It's not really a secret that there's altogether too much chatting between a Vista system and Redmond (use Google, the stories aren't *that* old). Sure, WGA is a problem too because of it's ability to maliciously reduce functionality and, en passant, accuse perfectly innocent people and corporations of being software thieves, but that's only a small part of the problem. It's all the other stuff that seems to be shipped to Redmond without an attempt to seek permission, and wholly documented.
In addition, I suggest you have a good read of the Vista EULA, and also ask yourself how an update system that is set to NON-automatic still somehow manages to update. The OS is *made* for spyware.
I can accept activation traffic. Once. After that there is no reason why a system has to chat with anyone on the planet except form when *I* ask it. None whatsoever. Thankfully it's no longer my problem:-).
AFAIK, Vista ALREADY snoops on the user, so as far as I can tell this "offer" is a bit like their mea culpa monopoly voucher, totally without value. Actually, given what's on offer they should GIVE you money to install Vista (install Vista, pleeeeeease. We desperately need the numbers).
The longer I look at Vista, the more those Apple ads appear to have been strangely accurate, and I don't even HAVE a Mac (although I think that will change next year).
Microsoft Vista, the best marketing campaign for 'anything but Microsoft' yet. It's a shame there isn't a Darwin award for companies:-).
MS isn't selling software, that's a side effect. They sell hope. Hope that the next version will be safer (it isn't), will be more efficient (it isn't, especially if you take into account the relearning time - that cost is always "overlooked"), is innovative (only in selling, marketing and subversion techniques) and will allow you to be one up on your competitor (who can buy the same software).
A proper TCO calculation will demonstrate that very clearly, that's why they try to prevent comparisons.
IMHO, buying Microsoft is more and more looking like a serious business risk.
Just for the record, help has many stages. You start with emergency relief to stop people from simply starving to death, but you can't keep giving them just food - you have to help them become self sufficient (unless you are keen to maintain a dependency on foreign aid). OLPC is one of the tools to enale the required educational resources.
Personally, I find this a new low for Dvorak that he needs to troll worthy projects for hits. It's almost as if he's bought by Intel and MS.. Umm, wait a moment. Who advertises? Ah, yes..
You are not asked for the hardware, you are asked for the information.
That means that you are to provide a non-volatile copy. If you try to pull this stunt you're IMHO most likely ending up with a charge for destroying evidence, and you can ask "Oops I shredded Enron docs again" Anderson what happens next..
In the UK you can make their life a bit more difficult by storing part of your recovery (backdoor) crypto key abroad. It's not unreasonable to be slow at that point because you have to recover the key part first (plausible defence for delay), but don't expect to STOP anyone gaining access. The best you can hope for is delay.
MS only sees a 'laptop' and it thus needs 'an OS' (sorry, MICROSOFT's OS). They forget that OLPC is a whole concept where the hardware and software is only a carrier for the educational framework that Negroponte and his team have dreamt up.
It's not unusual that Microsoft doesn't see that (or wilfully ignores it, let's be precise here). Innovation isn't exactly their stong point, is it?
(0) init - maybe a start 'magic word' to make it individual?
(1) take website name (2) strip "www" from it (so 'bare' use is identical) (3) request password from user (4) store user password for re-use (as normal if Firefox is set up that way) (5) get hash (MD5 or better) of magic word + sitename + user provided password (6) take first/last/middle 5..32 characters (not all sites allow more than 8 chars) - maybe derive this from web name as well so the length is stable per site but random between sites. (7) submit the derived "hash"word (as opposed to "pass"word) to the site's "password" field.
There are a few gotchas there: step 6&7 are limiting in the character set used (0..9 and A..F) so we may need to examine which hashing algorithm is used, and taking a defined subset of the output could weaken the output variation.
However, compared to 'ordinary' passwords it would certainly be better.
Tell you what, I'll punt Bruce Schneier an email, see what he thinks (if he answers, of course).
All in all it strikes me quite a useful Firefox plugin, so now we need to find a plugin author:-).
I like that idea, and it's easy to do if the site provides the 'salt', i.e. the site sends you a string to which you ADD your password before you calculate the hash locally and return it.
That way, the hash is site specific and it wouldn't matter if you used the same password or not.
The problem is implementation. Maybe one for Firefox and Apache together?
It's seriously annoying, another side effect of trying to keep the idiots out. Maybe the thing should disable after you've been around for a while, how the hell are you going discuss things like EULAs otherwise?
Why not start now? You can cut your dependency on anything MS makes right now - I had to start this because the uncontrolled "phone home" features have the potential to unknowingly put me on the wrong side of the law re. client privacy. I'm presently using a mix of XP and Linux. Linux where possible, XP where unavoidable (I'd really love mobile phone companies to ^%$£ stop using Outlook as an essential component of data backup and sync).
Having said that, I use where possible Outlook Express for that (because I don't use it for email anyway) because I haven't used any MS Office in over two years.
It's unfortunately not yet possible to fully ditch MS (see the above for an example of what a lack of open standards does) but I'm working on it. There is NO server left running Windows, which is a nice start.
It may be time to examine how OpenOffice automation works too..
Final remark: "legal consequences" re. the piracy tool? You must be joking. I suggest you examine the EULA, where you agree to sign away all your rights and sacrifice your first born in exchange for nothing at all. I'm not even sure such a one-sided contract is legal, but it appears MS gets away with it.
I think that XO's biggest winner is not the machine itself, but what's in it and what concepts it supports.
That is not to say that Negroponte and his team haven't seriously shaken up all vendors with what they did in hardware (when was the last time we saw innovation in doing more with LESS?), IMHO an award winning effort in itself, but look what else hides behind OLPC - the stuff that is ignored when people talk about "they don't need computers but x/y/x".
At the very root of OLPC (as well as the problems in those poor nations) lies EDUCATION, and that's quite a complex concept to define. For me, education is a combination of bringing knowledge and insight. Knowledge is what you get when you read a book about something, and is the easier part of education. It's eminently sensible to use electronics for this as the infrastructure is actually cheaper than inking a pile of trees for books.
However, insight (with experience) comes from doing, and this is where the OLPC project goals differs from all the other me-too offerings. It allows kids to experiment, to think, to reason, to tinker - to take a problem, analyse it, take it apart and solve it. About the most valuable skill of all: learning how to THINK. You know, the thing most Western governments are trying to get rid of because you'd become too critical?
Explain to me what innovation Intel will bring with its own laptop? I won't even mention Microsoft in that context. Will Intel and MS allow the kids (the generation that will inherit the problems) to take things apart? Ah, sorry, did I hear the words "Intellectual" Property (about the biggest misnomer known to man in this context)? And "proprietary"? Oh, hang on, someone in the back, that "L" word can you repeat that again? Yes, yes, that's right, "Licensing". Ah, another "L" here in the front: "Lock in". Well done.
If anyone is really serious about letting those nations develop, the OLPC project has the best scope to make that happen. However, I guess it's just too much to ask from commercial ventures to hang back a few years before milking them dry, especially not now the OLPC project has shown them for what they are.
Given that quite a large percentage of these animals are reared for eating, maybe we should just come up with a way to retain and spread the methane in their body. You'd end up with flash-roast steaks - just hold a match to them and blamm - ready.
You would have to breed rare, medium and well done varieties, of course, but I'm sure a bit of selective breeding would sort that out.
The only problem is that you'd have to ban smoking near the herd:-).
What I like about the macro code in OO is that you learn ONE variant. Not 3 (VBA Excel, Word or Powerpoint), just ONE. And, of course, you end up with multi platform support, but it will be a while before people realise that from using OO it is but a short step to Linux - IMHO, Outlook is about the last claw MS has on business and end users because mobile phone suppliers still insist on using it as the sole targer for synchronisation.
The moment some Open Source heda comes up with a decent alternative for that it's curtains for MS. And no, Evolution is still too far off to serve as a decent replacement.
Oh boy, if you only knew how much of a botch job the whole National Insurance Numbers are. That whole scheme got royally screwed up a few years back, and they've been trying to fix it ever since.
Here's a hint: why do you think they were trying to ram the IDcard down everyone's throat? It's not just Big Brother (although it is a laudible effort if you're a Panoptikon fan), it's also to renumber the whole population.
But, let me go back to basics. I agree that the DPA '98 sets out some requirements, but you can already see from later reporting that the rules were not "broken" per se (which is, if recall correctly, the theme I started this debate with). Firstly, the NAO very properly asked for risk limitation (well done, guys), then some unusual attention to our tax money was encountered ("too expensive" - which is IMHO BS, by the way, this only required a data strip, but it's rare that someone takes that effort) and finally SENIOR PERMISSION WAS SOUGHT. And this is where you pop up out of the regular rule book - permission was given which brings you into the grey exception zone where this Government loves to reside because you can't prove much if things go wrong..
I don't know about you, but such a "feature" is in principle wilfully endangering users, especially if that "novelty" has not been made very clear in the manual like
"Warning: do not use near criminal activity. This phone's 911 service is only for safe emergancies. Only use near deaf criminals or at noisy places(*).
(*)Notice: nobody will hear you scream there either.
We do not accept any responsibility for stupid design decisions, but if this feature offends you, please return the phone to the shop to exchange it for our new model with attached compressed air canister."
Let's wait until the full investigation is over. Sure, logically there SHOULD have been rules, but AFAIK there were none formulated as yet.
I'm also quite curious what they're going to do about the problem. There is a possible mitigating solution, but I wonder if they manage to figure it out by themselves (and whatever they come up with it'll be hard work because of the sheer volume).
The problem is here that the specific channel in use (so-called "Government Post", i.e. 'internal' mail) *was* considered secure, despite the multiple levels of outsourcing involved.
As I said, the untold story is much uglier - you're talking about hollowing out the quality of various Government internal mechanisms which has now come home to roost in a particularly painful way.
Not that it matters. They've sacrifised some guy peripherally involved, and now they are about to use that OTHER reason why Governments like outsourcing: they can blame someone else.
Am I cynical? Maybe - but it's probably because I've been too close to it all.
Meanwhile, several million citizens face even more hassle in their life..
I don't think you have quite grasped what is/not/ being said here.
Review all the messages from GOVERNMENT and see if you can find any statement that 'procedures have been breached'. I don't think they will say this, because -as far as I can detect- they were NOT.
Yes, the stuff under the carpet reads "we actually didn't have any decent procedures in place for this sort of transmission" and that's why someone was so quick to fall on their sword. Normally you can't get someone from the Labour government to resign after being found guilty of child abuse (proverbially), so the quick resignation was a clear sign there was more going on than met the eye.
You know what the most ironic aspect of this all is? HMRC, NAO and Treasury have been since over a decade hooked up to a central network with an extra secure layer on top. They could have just sent it over the wire.
Slashdot Mirror
In addition, I suggest you have a good read of the Vista EULA, and also ask yourself how an update system that is set to NON-automatic still somehow manages to update. The OS is *made* for spyware.
I can accept activation traffic. Once. After that there is no reason why a system has to chat with anyone on the planet except form when *I* ask it. None whatsoever. Thankfully it's no longer my problem
AFAIK, Vista ALREADY snoops on the user, so as far as I can tell this "offer" is a bit like their mea culpa monopoly voucher, totally without value. Actually, given what's on offer they should GIVE you money to install Vista (install Vista, pleeeeeease. We desperately need the numbers).
:-).
The longer I look at Vista, the more those Apple ads appear to have been strangely accurate, and I don't even HAVE a Mac (although I think that will change next year).
Microsoft Vista, the best marketing campaign for 'anything but Microsoft' yet. It's a shame there isn't a Darwin award for companies
MS isn't selling software, that's a side effect. They sell hope. Hope that the next version will be safer (it isn't), will be more efficient (it isn't, especially if you take into account the relearning time - that cost is always "overlooked"), is innovative (only in selling, marketing and subversion techniques) and will allow you to be one up on your competitor (who can buy the same software).
A proper TCO calculation will demonstrate that very clearly, that's why they try to prevent comparisons.
IMHO, buying Microsoft is more and more looking like a serious business risk.
Just for the record, help has many stages. You start with emergency relief to stop people from simply starving to death, but you can't keep giving them just food - you have to help them become self sufficient (unless you are keen to maintain a dependency on foreign aid). OLPC is one of the tools to enale the required educational resources.
Personally, I find this a new low for Dvorak that he needs to troll worthy projects for hits. It's almost as if he's bought by Intel and MS.. Umm, wait a moment. Who advertises? Ah, yes..
You are not asked for the hardware, you are asked for the information.
That means that you are to provide a non-volatile copy. If you try to pull this stunt you're IMHO most likely ending up with a charge for destroying evidence, and you can ask "Oops I shredded Enron docs again" Anderson what happens next..
In the UK you can make their life a bit more difficult by storing part of your recovery (backdoor) crypto key abroad. It's not unreasonable to be slow at that point because you have to recover the key part first (plausible defence for delay), but don't expect to STOP anyone gaining access. The best you can hope for is delay.
MS only sees a 'laptop' and it thus needs 'an OS' (sorry, MICROSOFT's OS). They forget that OLPC is a whole concept where the hardware and software is only a carrier for the educational framework that Negroponte and his team have dreamt up.
It's not unusual that Microsoft doesn't see that (or wilfully ignores it, let's be precise here). Innovation isn't exactly their stong point, is it?
Thanks - I'm going to call it like that from now on :-)
Just had a similar discussion elsewhere:
http://supergenpass.com/
Thanks for that, already testing it :-)
Let's have a look.
:-).
From a code perspective you'd have something like
(0) init - maybe a start 'magic word' to make it individual?
(1) take website name
(2) strip "www" from it (so 'bare' use is identical)
(3) request password from user
(4) store user password for re-use (as normal if Firefox is set up that way)
(5) get hash (MD5 or better) of magic word + sitename + user provided password
(6) take first/last/middle 5..32 characters (not all sites allow more than 8 chars) - maybe derive this from web name as well so the length is stable per site but random between sites.
(7) submit the derived "hash"word (as opposed to "pass"word) to the site's "password" field.
There are a few gotchas there: step 6&7 are limiting in the character set used (0..9 and A..F) so we may need to examine which hashing algorithm is used, and taking a defined subset of the output could weaken the output variation.
However, compared to 'ordinary' passwords it would certainly be better.
Tell you what, I'll punt Bruce Schneier an email, see what he thinks (if he answers, of course).
All in all it strikes me quite a useful Firefox plugin, so now we need to find a plugin author
Maybe they're sitting near a mobile phone mast?
..
Oh, wait
I like that idea, and it's easy to do if the site provides the 'salt', i.e. the site sends you a string to which you ADD your password before you calculate the hash locally and return it.
That way, the hash is site specific and it wouldn't matter if you used the same password or not.
The problem is implementation. Maybe one for Firefox and Apache together?
It's seriously annoying, another side effect of trying to keep the idiots out. Maybe the thing should disable after you've been around for a while, how the hell are you going discuss things like EULAs otherwise?
another reason why my next OS will be Linux
Why not start now? You can cut your dependency on anything MS makes right now - I had to start this because the uncontrolled "phone home" features have the potential to unknowingly put me on the wrong side of the law re. client privacy. I'm presently using a mix of XP and Linux. Linux where possible, XP where unavoidable (I'd really love mobile phone companies to ^%$£ stop using Outlook as an essential component of data backup and sync).
Having said that, I use where possible Outlook Express for that (because I don't use it for email anyway) because I haven't used any MS Office in over two years.
It's unfortunately not yet possible to fully ditch MS (see the above for an example of what a lack of open standards does) but I'm working on it. There is NO server left running Windows, which is a nice start.
It may be time to examine how OpenOffice automation works too..
Final remark: "legal consequences" re. the piracy tool? You must be joking. I suggest you examine the EULA, where you agree to sign away all your rights and sacrifice your first born in exchange for nothing at all. I'm not even sure such a one-sided contract is legal, but it appears MS gets away with it.
You store it on CDs and then put it in the post. That way, potentially anyone can get it :-).
I think that lecture needs a little bit updating to incorporate recent events..
I think that XO's biggest winner is not the machine itself, but what's in it and what concepts it supports.
That is not to say that Negroponte and his team haven't seriously shaken up all vendors with what they did in hardware (when was the last time we saw innovation in doing more with LESS?), IMHO an award winning effort in itself, but look what else hides behind OLPC - the stuff that is ignored when people talk about "they don't need computers but x/y/x".
At the very root of OLPC (as well as the problems in those poor nations) lies EDUCATION, and that's quite a complex concept to define. For me, education is a combination of bringing knowledge and insight. Knowledge is what you get when you read a book about something, and is the easier part of education. It's eminently sensible to use electronics for this as the infrastructure is actually cheaper than inking a pile of trees for books.
However, insight (with experience) comes from doing, and this is where the OLPC project goals differs from all the other me-too offerings. It allows kids to experiment, to think, to reason, to tinker - to take a problem, analyse it, take it apart and solve it. About the most valuable skill of all: learning how to THINK. You know, the thing most Western governments are trying to get rid of because you'd become too critical?
Explain to me what innovation Intel will bring with its own laptop? I won't even mention Microsoft in that context. Will Intel and MS allow the kids (the generation that will inherit the problems) to take things apart? Ah, sorry, did I hear the words "Intellectual" Property (about the biggest misnomer known to man in this context)? And "proprietary"? Oh, hang on, someone in the back, that "L" word can you repeat that again? Yes, yes, that's right, "Licensing". Ah, another "L" here in the front: "Lock in". Well done.
If anyone is really serious about letting those nations develop, the OLPC project has the best scope to make that happen. However, I guess it's just too much to ask from commercial ventures to hang back a few years before milking them dry, especially not now the OLPC project has shown them for what they are.
Given that quite a large percentage of these animals are reared for eating, maybe we should just come up with a way to retain and spread the methane in their body. You'd end up with flash-roast steaks - just hold a match to them and blamm - ready.
:-).
You would have to breed rare, medium and well done varieties, of course, but I'm sure a bit of selective breeding would sort that out.
The only problem is that you'd have to ban smoking near the herd
What I like about the macro code in OO is that you learn ONE variant. Not 3 (VBA Excel, Word or Powerpoint), just ONE. And, of course, you end up with multi platform support, but it will be a while before people realise that from using OO it is but a short step to Linux - IMHO, Outlook is about the last claw MS has on business and end users because mobile phone suppliers still insist on using it as the sole targer for synchronisation.
The moment some Open Source heda comes up with a decent alternative for that it's curtains for MS. And no, Evolution is still too far off to serve as a decent replacement.
Oh boy, if you only knew how much of a botch job the whole National Insurance Numbers are. That whole scheme got royally screwed up a few years back, and they've been trying to fix it ever since.
Here's a hint: why do you think they were trying to ram the IDcard down everyone's throat? It's not just Big Brother (although it is a laudible effort if you're a Panoptikon fan), it's also to renumber the whole population.
But, let me go back to basics. I agree that the DPA '98 sets out some requirements, but you can already see from later reporting that the rules were not "broken" per se (which is, if recall correctly, the theme I started this debate with). Firstly, the NAO very properly asked for risk limitation (well done, guys), then some unusual attention to our tax money was encountered ("too expensive" - which is IMHO BS, by the way, this only required a data strip, but it's rare that someone takes that effort) and finally SENIOR PERMISSION WAS SOUGHT. And this is where you pop up out of the regular rule book - permission was given which brings you into the grey exception zone where this Government loves to reside because you can't prove much if things go wrong..
I don't know about you, but such a "feature" is in principle wilfully endangering users, especially if that "novelty" has not been made very clear in the manual like
"Warning: do not use near criminal activity. This phone's 911 service is only for safe emergancies. Only use near deaf criminals or at noisy places(*).
(*)Notice: nobody will hear you scream there either.
We do not accept any responsibility for stupid design decisions, but if this feature offends you, please return the phone to the shop to exchange it for our new model with attached compressed air canister."
It seems stupidity is the hardiest gene of all..
Let's wait until the full investigation is over. Sure, logically there SHOULD have been rules, but AFAIK there were none formulated as yet.
I'm also quite curious what they're going to do about the problem. There is a possible mitigating solution, but I wonder if they manage to figure it out by themselves (and whatever they come up with it'll be hard work because of the sheer volume).
The problem is here that the specific channel in use (so-called "Government Post", i.e. 'internal' mail) *was* considered secure, despite the multiple levels of outsourcing involved.
As I said, the untold story is much uglier - you're talking about hollowing out the quality of various Government internal mechanisms which has now come home to roost in a particularly painful way.
Not that it matters. They've sacrifised some guy peripherally involved, and now they are about to use that OTHER reason why Governments like outsourcing: they can blame someone else.
Am I cynical? Maybe - but it's probably because I've been too close to it all.
Meanwhile, several million citizens face even more hassle in their life..
I don't think you have quite grasped what is /not/ being said here.
Review all the messages from GOVERNMENT and see if you can find any statement that 'procedures have been breached'. I don't think they will say this, because -as far as I can detect- they were NOT.
Yes, the stuff under the carpet reads "we actually didn't have any decent procedures in place for this sort of transmission" and that's why someone was so quick to fall on their sword. Normally you can't get someone from the Labour government to resign after being found guilty of child abuse (proverbially), so the quick resignation was a clear sign there was more going on than met the eye.
You know what the most ironic aspect of this all is? HMRC, NAO and Treasury have been since over a decade hooked up to a central network with an extra secure layer on top. They could have just sent it over the wire.
"Stupid" doesn't even BEGIN to cover it.
I mean, I vaguely recall something like that..