, communication) to occur.
So who pays for intrastructure? Us, one way or another. Roads are built by the government. Paid for by taxes. Good model for software, especially the software that runs the Internet? Have government tax the country and then pay us to program up the next generation Internet? ROTF,L
Big companies? Real efficient. How much of your phone bill goes into the stuff that's required to record and then bill you for every long distance call you make? How much of your software bill to Microsoft goes to pay for 'features' in Micorsoft Office that you don't need and will never use? Or cable TV, where you have to pay for The Golf Channel to get SciFi?
Companies are starting to realize that they have a choice in the infrastructure game. They can go to Microsoft, or IBM, or Arthur Anderson, and have them put together a turn-key system that only they can support, that will cost big bucks so they can support a CEO that lives like a 1920's robber baron and a headquarters building that rivals the Taj Mahal, and that will have to be completely torn out and replaced in a few years because somebody forgot that the century is gonna change. Or, they can hire a few hackers, who can dive into the gigantic pool of Open Source, pull out exactly what's needed, and put together a system that's faster, more efficient, more secure, and more resistant to obsolescence that anything the big boys could ever dream of. And while they're doing it, they're solving problems, and the solutions go BACK into that giant pool of Open Source, so the next hacker doesn't have to reinvent the wheel again. This is a GOOD THING (tm) for business, and it's good for us.
THIS is what we should be emphasizing. I LIKE the bazaar. I LIKE the noise, the chaos, the lack of a military style hierarchy, the town meetings. And I REALLY like the fact that we're kicking ass on so many of the cathedrals. At their own game. We've got a REALLY GOOD THING (tm) going. Let's not hand over ANYTHING to those cathedrals, and let's not build our own. We got better things to do.
So why even THINK of charging for software? Why support some giant bureaucracy that will have to collect and distribute fees, fight piracy, package our products, etc.? We can make really good livings elsewhere.
And one last thing for the cathedral builders: take a good look at the IETF. Sure its got its problems, but its problem orientated, bottom up organization style has beaten every top down hierarchical organization that's ever tried anything similar.
Good point on the centralization thing. These things should die out of their own accord. But after I've stripped out all of the flowery language, the marketing-droid double speak, and the academic how can I stretch a one sentence idea into a forty page masters thesis bull, I get one argument:
"Hey, bazaar! You really, really, really, NEED a cathedral. If you don't have one, none of the other cathedrals will take you seriously. And WE'RE just the people to build it for you!"
We're gonna hear a LOT of this in the near future. And I think it's important to let people know that not only do we NOT need it, but we've got a better way of doing things.
BTW I have it on good authority that Alan Cox is actually a group of at least 15 people who go by that name. But don't tell anyone.
One of the main points of the 'Bazaar' is that it's SELF-ORGANIZING. People will coalesce around interesting projects/leaders/problems of their own free will. When these are no longer interesting, people leave and go elsewhere.
Yet, as with the Internet when it first came to the attention of the prevailing pop culture, there is a terrible fear that NO ONE IS IN CHARGE HERE. We can't have such an important development as the Internet (and now open source) without having SOMEONE IN CHARGE. Some large, bureaucratically organized group of people who know more than we do to guide, direct, and take control of this terrifyingly chaotic environment.
Bull. We're gonna see a LOT of these newbie-come-latelies trying to jump on to the latest hot thing bandwagon offering to provide leadership and guidance that WE DON'T NEED.
Slashdot Mirror
Because 2.4.9 is supposed to be ready by then.
"Maybe they'll get Lucy Lawless to demonstrate the proper application of a spinning disk."
The proper application of the spinning disk is demonstrated in the RunRun Shaw Hong Kong kung fu production, 'Master of the Flying Guillotine'. Accept no substitutes.
http://010101.sfmoma.org/start.html
If limited access, or pay-per-byte, becomes common, expect to see a MASSIVE increase in ad/spam filtering. Products like Junkbuster will become common, because they'll save people money, and doubleclick will go the way of the dinosaur.
Right now, people put up with ads, spam, etc. as a part of using the Internet, and while filtering tools are available, they aren't in widespread use. But when people realize they have to PAY to have those ads delivered, sales and usage of filtering programs will explode. And I doubt that the big commercial sites that depend on ad revenues will allow that to happen.
Excellent point.
You know, there's a real simple way to deal with this kind of thing. On the day that Aimster gets shut down, everybody who's ever used Napster, Gnutella, Aimster, etc. should STOP BUYING CD'S FOR A MONTH! Just start making a list of the CD's you WOULD have bought, and get them a month later.
Hell, you've got how many CD's? And how many gigs of mp3's? You can put off new CD's for a month, can't you?
Don't think it won't be noticed. These suckers keep REAL careful track. A sudden drop is gonna be noticed BIGTIME.
It's all about the money. Vote with yours.
The article (at least the one in the dead tree version of the WSJ) makes it pretty clear that Shipley was being very careful not to actually look at any emails, data, etc. - just notice that; "Oh, look, there's an online printer, yup, there goes an email ...", just enumerating what he COULD have done.
He's pretty damn sharp, I'm sure he knows more about the legality of it than I do. And *I'm* sure that his chances of getting sued are close to zero.
And it's pretty hard to claim he's stealing resources when all he's doing is sucking up free electrons.
One day I'm working on trying to get RAS working on an NT server. After way too much work, I finally got authorization to spend the 2 hundred to make a call to MS tech support.
I could dial in, but I couldn't get the application to run and display at the remote location. So MS dials in.
MS: Can you give us a shared directory that we can try and map?
Me: Sure. Try D colon slash temp.
MS: Is that a front slash or a back slash?
My jaw hurt for two days from hitting the floor so hard.
Reminds me of a quote from Seth Shostak, of the Seti project:
"(Discussing our first contact with aliens) is a bit like iguanas on the Galapagos Islands sitting around trying to figure out how to treat the first human visitors. Should we offer them dead flies, or live flies? Shall we line up the flies in a row? How shall we defend ourselves? All of that is irrelevant."
So I gotta pay $X extra when I buy a CDRW, and the money somehow goes to the music industry. So I'm paying them now for the POSSIBILITY that I might use it to burn a copywrited song. OK. I'm paying for it. Does that mean that it's LEGAL now for me to do so?
Is that the sound of lawyers drooling on the table that I hear?
I really prefer paper manuals, but most of them suck, including ones you have to pay for, like MS's resource kits. So I've got this great idea ... subcontract! If we had docs for MS products like we do for Linux, even if we had to pay for 'em, the world would be an easier place to deal with.
;-) Note that I specifically said "via brute (force)" here.
Brute forcing a 128 bit key is presently technically infesable, and will be for quite some time. There are other ways, weaknesses in algorithm, implementation, random number generation, etc. And I agree that assuming that the NSA doesn't have such a bag of tricks up their sleeve would be dangerous.
But unless they've got something like quantum computing that they're hiding, brute forcing 128 bit keys is out of the question, even for them. (And quantum computers, which would be extremely fast at factoring, ala RSA, probably wouldn't speed up symmetrical key breaking anyway.)
Regarding your comment about the government brute forcing Kevin's encrypted files in five years:
As an example, the most recent DES crack, done by distributed.net, and aided by John Gilmore's Deep Crack DES cracker machine, decrypted a 56 bit DES encrypted message in about 23 hours. A reasonable estimate of the time that the same machine-power would take to brute force a 128 bit symmetric key is 10^19 YEARS! (see Schneier, p. 153) This is the whole point behind strong encryption, it's extremely doubtful that even the NSA can break a 128 bit key via brute in anything resembling a useful time frame. And 128 bit symmetric keys have been available in PGP since it was first released.
Nah, it's in my Slashdot profile. I'm an anonymous kinda guy.
We did something similar a long time ago, over seven years if I remember correctly. The ISP hadn't been invented yet, and the only Internet connectivity was through the local University or a commercial outfit that wouldn't do residential or anything less than ISDN.
/28 hunk of a class C. We had 20 members, with over 100 computers hung off the thing, all for about $50/month each. Slow, but we were all masters of our own domains.
/. effect ...
We ran 25 POTS lines and a 64k ISDN line into a residence. We did our own DNS, routing, etc. and owned all our own equipment, including the co-located stuff. 24/7 connectivity, with each member getting a
We're still around, but now we're on a T1 providing 128k ISDN for about half of what it would cost from any of our local ISPs.
So welcome to the world of co-op connectivity, guys! May a thousand co-ops bloom!
And no, I ain't gonna tell you who we are. We're all too familiar with the
Distributed Net is presently working on breaking a 64 bit RC5 key. They are presently testing about 70 GigaKeys per second. (70,000,000,000/sec).
Distributed Net is undoubtedly the fastest computer on the planet, even assuming that the NSA has some pretty state of the art stuff.
At this rate, it would take Distributed Net over 10e20 years to break a 128 bit RC5 key.
Recent calculations by astronomers say that the universe is about 10e12 years old.
It should be noted that the FreeSwan project - which I've been following for quite a while now - is merely an implementation of the IPSEC standards from IPv6. As such, the FreeSwan team is highly concerned that it interoperate with any other program, commercial or free, that also uses IPSEC. Much of their present work is interoperability testing, and so far, FreeSwan works with almost all of the IPSEC products its been tested against. They're working on the others.
Those of us in the US owe a tremendous debt to the people in the free worls who are doing this. We can't help, but we can test and report. If you want to help, or just see what's going on, go to the FreeSwan site at http://www.xs4all.nl/~freeswan
When properly used and configured, FreeSwan, using high quality encryption, should be proof against even the NSA. (And yes, it DOES work with 2.2.x kernels.) BTW John Gilmore refused (thanks, John!) to include standard DES in the FreeSwan implementation, even though some people wanted it for backwards compatibility.
High level encryption, 128 bit symmetrical keys and 1024 bit public-private keys, would take more computational power to crack than presently exists on the planet. Check out how long Distributed.net has been working on a 64 bit key.
The problem with all this is traffic analysis. Even though they can't read the messages, they can tell a LOT about things just by keeping track of who's talking to whom.
So just by keeping track of who is sending encoded messages to whom, they can find out a lot.
The real power of FreeSwan, and especially IPSEC, won't be seen until it operates as a standard, and everybody uses it. Then Echelon disappears into history, along with all the other police states that have plagued us recently.
The present up-to-date FreeSwan snapshots work quite well with 2.2.x kernels. Get a new snapshot, rather than the v1.0.
Anyone know how to get ahold of the US only version? The one with strong encryption?
Damn the US and the EAR.
About the only thing I can think of that RedHat has done recently that might adversly affect the Linux community is their refusal to jump on the file system standards bandwagon. And there could be some good reasons that they haven't.
/usr/bin.
Now, maybe people are afraid that all of that money that's presently flowing to RedHat is gonna have some strings attached. And that maybe those strings are gonna pull RedHat away from the goals of the Open Source movement and more towards the goals of corporate America, whatever we may perceive those goals to be. But to expect them to blindly follow the 'conventional wisdom' of the Open Source community, just so they can prove that they aren't beholden to their new investors, is going to damage them in the long run, just as bowing down to every wish of their 'Big Brother' investors would. They've got a tricky course to steer for the next year or so. I say give them a chance. They seem to be doing just fine so far.
Well, OK, except for crowding so much crap into
Lotta these cathedral proposals floating around. Looks like I'm gonna have to write my own essay on why they're NOT needed, and will probably make matters worse instead of better. But until I make the time, a few points. Mainly about money.
What's been called the gift culture can also be described in economic terms as the accumulation of "Reputation Capital". Basically, if you have a good reputation, you can convert it to REAL capital without too much trouble. Anyone think that Linus, Larry Wall, Alan Cox, etc. will have any trouble making a good living? Hell, anyone know ANY competent Open Source Engineer having trouble putting food on the table? A good reputation with Open Source can lead directly to a good high paying career without having to charge for the software at all.
And companies can accumulate reputation capital too. I have several friends (lucky dogs) who work for big cap companies doing NOTHING but hacking Open Source for good money. Why? Because the companies see long term benefits that have nothing to do with charging people money for software. Hardware sales, e-commerce, support, any number of things.
And there's another big benefit to open source. Sofware can be thought of as a kind of INFRASTRUCTURE. It has no intrinsic value of itself, only in what it can do. In that respect, it can be seen as akin to the road system or the telcos, something that no one can afford on their own, but everyone needs. And that has no real value of its own, except that it allows something else (movement, travel, communication) to occur.
So who pays for intrastructure? Us, one way or another. Roads are built by the government. Paid for by taxes. Good model for software, especially the software that runs the Internet? Have government tax the country and then pay us to program up the next generation Internet? ROTF,L
Big companies? Real efficient. How much of your phone bill goes into the stuff that's required to record and then bill you for every long distance call you make? How much of your software bill to Microsoft goes to pay for 'features' in Micorsoft Office that you don't need and will never use? Or cable TV, where you have to pay for The Golf Channel to get SciFi?
Companies are starting to realize that they have a choice in the infrastructure game. They can go to Microsoft, or IBM, or Arthur Anderson, and have them put together a turn-key system that only they can support, that will cost big bucks so they can support a CEO that lives like a 1920's robber baron and a headquarters building that rivals the Taj Mahal, and that will have to be completely torn out and replaced in a few years because somebody forgot that the century is gonna change. Or, they can hire a few hackers, who can dive into the gigantic pool of Open Source, pull out exactly what's needed, and put together a system that's faster, more efficient, more secure, and more resistant to obsolescence that anything the big boys could ever dream of. And while they're doing it, they're solving problems, and the solutions go BACK into that giant pool of Open Source, so the next hacker doesn't have to reinvent the wheel again. This is a GOOD THING (tm) for business, and it's good for us.
THIS is what we should be emphasizing. I LIKE the bazaar. I LIKE the noise, the chaos, the lack of a military style hierarchy, the town meetings. And I REALLY like the fact that we're kicking ass on so many of the cathedrals. At their own game. We've got a REALLY GOOD THING (tm) going. Let's not hand over ANYTHING to those cathedrals, and let's not build our own. We got better things to do.
So why even THINK of charging for software? Why support some giant bureaucracy that will have to collect and distribute fees, fight piracy, package our products, etc.? We can make really good livings elsewhere.
And one last thing for the cathedral builders: take a good look at the IETF. Sure its got its problems, but its problem orientated, bottom up organization style has beaten every top down hierarchical organization that's ever tried anything similar.
Exactly.
Damn, it's hard to start a good flame war these days. };->
Good point on the centralization thing. These things should die out of their own accord. But after I've stripped out all of the flowery language, the marketing-droid double speak, and the academic how can I stretch a one sentence idea into a forty page masters thesis bull, I get one argument:
"Hey, bazaar! You really, really, really, NEED a cathedral. If you don't have one, none of the other cathedrals will take you seriously. And WE'RE just the people to build it for you!"
We're gonna hear a LOT of this in the near future. And I think it's important to let people know that not only do we NOT need it, but we've got a better way of doing things.
BTW I have it on good authority that Alan Cox is actually a group of at least 15 people who go by that name. But don't tell anyone.
One of the main points of the 'Bazaar' is that it's SELF-ORGANIZING. People will coalesce around interesting projects/leaders/problems of their own free will. When these are no longer interesting, people leave and go elsewhere.
Yet, as with the Internet when it first came to the attention of the prevailing pop culture, there is a terrible fear that NO ONE IS IN CHARGE HERE. We can't have such an important development as the Internet (and now open source) without having SOMEONE IN CHARGE. Some large, bureaucratically organized group of people who know more than we do to guide, direct, and take control of this terrifyingly chaotic environment.
Bull. We're gonna see a LOT of these newbie-come-latelies trying to jump on to the latest hot thing bandwagon offering to provide leadership and guidance that WE DON'T NEED.
Just say no to H20.