My bachelor's degree at IIT madras was a 5-year program, and I probably use 20% of that in my job at this point in my life. Why specialize in one field? In today's fast moving, nimble world, learners and employers are looking for multidisciplinary education. Further, they are looking to refresh their skills as the workplace needs change.
A degree, fundamentally, is a signaling mechanism. It tells an employer that the holder likely has a set of skills.
There is so much more to your career than getting hired for your first jobs (where your degree matters most -- after that it's your network, reputation, and work experience), and there is far, far more to life than work and money. It's sad to see the development and education of young men and women reduced to vocational training.
Study to develop yourself, your mind, your soul; to learn about the world, the people in it, and yourself. You might be a little disadvantaged looking for a first job (though many employers are much more impressed by intellectual curiosity than vocational training, and the skills academia provides are outdated and you will require training regardless), but you will be far ahead for the everything else and for the rest of your life.
Find out what middle-aged people you admire studied as undergraduates. I'll bet for most of them, it had little to do with what they do now.
(At least the article didn't quote her saying more, but maybe she did...)
She's not asking, 'is this spying worth the loss of liberty and should we continue?', she's just saying we should take steps to make people more comfortable with it.
The serious conversation needs to be about the trade-off: People lose privacy, and eventually someone, even if not Obama or Hillary Clinton, will abuse the power to suppress political opposition and for other selfish purposes. Are the security gains worth all that harm? One consideration is that governments maintained security for thousands of years before they could spy so easily on everyone.
Security is important and I think we need to find a balance, not simplistic, all or nothing conclusions.
Thanks for the explanation. One point I don't quite agree on:
very few black-hats are going to be willing to spend years submitting high-quality code to build up enough of a reputation with the maintainer to be able to get code in with only a cursory review.
I think you are underestimating the value to attackers of compromising Linux, and therefore everything that runs on Linux. Paying someone over several years to build a reputation in a community is nothing for a state intelligence budget or even unusual activity (based on my very limited knowledge).
Also, in IT security, insiders are often considered the greatest security threat. Established community members can be compromised; maybe they need money; maybe they believe the national security argument ('this will stop nuclear proliferation'), or they did something embarrassing, or they want to feel important, or they are angry at Linus or the community...
I hope the Linux team, which has the security of billions of people in their hands, uses far better security than Felton's article implies. (And for all I know it is.)
The excerpt above suggests that someone happened to notice a change that wasn't pointing to an approval record. What if nobody happened to notice? What if the attacker also created an approval record? And was there a serious effort to find the exploit used and close it, and find the perpetrator?
I hope the Linux kernel's integrity is monitored much more carefully. For example (and I'm just guessing; I don't know much about the Linux kernel), someone could manually validate that every change to the code's fingerprint (and/or the compiled kernel's fingerprint) is legitimate. At ~200 changes/day, one person could do it -- a small investment for something so critical.
The widespread use of Linux makes it an exceptionally valuable target. People will spend a lot of time and money attacking it. It's security needs to be proportional to the threats.
That's a sad outlook. I know many people who work for social change and achieve it every day. It's not immediate and certainly not perfect, but so much is achieved. Look at LGBT rights, for example. Look at environmental issues. Look at food safety. Fluoride in water. Automobile safety. Openness and on the Internet (thank you Mozilla, and to a degree, Slashdot).
Because the converse is total paralysis when malicious people with more free time than money can tie anything up in litigation. This pretty much a no brainer, except perhaps to you and the few who modded you up.
So malicious litigation is ok from people with money, but not from people without it?
The problem is that the court system is inefficient and expensive. I suspect that if anyone cared to look at the process, it could be significantly improved. It's not a trivial issue; the inefficiency denies justice to those who can't afford it. Just as inefficient food distribution could lead to malnourishment.
Clearly justice is denied when one party can use the threat of a lawsuit to compel another to capitulate, simply because they can't afford to defend themselves. Everyone knows it works this way. Why don't more people object?
Even then physical books have advantages. For example, lending an e-book still requires that the recipient uses that same reader.
I'm actually looking into this issue right now, trying to find an ebook format not tied to a particular reader, which I own and is free-as-in-speech, and which will be readable in 20 years.
I just started looking into it; isn't EPUB platform independent and free at least? I also came across TEI, but I'm not sure it's really what I'm looking for.
I'd also like something I can annotate and retain the notations, but at some point I may decide a word processor is a better application for my needs.
At least for non-fiction, books are fundamentally different than music. A book contains knowledge that you may want to retain for the rest of your life; a song is an experience that you can have a few times and move on to something else.
I'm not sure I want my books owned by a third party.
Non-content data refers to basic subscriber information, such as the e-mail address, name, location and IP address captured at the time of registration. Below is an example of exactly what law enforcement receives when Microsoft produces basic subscriber information, using a test account registered by a Microsoft employee. Although we changed the name and are masking the extension for security reasons, all other information is exactly what Microsoft produces to law enforcement. Field Value Login First.Last@xxxxxxx.com PUID 0006BFFDA0FF8810 First Name First Last Name Last State Washington Zip 98052 Country US Timezone America/Los_Angeles Registered from IP 65.55.161.10 Date Registered {Pacific} 10/24/2007 1:05:18 PM Gender M Last Login IP 64.4.1.11
The PUID in the above table stands for âoePersonal User ID,â which is a unique alpha-numeric code generated for each registered Microsoft account. Other non-content data may include IP connection history, an Xbox Gamertag, and credit card or other billing information. We require an official, document based request, such as a subpoena, before we will consider disclosing non-content data to law enforcement.
Even Slashdot's editors don't know the value of metadata, calling it "non-content data", at least on the front page post? Click through the link and read the sub-headline: "Microsoft provided metadata in 77 percent of more than 37,000 law-enforcement requests for information".
If I spent $2 on my credit card; it would be easy to track me down. If I walked into a drug store and spent $2 in cash, the security cameras would record who I was.
It has been suspected for years, but anyone reporting or inferring it has been written off as a tinfoil wearing conspiracy theorist by the deaf dumb and blind patriot idiots making up the majority of the population.
Then the Internet Society should have worked to change those opinions. They are way behind on a very important issue, not ahead of it. For example, they could have worked to reduce some of the vulnerabilities.
I'm guessing most people underestimated it by a fair margin...
The Internet Society is not most people; they are supposed to have expert knowledge and exercise foresight and leadership far beyond what posters on Slashdot think of or know.
The fantasy was not about data sets sizes, cpu power, cooling, storage, optical loops/mirroring, brand names helping, indexing - the fantasy was the legal system.
Very good point (though the fantasy was a bit about technical issues).
Are they really surprised by the spying, and if not why didn't they respond sooner? Their leadership is questionable if they wait until they are compelled to act.
The U.S. government's spying has been reported for years. I understand that the general public didn't necessarily understand, but the Internet Society? It also involved the cooperation of many people from many companies, and I assume many of those people are involved with the Internet Society. People talk, even about confidential things. There must have been some awareness of what was happening.
While I strongly prefer requiring humans to make the life-and-death decisions, I see a serious problem with that:
If robot A can make the decision itself, and robot B has to wait for a person to evaluate the information and decide, robot A will act much more quickly and be much more effective. The country with robot A will win the wars, and we'll be living with robot A anyway.
The rule of security is: Make it more expensive for the attacker than it's worth to them.
How much is it worth to spy agencies to have root access to telecom providers? Quite a bit, is my amateur guess. The telecom providers (and ISPs, etc.) should anticipate attacks proportional to the value, and implement security proportional to the anticipated attacks. (But do they really have a chance of holding off the NSA, GCHQ, etc.? Perhaps their own national intelligence agency could help, if their citizens can trust them).
How much would it be worth to attackers to access Barack Obama's phone? A general in the military? Warren Buffet? Depending on who you are, the answer ranges from billions to life-and-death (e.g., an enemy in war's survival might depend on access to a U.S. military general's communications). With stakes so high, can such things really be secured?
To answer some of my own question, this is their response in their Reddit AMA:
----
We are in the process of setting up a nonprofit to foster the open source side.
----
There are no plans to close the source for things such as device support and work done in the community. We do need to build value for the company, and there are various things we are working on that require significant time and capital to develop- these may be proprietary but we won't pervert/close the core OS for this to happen.
----
Our strength is that we have a strong open source community behind us.
The core of the project (hardware support, community contributions, etc) will always remain open source. But obviously, as a company that has financial needs, employees to pay, Cooper treats to buy, and Cyanogen-babies to feed, we will need to make careful decisions about what we open source, and what may become proprietary.
Sorry, but I only have time to skim that. Regarding a key point, I don't agree that we are near maximum consumption:
* Over a billion (maybe billions) people live on less than a dollar per day. They can consume much more
* As they consume more, we'll need new technologies in order to meet demand sustainably; the model the advanced nations used doesn't scale up that far.
* Even in the wealthiest countries, people cannot afford all the healthcare they need, all the education they need, or, to consider another industry, all the quality, organic food they desire. Heck, they can't get the quality tech support they need.
OK, a reasonable point, but what do you suggest? Stop economic progress, the growth in productivity (if we could)? Should we have stopped in 1950? 1920? How would you and I be communicating?
... and do they have any expertise in economics? Or is it kind of like an econobiologist or econocabdriver -- someone interested in economics but doesn't know any more than I do about it.
Slashdot Mirror
My bachelor's degree at IIT madras was a 5-year program, and I probably use 20% of that in my job at this point in my life. Why specialize in one field? In today's fast moving, nimble world, learners and employers are looking for multidisciplinary education. Further, they are looking to refresh their skills as the workplace needs change.
A degree, fundamentally, is a signaling mechanism. It tells an employer that the holder likely has a set of skills.
There is so much more to your career than getting hired for your first jobs (where your degree matters most -- after that it's your network, reputation, and work experience), and there is far, far more to life than work and money. It's sad to see the development and education of young men and women reduced to vocational training.
Study to develop yourself, your mind, your soul; to learn about the world, the people in it, and yourself. You might be a little disadvantaged looking for a first job (though many employers are much more impressed by intellectual curiosity than vocational training, and the skills academia provides are outdated and you will require training regardless), but you will be far ahead for the everything else and for the rest of your life.
Find out what middle-aged people you admire studied as undergraduates. I'll bet for most of them, it had little to do with what they do now.
(At least the article didn't quote her saying more, but maybe she did ...)
She's not asking, 'is this spying worth the loss of liberty and should we continue?', she's just saying we should take steps to make people more comfortable with it.
The serious conversation needs to be about the trade-off: People lose privacy, and eventually someone, even if not Obama or Hillary Clinton, will abuse the power to suppress political opposition and for other selfish purposes. Are the security gains worth all that harm? One consideration is that governments maintained security for thousands of years before they could spy so easily on everyone.
Security is important and I think we need to find a balance, not simplistic, all or nothing conclusions.
Thanks for the explanation. One point I don't quite agree on:
very few black-hats are going to be willing to spend years submitting high-quality code to build up enough of a reputation with the maintainer to be able to get code in with only a cursory review.
I think you are underestimating the value to attackers of compromising Linux, and therefore everything that runs on Linux. Paying someone over several years to build a reputation in a community is nothing for a state intelligence budget or even unusual activity (based on my very limited knowledge).
Also, in IT security, insiders are often considered the greatest security threat. Established community members can be compromised; maybe they need money; maybe they believe the national security argument ('this will stop nuclear proliferation'), or they did something embarrassing, or they want to feel important, or they are angry at Linus or the community ...
I hope the Linux team, which has the security of billions of people in their hands, uses far better security than Felton's article implies. (And for all I know it is.)
The excerpt above suggests that someone happened to notice a change that wasn't pointing to an approval record. What if nobody happened to notice? What if the attacker also created an approval record? And was there a serious effort to find the exploit used and close it, and find the perpetrator?
I hope the Linux kernel's integrity is monitored much more carefully. For example (and I'm just guessing; I don't know much about the Linux kernel), someone could manually validate that every change to the code's fingerprint (and/or the compiled kernel's fingerprint) is legitimate. At ~200 changes/day, one person could do it -- a small investment for something so critical.
The widespread use of Linux makes it an exceptionally valuable target. People will spend a lot of time and money attacking it. It's security needs to be proportional to the threats.
That's a sad outlook. I know many people who work for social change and achieve it every day. It's not immediate and certainly not perfect, but so much is achieved. Look at LGBT rights, for example. Look at environmental issues. Look at food safety. Fluoride in water. Automobile safety. Openness and on the Internet (thank you Mozilla, and to a degree, Slashdot).
There is still much more to do.
Because the converse is total paralysis when malicious people with more free time than money can tie anything up in litigation. This pretty much a no brainer, except perhaps to you and the few who modded you up.
So malicious litigation is ok from people with money, but not from people without it?
The problem is that the court system is inefficient and expensive. I suspect that if anyone cared to look at the process, it could be significantly improved. It's not a trivial issue; the inefficiency denies justice to those who can't afford it. Just as inefficient food distribution could lead to malnourishment.
Clearly justice is denied when one party can use the threat of a lawsuit to compel another to capitulate, simply because they can't afford to defend themselves. Everyone knows it works this way. Why don't more people object?
If Rockstar can't do it smoothly, what did you expect from the other major rollout?
Even then physical books have advantages. For example, lending an e-book still requires that the recipient uses that same reader.
I'm actually looking into this issue right now, trying to find an ebook format not tied to a particular reader, which I own and is free-as-in-speech, and which will be readable in 20 years.
I just started looking into it; isn't EPUB platform independent and free at least? I also came across TEI, but I'm not sure it's really what I'm looking for.
I'd also like something I can annotate and retain the notations, but at some point I may decide a word processor is a better application for my needs.
At least for non-fiction, books are fundamentally different than music. A book contains knowledge that you may want to retain for the rest of your life; a song is an experience that you can have a few times and move on to something else.
I'm not sure I want my books owned by a third party.
From Microsoft's FAQ:
Non-content data refers to basic subscriber information, such as the e-mail address, name, location and IP address captured at the time of registration. Below is an example of exactly what law enforcement receives when Microsoft produces basic subscriber information, using a test account registered by a Microsoft employee. Although we changed the name and are masking the extension for security reasons, all other information is exactly what Microsoft produces to law enforcement.
Field Value
Login First.Last@xxxxxxx.com
PUID 0006BFFDA0FF8810
First Name First
Last Name Last
State Washington
Zip 98052
Country US
Timezone America/Los_Angeles
Registered from IP 65.55.161.10
Date Registered {Pacific} 10/24/2007 1:05:18 PM
Gender M
Last Login IP 64.4.1.11
The PUID in the above table stands for âoePersonal User ID,â which is a unique alpha-numeric code generated for each registered Microsoft account. Other non-content data may include IP connection history, an Xbox Gamertag, and credit card or other billing information. We require an official, document based request, such as a subpoena, before we will consider disclosing non-content data to law enforcement.
Even Slashdot's editors don't know the value of metadata, calling it "non-content data", at least on the front page post? Click through the link and read the sub-headline: "Microsoft provided metadata in 77 percent of more than 37,000 law-enforcement requests for information".
Your metadata is as valuable as the content. Otherwise, why would the NSA and Facebook invest so much in it?
and probably always will be
Is that based on your evaluation of him?
If I spent $2 on my credit card; it would be easy to track me down. If I walked into a drug store and spent $2 in cash, the security cameras would record who I was.
Why don't we know who made this trade?
It has been suspected for years, but anyone reporting or inferring it has been written off as a tinfoil wearing conspiracy theorist by the deaf dumb and blind patriot idiots making up the majority of the population.
Then the Internet Society should have worked to change those opinions. They are way behind on a very important issue, not ahead of it. For example, they could have worked to reduce some of the vulnerabilities.
I'm guessing most people underestimated it by a fair margin ...
The Internet Society is not most people; they are supposed to have expert knowledge and exercise foresight and leadership far beyond what posters on Slashdot think of or know.
The fantasy was not about data sets sizes, cpu power, cooling, storage, optical loops/mirroring, brand names helping, indexing - the fantasy was the legal system.
Very good point (though the fantasy was a bit about technical issues).
Are they really surprised by the spying, and if not why didn't they respond sooner? Their leadership is questionable if they wait until they are compelled to act.
The U.S. government's spying has been reported for years. I understand that the general public didn't necessarily understand, but the Internet Society? It also involved the cooperation of many people from many companies, and I assume many of those people are involved with the Internet Society. People talk, even about confidential things. There must have been some awareness of what was happening.
While I strongly prefer requiring humans to make the life-and-death decisions, I see a serious problem with that:
If robot A can make the decision itself, and robot B has to wait for a person to evaluate the information and decide, robot A will act much more quickly and be much more effective. The country with robot A will win the wars, and we'll be living with robot A anyway.
The rule of security is: Make it more expensive for the attacker than it's worth to them.
How much is it worth to spy agencies to have root access to telecom providers? Quite a bit, is my amateur guess. The telecom providers (and ISPs, etc.) should anticipate attacks proportional to the value, and implement security proportional to the anticipated attacks. (But do they really have a chance of holding off the NSA, GCHQ, etc.? Perhaps their own national intelligence agency could help, if their citizens can trust them).
How much would it be worth to attackers to access Barack Obama's phone? A general in the military? Warren Buffet? Depending on who you are, the answer ranges from billions to life-and-death (e.g., an enemy in war's survival might depend on access to a U.S. military general's communications). With stakes so high, can such things really be secured?
To answer some of my own question, this is their response in their Reddit AMA:
----
We are in the process of setting up a nonprofit to foster the open source side.
----
There are no plans to close the source for things such as device support and work done in the community. We do need to build value for the company, and there are various things we are working on that require significant time and capital to develop- these may be proprietary but we won't pervert/close the core OS for this to happen.
----
Our strength is that we have a strong open source community behind us.
The core of the project (hardware support, community contributions, etc) will always remain open source. But obviously, as a company that has financial needs, employees to pay, Cooper treats to buy, and Cyanogen-babies to feed, we will need to make careful decisions about what we open source, and what may become proprietary.
One point I haven't seen covered: Will it remain open source and free-as-in-speech, or are they making it proprietary?
Sorry, but I only have time to skim that. Regarding a key point, I don't agree that we are near maximum consumption:
* Over a billion (maybe billions) people live on less than a dollar per day. They can consume much more
* As they consume more, we'll need new technologies in order to meet demand sustainably; the model the advanced nations used doesn't scale up that far.
* Even in the wealthiest countries, people cannot afford all the healthcare they need, all the education they need, or, to consider another industry, all the quality, organic food they desire. Heck, they can't get the quality tech support they need.
OK, a reasonable point, but what do you suggest? Stop economic progress, the growth in productivity (if we could)? Should we have stopped in 1950? 1920? How would you and I be communicating?
... and do they have any expertise in economics? Or is it kind of like an econobiologist or econocabdriver -- someone interested in economics but doesn't know any more than I do about it.