Simply dropping a huge load of technology on children doesn't make them inherently smarter. Giving each of them PDAs won't necessarily make their educational experience any better. I would first consider this: given that we want to spend a big gob of money on a first-rate educational/learning experience, what should we do. Then and only then ask how technology can serve to bring about that experience.
I'm sure there will be many suggestions of cutting edge technology: wireless, giving every student a Palm, etc.
I think it's important to remember that most students aren't interested in the cutting edge. They want stuff which just works. (This is why people use Windows and Macs.) Sure, you could give students a palm-sized Wifi-enabled device but then what? Too few students are nerdy enough to use it. Heck, a significant percentage of them don't even own their own computer and are very content to type their semiotics papers at a nearly computer cluster.
Perhaps a better use of the tech money would be something like recording lectures and posting them in a popular streaming-media format for later playing. This would be immediately accessible to everyone, not just those students who want to screw with SSIDs.
The point is this:/. readers don't like to contemplate the lowest common denominator -- it reminds them of Windows. But to use the money to cater to just the CS or EE students sounds like a waste.
Much of the data that's shipped around the United States is carried on privately-owned cable/fiber/whatever (ie Qwest, MCI, AT&T, etc), isn't it? Is this the case in India? A Carnivore would be lots easier to implement on state-owned data pipelines. That way the government would be able to bypass the ISPs completely.
Perhaps one possible target audience for these machines are the same people who invest in removeable hard drives. There are lots of people who want the security of removeable media -- perhaps a combined package of the processor with the hard drive would be attractive to these people.
From the first paragraph of the article: "creating a common online registration and identity system". Such a thing would be just as bad as Passport. When AOL/Sun/etc says "trust us, we'll hold all your personal info" it's no better than when MS says the same thing.
But if you go on to read the rest, you'll find that they are unveiling a common framework. This way the information remains decentralized -- everyone would only collect the info they need and have their own policies regarding to whom and how they reveal that information.
Perhaps we could take a page from the methods people use when they can't type because of wrist injuries. Check here for one man's experiences. Interesting to note that in the end, the author had to move to Windows for the accessibility options...
I agree that uServ doesn't represent any stunning advances in collaboration technologies. It makes use of proxy servers, peering, and HTTP: not exactly bleeding edge tech.
On the other hand, it's not Freenet, either. Freenet is a platform which guarrantees that data is survivable (lawyer-proof) and secure. uServ doesn't seem to be concerned with either. It's primarily a way for users who aren't very technologically savvy to publish content. That's it. Useful in its own way.
Especially since social security numbers are used as unique identifiers for virtually everything, ID theft has become much easier as of late. Steal a person's SSN and you can get a duplicate birth certificate, a duplicate license, etc. A true national ID registry would offer the same ease-of-theft: steal the ID number and you have the person's entire identity.
But most of this is probably irrelevant. It's overwhelmingly likely that the records which were stolen were not obtained via sophisticating cracking techniques but were probably swiped by a semi-saavy employee who needs access to the records to do his job. The point is that these systems should be completely closed for maximum security. Even if a maliciously minded employee wanted to do so, he shouldn't be able to walk out with the data on a Zip disk.
Talk all you want about the need for better computer security but to ignore the human side of the equation is to ignore the bulk of the problem.
How ironic. The title of the NYTimes article is "To Forestall a 'Digital Pearl Harbor'". The US had a lot of success breaking Japan's codes. Pearl Harbor was a devastatingly successful surprise attack not because of a shortcoming in the US' theoretical ability to know what Japan was up to. Rather, it worked because of human error. Nobody would believe that Japan would pull so brazen a stunt. Even when the intel suggested that it was immanent, nobody acted on it beacuse it was so far beyond what they could imagine happening. Intel wasn't acted upon and Pearl Harbor crushed the American Pacific fleet.
One of the lessons of Sept 11th is that we need to be more vigilant in imagining what the possible attacks are. We had good intel that the people who perpetrated the terrorist acts were living in America but didn't have the manpower to quickly round them up and didn't have the brainpower to imagine why rounding them up quickly was so crucial.
Likewise with the Internet. We should be spending out time identifying what the potential attacks are and thinking about ways to minimize or eliminate them.
This is a separate issue from the fact that many private networks already exist: SIPRNET, INTELNET, etc.
In this recent article, Honda said it had contracted Asimo out to do receptionist work for IBM. Working as a miner would be so much cooler. With the miner's union on the decline for the last 50 years, this could really be a killer blow:)
Much ado has been made about the Internet's ability to route packets around failed nodes. After all, it was designed to be able to continue to distribute information even in the event of a major nuclear attack. Of course, this in only in theory and while the theory isn't (as usual) quite as good as the practical reality, routing tables are fluid enough and individually managed that there is no real critial central point which coud be attacked.
Not so with DNS. While it is a hierarchical system, there are numerous security issues with it. BIND, the software overwhelmingly responsible for the implementation of DNS, has plenty of holes. The machines are also vulnerable to low-tech DOS attacks. So what? Any centralized machine offering a service which consumes bandwith is vulnerable to DOS attacks. It's a well known issue and there is lots of research on ways to combat it: load balancing, ICMP filtering, etc.
The bottom line is this. Don't be too worried about DNS going down. Unlike www.microsoft.com or www.whitehouse.gov, there is little incentive for a malicous script kiddie to attack DNS.
Of course, if you're really paranoid, start writing down the IP addresses of your favorite sites.:)
Perhaps the scariest line in the securityfocus.com article is this one:
The bylaws will also include an agreement that any security software produced by members of the group will be engineered in such a way that it can only be used for lawful purposes.
Yet again, we have a software usage agreement that restricts the types of things for which the software can be used. This is silly and ironic. If some sort of authority were set up to police the observance of this, we'd be a huge step closer to the scary world RMS describes in the famous essay set in a (hopefully) fictional future. Without such an authority, MS and friends would essentially be relying on the honor system which it hates so much.
I guess that MS and friends would rather have the sense of security they get from restrictive user licenses and the like. Folly.
When a browser encounters an HTML tag it *always* has 2 options: either ignore it, or process it. HTML standards dictate which tags must be processed -- all other tags may be ignored and the browser can still be considered HTML 1/2/3/4/whatever compliant. The difficulty is that many developers don't consider the case in which an HTML tag is ignored. For example, several years ago before virtually all browsers came to support Java, you could do something like:
<applet etc...> ... any params...
Sorry, your browser doesn't support Java. Click here to go to the less-enhanced version.
</applet>
But few people did this. Some people were left staring at blank screens because their browser wasn't cutting edge enough and because developers didn't feel like worrying about those browsers enough to provide alternatives.
HTML works in the sense that if all the HTML creation tools and people writing raw HTML decided to consider the case of the two-versions-behind browser, the content would at least display. Maybe not perfectly, but the content would display. Of course, this assumes that the format of the content is secondary -- and this is increasingly not true. For cases in which perfect formatting is crucial, use PDF, etc, not HTML
What about eavesdropping a la TEMPEST? (See this TEMPEST page.) This has been around and known for years and doesn't seem to be a big concern of the industry. It's all about acceptible risk. If you're data is not sensitive, use whatever hardware you like. If it's very sensitive, use shielded stuff. Where you fall in the spectrum should determine how much protection is warranted.
The GPL (ideally) guarrantees that code under this license cannot be rolled into proprietary software unless, of course, the entire thing is then released under the GPL.
This license would do something else -- it would prevent the use of both free and proprietary software on the same machine, it would likely be bad for programmers, bad for employees, and bad for companies.
Programmers sometimes prefer to use proprietary software. It's a fact, they're just often better tools than their free counterparts (if those exist at all). Not allowing programmers to have hybrid systems of free and proprietary code can be stifling.
You know all the stories you hear about how a savvy employee snuck in a Linux or FreeBSD server in his company's server farm and it outperformed all the NY boxen? This would never happen. Employees would not be allowed to introduce free code unless *all* the proprietary stuff was chucked. Which is unlikely and brings us to...
Companies often use proprietary software because it does the job best. Period. Convincing a small ISP to discard the NT servers running IIS in favor of a Linux machine running Apache is difficult enough -- the ISP would have to get a new sysadmin, etc. And forget about trying to migrate large companies with significant investments in certain hardware/software platforms.
The bottom line is that this would be an overly restrictive license.
Buried at the bottom of the introduction to Part I are the interoperability goals. Compliance has always been difficult to enforce; one of the most comical stories of this was IBM's attempt to enforce the CUA (user interface). They spent gobs of money trying to make sure that everyone respected the specifications to absolutely no avail.
What's really interesting is that the document doesn't even try to explain how compliance will be definitively assured. They do suggest a few things but then:
Industry support could be demonstrated by voluntary participation in interoperability testing events organized by standards organizations, or a committee of active, CDSA developers.
Hooray! Perhaps Apple is realizing that standing on a soap box and screaming "my closed OS is better!" isn't as prudent as simply making a good spec and offering it to the public.
Why bother getting in a huff about TLDs at all? Why not entirely leave the system in which domain names are mapped to IP addresses via DNS queries? Why not go to a system in which English names are mapped to domain names which are then mapped to IP addresses (or English mapped directly to IP addresses)? Imagine a hash table whos keys are English words and whos values are IP addresses. This would enormously increase the space and get rid of the ridiculous bantering about TLDs, not to mention make it a lot harder for people to cybersquat. BEN
Slashdot Mirror
BEN
I think it's important to remember that most students aren't interested in the cutting edge. They want stuff which just works. (This is why people use Windows and Macs.) Sure, you could give students a palm-sized Wifi-enabled device but then what? Too few students are nerdy enough to use it. Heck, a significant percentage of them don't even own their own computer and are very content to type their semiotics papers at a nearly computer cluster.
Perhaps a better use of the tech money would be something like recording lectures and posting them in a popular streaming-media format for later playing. This would be immediately accessible to everyone, not just those students who want to screw with SSIDs.
The point is this:
BEN
Much of the data that's shipped around the United States is carried on privately-owned cable/fiber/whatever (ie Qwest, MCI, AT&T, etc), isn't it? Is this the case in India? A Carnivore would be lots easier to implement on state-owned data pipelines. That way the government would be able to bypass the ISPs completely.
Perhaps one possible target audience for these machines are the same people who invest in removeable hard drives. There are lots of people who want the security of removeable media -- perhaps a combined package of the processor with the hard drive would be attractive to these people.
BEN
But if you go on to read the rest, you'll find that they are unveiling a common framework. This way the information remains decentralized -- everyone would only collect the info they need and have their own policies regarding to whom and how they reveal that information.
Much better.
Perhaps we could take a page from the methods people use when they can't type because of wrist injuries. Check here for one man's experiences. Interesting to note that in the end, the author had to move to Windows for the accessibility options...
On the other hand, it's not Freenet, either. Freenet is a platform which guarrantees that data is survivable (lawyer-proof) and secure. uServ doesn't seem to be concerned with either. It's primarily a way for users who aren't very technologically savvy to publish content. That's it. Useful in its own way.
BEN
But most of this is probably irrelevant. It's overwhelmingly likely that the records which were stolen were not obtained via sophisticating cracking techniques but were probably swiped by a semi-saavy employee who needs access to the records to do his job. The point is that these systems should be completely closed for maximum security. Even if a maliciously minded employee wanted to do so, he shouldn't be able to walk out with the data on a Zip disk.
Talk all you want about the need for better computer security but to ignore the human side of the equation is to ignore the bulk of the problem.
BEN
One of the lessons of Sept 11th is that we need to be more vigilant in imagining what the possible attacks are. We had good intel that the people who perpetrated the terrorist acts were living in America but didn't have the manpower to quickly round them up and didn't have the brainpower to imagine why rounding them up quickly was so crucial.
Likewise with the Internet. We should be spending out time identifying what the potential attacks are and thinking about ways to minimize or eliminate them.
This is a separate issue from the fact that many private networks already exist: SIPRNET, INTELNET, etc.
BEN
In this recent article, Honda said it had contracted Asimo out to do receptionist work for IBM. Working as a miner would be so much cooler. With the miner's union on the decline for the last 50 years, this could really be a killer blow :)
BEN
Not so with DNS. While it is a hierarchical system, there are numerous security issues with it. BIND, the software overwhelmingly responsible for the implementation of DNS, has plenty of holes. The machines are also vulnerable to low-tech DOS attacks. So what? Any centralized machine offering a service which consumes bandwith is vulnerable to DOS attacks. It's a well known issue and there is lots of research on ways to combat it: load balancing, ICMP filtering, etc.
The bottom line is this. Don't be too worried about DNS going down. Unlike www.microsoft.com or www.whitehouse.gov, there is little incentive for a malicous script kiddie to attack DNS.
Of course, if you're really paranoid, start writing down the IP addresses of your favorite sites.
BEN
The bylaws will also include an agreement that any security software produced by members of the group will be engineered in such a way that it can only be used for lawful purposes.
Yet again, we have a software usage agreement that restricts the types of things for which the software can be used. This is silly and ironic. If some sort of authority were set up to police the observance of this, we'd be a huge step closer to the scary world RMS describes in the famous essay set in a (hopefully) fictional future. Without such an authority, MS and friends would essentially be relying on the honor system which it hates so much.
I guess that MS and friends would rather have the sense of security they get from restrictive user licenses and the like. Folly.
BEN
<applet etc...>
Sorry, your browser doesn't support Java. Click here to go to the less-enhanced version.
</applet>
But few people did this. Some people were left staring at blank screens because their browser wasn't cutting edge enough and because developers didn't feel like worrying about those browsers enough to provide alternatives.
HTML works in the sense that if all the HTML creation tools and people writing raw HTML decided to consider the case of the two-versions-behind browser, the content would at least display. Maybe not perfectly, but the content would display. Of course, this assumes that the format of the content is secondary -- and this is increasingly not true. For cases in which perfect formatting is crucial, use PDF, etc, not HTML
BEN
What about eavesdropping a la TEMPEST? (See this TEMPEST page.) This has been around and known for years and doesn't seem to be a big concern of the industry. It's all about acceptible risk. If you're data is not sensitive, use whatever hardware you like. If it's very sensitive, use shielded stuff. Where you fall in the spectrum should determine how much protection is warranted.
This license would do something else -- it would prevent the use of both free and proprietary software on the same machine, it would likely be bad for programmers, bad for employees, and bad for companies.
Programmers sometimes prefer to use proprietary software. It's a fact, they're just often better tools than their free counterparts (if those exist at all). Not allowing programmers to have hybrid systems of free and proprietary code can be stifling.
You know all the stories you hear about how a savvy employee snuck in a Linux or FreeBSD server in his company's server farm and it outperformed all the NY boxen? This would never happen. Employees would not be allowed to introduce free code unless *all* the proprietary stuff was chucked. Which is unlikely and brings us to...
Companies often use proprietary software because it does the job best. Period. Convincing a small ISP to discard the NT servers running IIS in favor of a Linux machine running Apache is difficult enough -- the ISP would have to get a new sysadmin, etc. And forget about trying to migrate large companies with significant investments in certain hardware/software platforms.
The bottom line is that this would be an overly restrictive license.
Why bother getting in a huff about TLDs at all? Why not entirely leave the system in which domain names are mapped to IP addresses via DNS queries? Why not go to a system in which English names are mapped to domain names which are then mapped to IP addresses (or English mapped directly to IP addresses)? Imagine a hash table whos keys are English words and whos values are IP addresses. This would enormously increase the space and get rid of the ridiculous bantering about TLDs, not to mention make it a lot harder for people to cybersquat. BEN