There are certainly general principles that apply to all programming languages, such as the trade-off between clarity and concision [...]
I don't think you're really getting at what you mean here. How is the verbose "clear"? I understand you're trying to get at how most programmers find the more concise, expressive code much harder to understand, and seem to only be able to understand code when all of the operations are at very low level. So, for example, they claim that a map function is "unclear," while doing a loop that manually manages an array index counter is "clear." But that's simply not "clearer" in any sense; that's basically missing the forest for the trees.
But does C++ really have a different "philosophy" than Objective-C, or are we just talking about the problem-solving intent and domain of the language and its suitability to a given problem?
There are serious, philosophically interesting differences between some software paradigms, but if somebody's looking for them in C++ vs. Objective C, they're more likely trying to pick nits that don't exist. If you want a really big, real-world relevant set of philosophical issues that recurs over and over in software engineering, try the object-relational impedance mismatch. This comes down to two different types of ontology. To sum it up (badly!) in two bullet points:
Object-oriented modeling tacitly assumes an ontology where the world is made out of objects. Objects are treated as complexes of properties, divided into essentials and accidents.
Relational modeling assumes an ontology where the world is made out of facts (i.e., relations). Relational tables represent sets of facts that are assumed to hold; objects are just the values related by the facts. Taken to its logical conclusion, objects are atomic; all of their structure comes from which facts they occur in.
And since you brought up Wittgenstein, note that the relational ontology is well, the first two sentences of the Tractatus:
1. The world is all that is the case.
1.1 The world is the totality of facts, not of things.
The scheme you're proposing here requires the server have full understanding of an index that maps properties of interest (encoded as hashes) to the data items in the database (which represent files). This index says quite plainly that certain data items share certain properties with other data items (i.e., are both listed under the same hash). This reveals some information about the encrypted data that is subject to statistical analysis, and to correlation with other, independently obtained information.
For example, if by social engineering I discover that your index is indexing last names of Americans, I can formulate hypotheses about which hash represents which name. By observing how the hashes cluster across the set of documents, I can further test that against information about, say, the last names of your contact persons at your various clients.
Your proposal really isn't qualitatively different from a full-text index. The only difference is that the granularity of the index you're describing is coarser; instead of pinpointing the location of every individual word in the database that satisfy the search, the index might pinpoint largeish "files" that mention a certain last name. Makes it much harder to crack, sure, but the point is that the difference is quantitative, not qualitative.
For FredFredrickson's scheme to work, whether the index is encrypted or not is actually irrelevant. The scheme relies on nothing more than the server not having any effective use of the index file. That can be achieved simply by not uploading the index to the server. The client would use the index locally to figure out which chunk of the encrypted file to request from the server, and request that.
I can see two problems with that, though:
It is not server-side search at all. All of the searching happens on the client. To put it this way: the only functionality that the server is giving you is random access to a blob of bytes.
An attacker who has control of the server can log requests for chunks of the cyphertext. If the attacker can correlate this with other information that they've obtained independently, this could be useful for breaking the code, or at least for inferring some secrets.
For example, the attacker can discover the frequency at which various chunks of the cyphertext are accessed; if this is a client information database, and the access frequencies can be correlated with independent knowledge of, say, how frequently you deal with your various clients, the attacker can formulate hypotheses about which cyphertext chunks have information about which clients.
Let's say you have a simple database with a few fields -- name, address, phone, etc. You can search those fields quickly if you index them. Now let's say that all of the data in those fields in encrypted using a public key. So you have unreadable stuff in each field. You can index an encrypted field just like you can encrypt a plaintext field. And when you do a search, say for people named "Smith", you can just encrypt Smith, and then look up the result in your index, and then decrypt whatever comes back.
But now suppose that one of your fields stores a boolean value. Your scheme requires that the cyphertext for "true" in that field be the same in the index and in all of the records; likewise for "false." This means that I can learn a lot about your database by looking at the cyphertext values--for example, I can trivially learn which fields are boolean.
This generalizes beyond just boolean fields. For example, "Smith" is a fairly common last name. If I can discover which field in your database stores the last name of a record, and the last names in your database are a representative sample of the USA, I can use data on relative frequency of last names in the USA to formulate hypotheses about what last name cyphertexts correspond to which plaintexts. Each of these hypotheses corresponds to some hypothesis about your encryption key; this means I can try each of the implied keys on other fields and records of the database, and if the resulting plaintext is not garbage, then that provides independent confirmation that I guessed your key right.
Unless you do the indexing client-side, and upload an index that's somehow encrypted... I'm not saying I know how to do this, but it seems possible.
How is the server going to consult the encrypted index, and correlate its entries with entries in the encrypted main file? Not that I'm a crypto expert or anything, but I bet you that any scheme you propose there will at the very least make it astronomically easier to decrypt the main file. Basically, the server can trivially discover facts like, e.g., 'asdgaerg' in the index corresponds to 'bslhuerl' at index 1234 in the main file, 'fuyiljfggre' at 4578, and 'rept8hljasl' at 8703. Put a lot of facts like this together and you can cut down the search space dramatically.
Zero-sum game refers to a game between two parties in which a gain for one player is offset by an equal loss by the other player. You seem to be talking about a game between three players, in which two players (the customer and fraudster) are 'exchanging' funds, and the third player (the bank) is not affected.
No, a zero-sum game is a game, with any number of participants, where the sum of outcomes is always zero. So in a three player zero-sum game, for example, a valid outcome might be -600, -400, 1000.
I do agree on further thought that the reference to "zero-sum" is confusing in this context. The point, however, is that in this three-player game, the outcome for the bank is always zero in the long run.
Ponder for one moment why it could be beneficial for a bank if money is missing and nobody is really able to find out how much...
I kind of suspect that you're not thinking very clearly here about how banks work. Banks are popularly described as places where one "stores money"; but really, a bank is an aggregate of debts and credits: it owes money to its depositors, and its creditors owe it money, and it holds some cash reserves. What would count as a bank "losing" some of its depositors' money? Well, it would be that the bank's record of how much money it owes to its depositors is incorrect, and the error is in the bank's favor; the bank's ratio of credits to obligations goes up.
However, lax transactional security doesn't cause this to happen. Lax transactional security causes fraudulent transactions to be recorded and processed against depositor accounts, and the corresponding amounts to be paid out to other parties. This reduces the bank's obligations to the depositors (and hence the depositors have "lost" money), but it also reduces the bank's assets by a corresponding amount.
From the point of view of the bank, customer transactions are a zero-sum game; the bank doesn't stand to either gain or lose from them. Which goes a long way to explain a bank's lack of enthusiasm for strict security in this regard, without having to invoke this malicious and fallacious idea of yours, where the bank somehow gains money when it pays a third party unauthorized sums out of your account...
What does it mean when the truth harms a person's character?
It most likely means that it is a fact about them that damages their image in the eyes of a lot of other people. So, for example, given the widespread prejudices against gay men, outing a closeted gay man may harm their character. Or, for example, truthfully claiming that a woman participated in an orgy with ten men. In some jurisdictions, acts of these sorts may be defamatory depending on context (e.g., if the accuser can demonstrate that the statements were made with an intent to damage the victim's reputation). In other jurisdictions, however, this may be considered a different tort, e.g., infliction of emotional distress.
None of this is legal advice. Here's some practical advice, however: don't go around needlessly publishing disreputable facts about people you bicker with, to get back at them.
A witness with an axe to grind. (Having "domestic" issues with roommate, claims he "outed" him, etc.)
Suppose we don't get along at all, and one day I beat you up with a tennis racket and a bottle of Hennessy. Nobody is there to see it happen, so you're the only witness. Does that mean that the police can never get a search warrant against me to find the bloodied tennis racket and bottle, because you, the only witness, have "an axe to grind"?
In any case, there is independent evidence that the guy who the search warrant was served to did create a fake profile in a gay site for his roommate, and sent the anonymous mass emails "outing" him.
If their job includes deciding who to go after based on what happens on teh intarweb, then they should be, or have access to someone who is. It's worthy of being a front pager because he isn't and no one stopped him on that basis.
Um, the search warrant application details how the false outing email and the fake gay site profile are tied to the suspect by IP addresses, campus network registration records, network logs and DNS logs. The officer was assisted by a network administrator at the college. It's pretty incriminating stuff.
Other evidence, such as network reigstration information, supported the detective's belief that the suspect had engaged in at least some of the alleged activities.
Yup. Pages 6 and 7 of the search warrant application go into this quite clearly. For example:
IP address from GMail email headers points back to the residence hall where the suspect lives.
The IP address was tied to a computer registered under the name "bootleg-laptop". There is record of the suspect in the past having registered a computer under that name.
The email had a screenshot of the fake profile to a gay site. Examination of network and DNS logs revealed that only one computer in the residence hall had accessed the website where the fake profile was set up, for the five days previous to the mass email. This IP address was registered to the suspect.
Why the hell is the EFF on this case? Who the hell do they actually expect will believe what they're saying? How can they issue that press release with a straight face, when the supporting documents that they attach trivially disproves them? It's, like, as if the EFF was staffed by Slashdot editors!
This whole story is stupid. What's going on is that the search warrant request says that a witness has said the suspect uses two operating systems in his computer as a means of hiding his illegal activities. That's not a claim that having two operating systems is in itself suspicious. It's just a claim that this particular suspect, in this particular case is using a second operating system to conceal something.
You can't count revenue you never had as lost money. Google is losing the potential income of $1.65 million a day. If they were actually losing that much a day, they'd be out of business soon.
RTFA. The 1.65M$/day figure is $2M/day in operating costs minus $0.35M/day revenues from the site (third-party estimates, so yeah, YMMV). It's not "revenue they never had," it's operating costs that are not recovered from revenues.
I completely believe there is fine print. Regardless, they sold it as "unlimited". Yes, 6M is a peak throughput, but there was no restrictions on WHEN nor HOW LONG I use that 6M peak throughput.
No, there have always been technical restrictions on when and how long you can get peak throughput, because of the network's architecture. One trivial example: the transoceanic cables that link North America with other continents have limited bandwidth, and if everybody in one continent tried to reach the other at the same time, they wouldn't be able to get peak throughput, no matter how big of an uplink their ISP had.
There are plenty of situations beyond the ISP's control that frequently prevent you from getting the 6M, and what's more, the network's architecture is designed so that everybody can get peak throughput part of the time only as long as nobody uses peak throughput 24/7. That's a fact of the design of the network, all the way through.
All of you Slashdot Geniuses need to stop whining about "unlimited access" and "overselling," and give us some serious answers to the serious questions: how much upstream bandwidth is enough without being too much, and how do we go about paying for it?
Entrepreneurs set up the equation to actually produce value and - as a result - wages; and they do so at great risk to their own livelihood. Risks pure laborers are disinclined or outright unwilling to take.
...except that American CEOs, on average, are so much wealthier than the average American that the marginal cost to them of the potential losses on the extra "risk" they take is much, much lower than the marginal cost to an average American. I.e., to an average CEO, the financial "risk" that s/he must take to achieve large investment returns is actually not very risky.
The way in which the financial world has perverted the word "risk" is pretty obscene, when Warren Buffett is said to bear orders of magnitude more risk than a minimum wage earner with no health insurance, living check-to-check.
It's really "value" that is the illusion here. Most people are paid to produce something from natural resources that is basically unnecessary which the company advertises to convince people they need. Then other people who also produce unnecessary stuff use the money they earn to buy it. Thus fundamentally worthless stuff is exchanged. Some people use the money they get from making useless stuff to start their own company in the hopes that they can create new worthless stuff they can get others to buy. These people are called Entrepreneurs.
No, value is not an illusion in the nihilistic manner that you outline here. Value is a real relation between people and goods.
What is an illusion is the objectification of value when a market sets a price on a good. The market is compromising between the differing values of various people, according to how much wealth they have. Therefore, the wealthy get disproportionately high influence on the "objective" value that the market settles on. So, for example, the super-rich get a disproportionate influence on the relative prices of different types of labor.
First of all, one must consider that there are far to many laws for any person to be aware of them all.
That doesn't quite apply to the context here. As other people have pointed out in this thread, the most basic thing about taxes is that if you receive some income, you're required to at least report it, and very likely to pay some tax on it. So, as soon as you know you're going to receive any income, you should know that unless you will either have to pay taxes on it, or demonstrate that you're not liable for taxes on that portion of income.
Tax law only starts to get complicated after that point. Yet in this thread, we're talking about a failure to grasp precisely that point.
While I don't believe I actually disagree with the policies I think you favor, I still must attack one assumption that you and GGP are making here: that how much you get paid should be a function of how hard you work. That's just counterproductive, because it provides an incentive for working harder, and a disincentive for working smarter. There are countless cases where somebody who works less hard should reap a higher reward per unit of work, because they achieved more per unit of work.
The big problem here is how to measure the value of somebody's work. This is, in theory, set by supply and demand, and the free-market orthodoxy will proceed to justify CEO vs. worker compensation by saying that the labor market must be correctly pricing the value of the work of the CEO and the average worker. However, when you have a society with a very high concentration of wealth, this just skews the numbers, because this impersonal "market sets the prices" theory boils down topeople get to impose their judgements and interests at different rates, in proportion to their wealth. Or, in other words, if free-market is one dollar, one vote, then enormous wealth disparities mean that 1% of Americans get a third of the vote.
I really wish that instead of arbitrary TLDs, that from the beginning, domain names would have been a free form string.
While TLDs aren't strictly necessary, free form strings aren't going to work. DNS has hierarchical names because DNS is a scheme for delegating authority for resolving the mapping between the symbolic names and the IP addresses. For this to work, smaller subparts of the fully qualified name need to correspond to DNS servers that can tell you where to ask for the larger subparts.
Or to put it differently, if domain names were free form strings, then a database of all of the mappings would need to exist in one place, and maintained by one entitity. Hierarchical names avoid that problem.
Wasn't the whole point of DNS to make websites easier to find?
No, not really.
The internet works through a stack of protocols laid on top of each other, and different protocols require different levels of detail in identifying nodes of the network. For example, IP addresses have a network/subnetwork hierarchical structure that is used by routers to send packets to their destination. That sort of detail about how to route packets, however, is irrelevant to higher-level applications to HTML, where it is better to identify nodes in the network with symbolic names that aren't tied directly to packet routing.
Hence, the point of DNS is to allow us to change the low-level layout of the network (and hence, the IP addresses of hosts) without breaking high-level applications that just don't care about routing detail. The easiest example: to change your hosting provider without breaking links to your sites.
The other important thing to understand about DNS is that domain names are hierarchical because DNS is designed as a way of hierarchically delegating the authority to establish the mapping between names and IP addresses.
If we want to make websites easier to find, there are much better solutions such as portals, search engines and web directories. The fact that DNS names have become so important is because early browsers had an address bar that shows the URL and allows users to enter DNS addresses. This UI has become fossilized as a method for end users to reach content. But this can quite easily be replaced to use something other than DNS, and hopefully, it will be done.
But the problem with AP is they too are basically a twisted form of a news-aggregates. They aggregate news stories and sell it to a hundred newspapers who print said stories and generate revenue by selling ads next to the story. Nowdays, those newspapers are aggregated by Google, who aggregates the newspapers in such a way that only a few of the newspapers displaying that article get any traffic in which to sell ads to. In other words, maybe AP should cut the middle man and just sell to Google.
There's a pretty glaring problem with your suggestion, which is that the AP is a cooperative owned by newspapers and other news organizations. The AP can't "cut the middle man" in the way you suggest because the AP in fact is the middle man between the papers, owned by the papers, and exists to benefit the papers.
What we're wondering is: If we blog about our activities, and AP picks up the info and reports it, are they saying that we have to pay AP to have the same information on our own web site? If we've blogged about it and AP reports it, is AP saying that we must remove the information from our blogs?
Um, no, silly. I wouldn't be terribly surprised if somebody sent you such a notice by mistake, but (a) they don't have the right in that situation to demand that you take it down (since you didn't get your content from them), (b) it's not in their interest to pursue frivolous legal claims.
Slashdot Mirror
I don't think you're really getting at what you mean here. How is the verbose "clear"? I understand you're trying to get at how most programmers find the more concise, expressive code much harder to understand, and seem to only be able to understand code when all of the operations are at very low level. So, for example, they claim that a map function is "unclear," while doing a loop that manually manages an array index counter is "clear." But that's simply not "clearer" in any sense; that's basically missing the forest for the trees.
There are serious, philosophically interesting differences between some software paradigms, but if somebody's looking for them in C++ vs. Objective C, they're more likely trying to pick nits that don't exist. If you want a really big, real-world relevant set of philosophical issues that recurs over and over in software engineering, try the object-relational impedance mismatch. This comes down to two different types of ontology. To sum it up (badly!) in two bullet points:
And since you brought up Wittgenstein, note that the relational ontology is well, the first two sentences of the Tractatus:
The scheme you're proposing here requires the server have full understanding of an index that maps properties of interest (encoded as hashes) to the data items in the database (which represent files). This index says quite plainly that certain data items share certain properties with other data items (i.e., are both listed under the same hash). This reveals some information about the encrypted data that is subject to statistical analysis, and to correlation with other, independently obtained information.
For example, if by social engineering I discover that your index is indexing last names of Americans, I can formulate hypotheses about which hash represents which name. By observing how the hashes cluster across the set of documents, I can further test that against information about, say, the last names of your contact persons at your various clients.
Your proposal really isn't qualitatively different from a full-text index. The only difference is that the granularity of the index you're describing is coarser; instead of pinpointing the location of every individual word in the database that satisfy the search, the index might pinpoint largeish "files" that mention a certain last name. Makes it much harder to crack, sure, but the point is that the difference is quantitative, not qualitative.
For FredFredrickson's scheme to work, whether the index is encrypted or not is actually irrelevant. The scheme relies on nothing more than the server not having any effective use of the index file. That can be achieved simply by not uploading the index to the server. The client would use the index locally to figure out which chunk of the encrypted file to request from the server, and request that.
I can see two problems with that, though:
For example, the attacker can discover the frequency at which various chunks of the cyphertext are accessed; if this is a client information database, and the access frequencies can be correlated with independent knowledge of, say, how frequently you deal with your various clients, the attacker can formulate hypotheses about which cyphertext chunks have information about which clients.
But now suppose that one of your fields stores a boolean value. Your scheme requires that the cyphertext for "true" in that field be the same in the index and in all of the records; likewise for "false." This means that I can learn a lot about your database by looking at the cyphertext values--for example, I can trivially learn which fields are boolean.
This generalizes beyond just boolean fields. For example, "Smith" is a fairly common last name. If I can discover which field in your database stores the last name of a record, and the last names in your database are a representative sample of the USA, I can use data on relative frequency of last names in the USA to formulate hypotheses about what last name cyphertexts correspond to which plaintexts. Each of these hypotheses corresponds to some hypothesis about your encryption key; this means I can try each of the implied keys on other fields and records of the database, and if the resulting plaintext is not garbage, then that provides independent confirmation that I guessed your key right.
Basically, the scheme you're proposing is a substitution cypher over words.
How is the server going to consult the encrypted index, and correlate its entries with entries in the encrypted main file? Not that I'm a crypto expert or anything, but I bet you that any scheme you propose there will at the very least make it astronomically easier to decrypt the main file. Basically, the server can trivially discover facts like, e.g., 'asdgaerg' in the index corresponds to 'bslhuerl' at index 1234 in the main file, 'fuyiljfggre' at 4578, and 'rept8hljasl' at 8703. Put a lot of facts like this together and you can cut down the search space dramatically.
No, a zero-sum game is a game, with any number of participants, where the sum of outcomes is always zero. So in a three player zero-sum game, for example, a valid outcome might be -600, -400, 1000.
I do agree on further thought that the reference to "zero-sum" is confusing in this context. The point, however, is that in this three-player game, the outcome for the bank is always zero in the long run.
Nah, you might as well skip 0001. Nobody would use that as their PIN; it's not a random number!
I kind of suspect that you're not thinking very clearly here about how banks work. Banks are popularly described as places where one "stores money"; but really, a bank is an aggregate of debts and credits: it owes money to its depositors, and its creditors owe it money, and it holds some cash reserves. What would count as a bank "losing" some of its depositors' money? Well, it would be that the bank's record of how much money it owes to its depositors is incorrect, and the error is in the bank's favor; the bank's ratio of credits to obligations goes up.
However, lax transactional security doesn't cause this to happen. Lax transactional security causes fraudulent transactions to be recorded and processed against depositor accounts, and the corresponding amounts to be paid out to other parties. This reduces the bank's obligations to the depositors (and hence the depositors have "lost" money), but it also reduces the bank's assets by a corresponding amount.
From the point of view of the bank, customer transactions are a zero-sum game; the bank doesn't stand to either gain or lose from them. Which goes a long way to explain a bank's lack of enthusiasm for strict security in this regard, without having to invoke this malicious and fallacious idea of yours, where the bank somehow gains money when it pays a third party unauthorized sums out of your account...
It most likely means that it is a fact about them that damages their image in the eyes of a lot of other people. So, for example, given the widespread prejudices against gay men, outing a closeted gay man may harm their character. Or, for example, truthfully claiming that a woman participated in an orgy with ten men. In some jurisdictions, acts of these sorts may be defamatory depending on context (e.g., if the accuser can demonstrate that the statements were made with an intent to damage the victim's reputation). In other jurisdictions, however, this may be considered a different tort, e.g., infliction of emotional distress.
None of this is legal advice. Here's some practical advice, however: don't go around needlessly publishing disreputable facts about people you bicker with, to get back at them.
Suppose we don't get along at all, and one day I beat you up with a tennis racket and a bottle of Hennessy. Nobody is there to see it happen, so you're the only witness. Does that mean that the police can never get a search warrant against me to find the bloodied tennis racket and bottle, because you, the only witness, have "an axe to grind"?
In any case, there is independent evidence that the guy who the search warrant was served to did create a fake profile in a gay site for his roommate, and sent the anonymous mass emails "outing" him.
Um, the search warrant application details how the false outing email and the fake gay site profile are tied to the suspect by IP addresses, campus network registration records, network logs and DNS logs. The officer was assisted by a network administrator at the college. It's pretty incriminating stuff.
Yup. Pages 6 and 7 of the search warrant application go into this quite clearly. For example:
Why the hell is the EFF on this case? Who the hell do they actually expect will believe what they're saying? How can they issue that press release with a straight face, when the supporting documents that they attach trivially disproves them? It's, like, as if the EFF was staffed by Slashdot editors!
This whole story is stupid. What's going on is that the search warrant request says that a witness has said the suspect uses two operating systems in his computer as a means of hiding his illegal activities. That's not a claim that having two operating systems is in itself suspicious. It's just a claim that this particular suspect, in this particular case is using a second operating system to conceal something.
Context, folks, context.
RTFA. The 1.65M$/day figure is $2M/day in operating costs minus $0.35M/day revenues from the site (third-party estimates, so yeah, YMMV). It's not "revenue they never had," it's operating costs that are not recovered from revenues.
Congratulations, sir; you just made an incorrection.
No, there have always been technical restrictions on when and how long you can get peak throughput, because of the network's architecture. One trivial example: the transoceanic cables that link North America with other continents have limited bandwidth, and if everybody in one continent tried to reach the other at the same time, they wouldn't be able to get peak throughput, no matter how big of an uplink their ISP had.
There are plenty of situations beyond the ISP's control that frequently prevent you from getting the 6M, and what's more, the network's architecture is designed so that everybody can get peak throughput part of the time only as long as nobody uses peak throughput 24/7. That's a fact of the design of the network, all the way through.
All of you Slashdot Geniuses need to stop whining about "unlimited access" and "overselling," and give us some serious answers to the serious questions: how much upstream bandwidth is enough without being too much, and how do we go about paying for it?
...except that American CEOs, on average, are so much wealthier than the average American that the marginal cost to them of the potential losses on the extra "risk" they take is much, much lower than the marginal cost to an average American. I.e., to an average CEO, the financial "risk" that s/he must take to achieve large investment returns is actually not very risky.
The way in which the financial world has perverted the word "risk" is pretty obscene, when Warren Buffett is said to bear orders of magnitude more risk than a minimum wage earner with no health insurance, living check-to-check.
No, value is not an illusion in the nihilistic manner that you outline here. Value is a real relation between people and goods.
What is an illusion is the objectification of value when a market sets a price on a good. The market is compromising between the differing values of various people, according to how much wealth they have. Therefore, the wealthy get disproportionately high influence on the "objective" value that the market settles on. So, for example, the super-rich get a disproportionate influence on the relative prices of different types of labor.
That doesn't quite apply to the context here. As other people have pointed out in this thread, the most basic thing about taxes is that if you receive some income, you're required to at least report it, and very likely to pay some tax on it. So, as soon as you know you're going to receive any income, you should know that unless you will either have to pay taxes on it, or demonstrate that you're not liable for taxes on that portion of income.
Tax law only starts to get complicated after that point. Yet in this thread, we're talking about a failure to grasp precisely that point.
While I don't believe I actually disagree with the policies I think you favor, I still must attack one assumption that you and GGP are making here: that how much you get paid should be a function of how hard you work. That's just counterproductive, because it provides an incentive for working harder, and a disincentive for working smarter. There are countless cases where somebody who works less hard should reap a higher reward per unit of work, because they achieved more per unit of work.
The big problem here is how to measure the value of somebody's work. This is, in theory, set by supply and demand, and the free-market orthodoxy will proceed to justify CEO vs. worker compensation by saying that the labor market must be correctly pricing the value of the work of the CEO and the average worker. However, when you have a society with a very high concentration of wealth, this just skews the numbers, because this impersonal "market sets the prices" theory boils down topeople get to impose their judgements and interests at different rates, in proportion to their wealth. Or, in other words, if free-market is one dollar, one vote, then enormous wealth disparities mean that 1% of Americans get a third of the vote.
Why are you assuming that we need one single replacement? There's a free market on web search, directories, portals and the likes.
While TLDs aren't strictly necessary, free form strings aren't going to work. DNS has hierarchical names because DNS is a scheme for delegating authority for resolving the mapping between the symbolic names and the IP addresses. For this to work, smaller subparts of the fully qualified name need to correspond to DNS servers that can tell you where to ask for the larger subparts.
Or to put it differently, if domain names were free form strings, then a database of all of the mappings would need to exist in one place, and maintained by one entitity. Hierarchical names avoid that problem.
No, not really.
The internet works through a stack of protocols laid on top of each other, and different protocols require different levels of detail in identifying nodes of the network. For example, IP addresses have a network/subnetwork hierarchical structure that is used by routers to send packets to their destination. That sort of detail about how to route packets, however, is irrelevant to higher-level applications to HTML, where it is better to identify nodes in the network with symbolic names that aren't tied directly to packet routing.
Hence, the point of DNS is to allow us to change the low-level layout of the network (and hence, the IP addresses of hosts) without breaking high-level applications that just don't care about routing detail. The easiest example: to change your hosting provider without breaking links to your sites.
The other important thing to understand about DNS is that domain names are hierarchical because DNS is designed as a way of hierarchically delegating the authority to establish the mapping between names and IP addresses.
If we want to make websites easier to find, there are much better solutions such as portals, search engines and web directories. The fact that DNS names have become so important is because early browsers had an address bar that shows the URL and allows users to enter DNS addresses. This UI has become fossilized as a method for end users to reach content. But this can quite easily be replaced to use something other than DNS, and hopefully, it will be done.
There's a pretty glaring problem with your suggestion, which is that the AP is a cooperative owned by newspapers and other news organizations. The AP can't "cut the middle man" in the way you suggest because the AP in fact is the middle man between the papers, owned by the papers, and exists to benefit the papers.
Um, no, silly. I wouldn't be terribly surprised if somebody sent you such a notice by mistake, but (a) they don't have the right in that situation to demand that you take it down (since you didn't get your content from them), (b) it's not in their interest to pursue frivolous legal claims.