Consider the word Government--to govern is to control, limit, wrap, moderate within a set of rules.
Whether policies are set correctly or incompetently, this is the core "philosophy" behind government: To control what would otherwise be destructive chaos.
Y2K falls under this rubric, and what the Government has been attempting to do is create a form of Structured Fear.
There are two possible failure scenarios for a known global-scale disaster sometime in the recent future:
A) Panic. In this scenario, protective and corrective measures fail to be executed, since the belief is that they'll be useless anyway. Large scale breakdown of social order commences before the actual disaster date, as the value of preserving peace for the future is drastically diminished with the elimination of a future to preserve peace for. (Perversely, groups that base their leadership on a mythical "to be delivered some time in the distant future" suddenly are forced to begin their plans, so that the months/years/centuries of planning were not all for naught. Also perversely, the predicted disaster no longer needs to occur--society will have corrupted itself on its own.)
B) Denial. Just as destructively, protective and corrective measures fail to be executed, since the belief is that they're unnecessary. Large scale breakdown of social order commences, with the additional penalty of only the survivalists being truly prepared. The "surprise" aspect would cause widespread chaos and arguably more accelerated social breakdown then even the panic scenario--panic takes time.
The core concept is to scare people enough to fix the problems, but no so much as to make them think it's impossible to fix. Even more dementedly, corporations need to be convinced that they're competitors are guaranteed to fix the problem, so if they don't, they'll lose market share.
Yours Truly,
Dan Kaminsky DoxPara Research http://www.doxpara.com
This presumes there are reasonable searches and seizures.
Nowhere in there does the U.S. Government have the mandate to universally require wiretap ability,
Well, if there are reasonable searches, there must be an ability to execute that search. Since it's impossible to predetermine which communications can be reasonably searched, all must be made searchable, and the courts must determine which ones may be searched.
At least, that's how the argument goes. Where's the flaw in it?
Yours Truly,
Dan Kaminsky DoxPara Research http://www.doxpara.com
A subpoena or search warrant is served to an individual. They come and knock on your door.
Or search through your files if you're a corporation. They take over your office and demand you deliver all emails archived over the course of the last year.
The government doesn't (ostensibly) wiretap Bill Gates.
After the fact, they got Gates' private email...
There is no check or balance when law enforcement can wiretap. Using technology, it becomes feasible to place a huge number of people remotely connected to someone they are investigating, scan for key words (even in voice, if not now, then soon). It's 1984. * And that's just government wiretapping. That doesn't even touch criminal wiretapping (and its technological cousins...)
So all wiretapping is bad because some wiretapping can be abused?
This is the kind of logic we hate in Internet discussions--"Some people seduce 16 year olds on IRC, so all of IRC is BAD!"
Yours Truly,
Dan Kaminsky DoxPara Research http://www.doxpara.com
I'm no DNS Expert(though I do admin my own personal domain) so there's a sense of rummaging through something much larger than I've grokked at this point.
Here's a useful chunk from the RFC:
"Negative caching" - the storage of knowledge that something does not exist. We can store the knowledge that a record has a particular value. We can also do the reverse, that is, to store the knowledge that a record does not exist. It is the storage of knowledge that something does not exist, cannot or does not give an answer that we call negative caching.
What's now mandatory--
[RFC1034] provided a description of how to cache negative responses. It however had a fundamental flaw in that it did not allow a name server to hand out those cached responses to other resolvers, thereby greatly reducing the effect of the caching. This document addresses issues raise in the light of experience and replaces [RFC1034 Section 4.3.4].
Negative caching was an optional part of the DNS specification and deals with the caching of the non-existence of an RRset [RFC2181] or domain name.
Negative caching is useful as it reduces the response time for negative answers. It also reduces the number of messages that have to be sent between resolvers and name servers hence overall network traffic. A large proportion of DNS traffic on the Internet could be eliminated if all resolvers implemented negative caching. With this in mind negative caching should no longer be seen as an optional part of a DNS resolver.
HTH.
Yours Truly,
Dan Kaminsky DoxPara Research http://www.doxpara.com
This isn't going to be very popular, but I'd really appreciate some responses from people who've dedicated much more energy to the analysis of these type of questions.
Now, I say this as a hardcore privacy advocate. I'm not the enemy. I'm a theorist, who wants to know:
Is wiretapping evil?
By that, I mean do people have an intrinsic right to privacy that doesn't end when they begin violating the rights of others?
After all, few of us would complain about the subpeonas that have been delivered unto Tobacco Companies, Microsoft, and hopefully RealNetworks. Subpeonas are after the fact violations of privacy--society is demanding some chunk of personal information from the subpeona'd party. Steganography is designed to defeat such information gathering techniques...but the existence of the technology doesn't mean subpeonas must be evil.
Nor too does the existence of wiretapping prevention technology automatically make wiretaps illegal.
From what I've been able to discern from the literature, there's a slant towards arguing that wiretapping should be difficult--essentially, so it's only used for cases where national security is at risk. Can a system be designed where it is intrinsically difficult, but not impossible for society to spy on certain individuals' communications?
Again, I'm the guy at work who is the point man on SSH, on custom designed secured VPN proxy links(believe me, that actually makes sense), and all these types of technology. But I'm also the guy that, when his friend was attacked by somebody who called her on the phone a half hour before, ran to campus Information Technology demanding the phone logs(and was oh-so-irate when they wouldn't let me write the simple Perl scripts necessary to extract them from the logging port on the switch. And people wonder why IT hates me.;-)
Screaming about how child molestors are being used to justify widespread Big Brother monitoring is all too appropriate...but begs the question, what about the child molestors? Is it possible to shield everyone but expose those who society does need exposed?
At least a government intrinsically possesses citizen oversight. Corporations and "Mafia" style operations have no such limitations, and flourish quite well under power vacuums. A government that cannot keep tabs on such organizations is arguably irrelevant to them--just look at Russia lately.
Sooner or later, I'm going to be taken to task over the secure technologies I'm personally involved with designing and deploying, and I want to be able to reply with something I believe in. I want to be able to defend my position, and I need your help to do so.
So, is wiretapping evil?
Yours Truly,
Dan Kaminsky DoxPara Research http://www.doxpara.com
I think you are making some sort of confusion. If your statement about CSS preventing interoperability, then CSS is illegal. CSS can be interpreted as a mean to spread a monopoly in a given market segment
Hurm. Yes, that's very interesting.
Suppose for a moment that car manufacturers designed a new standard for gasoline pumps that required a special set of grooves to line up in order for the gas to cleanly flow.
Sure, they could dress it up as environmentalism, or as an attempt to prevent gasoline not deemed quality enough for the engine to burn, but the bottom line is that it would be an attempt to control who could sell gas, who could receive gas, and how much everything would cost for all parties involved.
Money is not necessarily power, but power invariably forms wealth.
Now, suppose I analyze the groove design on the pumps and create an adapter for any old pump to fit my car. Am I now violating the industry's right to prevent me from purchasing gasoline they don't want me to? From where could Detroit gather this power?
Standard Oil would have killed for something like this.
Yours Truly,
Dan Kaminsky DoxPara Research http://www.doxpara.com
CSS does nothing to prevent the outright copy of a disc. The keys survive copying procedures just fine.
CSS does, however, prevent interoperability with non-approved hardware.
Since reverse engineering for purposes of interoperability is a common and legal practice, and since interoperability could not be achieved outside of a procedure that rendered the colluding cartel's enforcement mechanisms ineffective, the breaking of the CSS encryption scheme is not necessarily a violation of copy protection law.
Yours Truly,
Dan Kaminsky DoxPara Research http://www.doxpara.com
Disclosure: I work for Cisco, but believe me, I'm just the tiniest of schmucks in the corporate ladder over there. Translation: This is me talking, not them;-)
Lucent continually impresses me with their labs... breeding new technologies from within. Cisco, on the other hand, devotes very little to research.
I wouldn't say this is flat out wrong, merely somewhat short-sighted. From what I've learned, Cisco's employee turnover rate is famously low--there probably is no other company in the high tech field that can claim such a successful acquisition department; indeed there was an article in Fortune about how skilled Cisco is in successfully absorbing new companies.
This is rather critical, if you think about it. Low turnover means those individuals who have proven themselves productive in generating new technologies in a small company on the open market remain working with and for the company--thus, when Cisco purchases a highly skilled research organization, they actually get what makes the organization what it is--the people.
You can't claim Cisco doesn't do any research when they've fully absorbed so many research heavy teams.
That being said, there's a "baselining effect" that's at play here. Cisco spends immense amounts of money creating advances on R&D, and Lucent is not completely averse to buying companies(they recently purchased a major network services company, if I remember correctly). But you hear about Cisco buying companies, and you hear about Lucent inventing technologies, so that becomes the "baseline expectation" even though both organizations invest significantly in the other paradigm.
Of course, it's probably fair to say Cisco does much more internal research than Lucent does external purchases. Lucent comes from Bell Labs, so you're looking at a corporate culture endowed with a pretty significant legacy of advancement--there's a very strong bias against "release early, release often"; rather they prefer to develop ad infinitum. Whether this is good or bad, I can't say:-)
Yours Truly,
Dan Kaminsky
Linux's Ascendance Carefully Orchestrated...by MS
on
The Post-Microsoft Era
·
· Score: 3
I'll be quick: I have no doubts that Linux has been "allowed" to succeed as well as it has precisely because Microsoft wishes to spawn a competitor simultaneously as weak as possible yet strong enough to demonopolize the market.
This is the same reason why MS gave so much money to Apple, and everybody knows it in the Apple world.
Technological superiority is often not sufficient to drive technological progress. Yet Linux has gone far on its technical strengths. One wonders how much press Linux would have earned had Microsoft been willing or able to exert its full anti-competitive potential against it. The trial was dragged out long enough such that Microsoft believed it could create a nominally, minimally competitive market; the concept of making an "intrinsically unprofitable"(by their thinking) operating system their prime competitor was--is--their plan.
After all, they reason, Linux supporters can't simultaneously claim MS is both a monopoly with no credible competitors and a company under seige by the mighty penguin.
Judge Jackson couldn't make this claim, which is where the Open Source "dis" derived from. I will claim both, on the grounds that the only reason Linux has been able to place Microsoft under seige is the fact that federal anti-trust pressures have prevented MS from using their covert and illegal tactics against Linux. Linux alone, without the Federal Government laying down a competitive framework for Microsoft to operate within, could never be a credible competitor to Microsoft. Nothing and nobody could ever be.
Yours Truly,
Dan Kaminsky DoxPara Research http://www.doxpara.com
The RealNetworks incident is bringing up the need for legislation. Such legislation arguably already exists(I'm sure RN's behavior can qualify as a form of Wire Fraud), but it's not really necessary.
The industry can police itself, if it's willing to do so. It merely needs what the government has traditionally provided: Cost.
In economic terms, TrustE could have been predicted to be irrelevant. Consider: Online organizations are almost always desperate for new lines of revenue, due to their ridiculously overstated stock valuations. (In the criminology world, that's called motive.) They're also tied to the hip to advertisers, who are often their primary source of income. (In walks Opportunity.) Aggregation of mass quantities of identifiable information, continually up to date and temporarily difficult to obtain elsewhere, proposes an attractive source of money for companies like RealNetworks.
However, the lack of a direct money trail doesn't immediately, necessarily, or even probably exonerate RealNetworks. It is more than likely that more than a few large media companies agreed to work with RealNetworks in return for "under the table" statistics on the spread(and contraction) of MP3s per Server per State/College/User. Situations like this are perfect for creating plausable deniability, and considering the strength of the Microsoft threat against RealNetworks(nothing short of total annihilation!), it wouldn't be surprising at all if RealNetworks felt blackmailed into violating their customers in such an obscene manner.
But then, Blackmail usually implies risk v. risk calculations--in other words, RealNetworks had to feel that they'd experience some tremendous loss by favoring their corporate partners above the trust of their customers. Thus the genius of sponsoring TrustE. TrustE was practically made-to-order for corporations--whatever the privacy policy happened to say was OK by them, and since they were dependant on the very companies they were supposed to attack for their very existence, the organization was forced to bend over backwards to avoid conflict with their sponsors.
As I argued in this post, privacy policies can be twisted to say anything, and not obviously at that. Truly an ideal situation for companies like RealNetworks.
Add in the fact that the same companies who would demand privacy violations are those same companies who could get glowing stories of new privacy protections being quickly implemented, which of course had a nice +25% impact on stock price(ooh, even more ridiculous stock valuation!) when it finally happened, took what should have been a blackmail situation and converted it into a beautiful example of a Win/Win, with the public absorbing the cost.
But why? In the covert war against MP3, intelligence and co-option is everything. RealNetworks placing itself as the source for (much lower quality 96kbps) MP3s gives them the ability to control who encodes what, using which standard, and reporting back the ever valuable percentage of the population complying.
After all, knowing when to lower the boom on non-compliant MP3s, mainly by releasing players that suddenly refuse to play the finally-rare noncompliant MP3, is completely tied to knowing how many people are in violation.
So the strategy is exposed. The question is, what could have been done in advance to prevent such a situation? Legislation isn't necessarily the answer; laws aren't really that much more than a societally enforced contract with the government. Weak laws(which we already have in abundance) wouldn't have prevented this plan from going into effect.
The simple answer is that TrustE needs to make money for busting violators. Possibly that means a bounty system, paid by a FTC fund. However it works, right now TrustE makes money by pleasing its sponsors.
That not only has to change--it's going to.
Yours Truly,
Dan Kaminsky DoxPara Research http://www.doxpara.com
Remember all the talk about how, if Linux loses the battle over browser compatibility, it loses the war for the desktop?
This, my friends, is a large reason why.
Only two things have prevented ASPs from becoming an integral part of the standard computing experience:
A) Lack of widespread high speed networking. B) Immature tools for representing quality interfaces over HTML/Java/etc.
The judicious use of the extensions offered in Internet Explorer 5 arguably makes somewhat irrelevant the former(there's still the problem in that it's not particularly efficient or stable to have application functionality dependant upon a network connection; but then again it's arguable a server is much more likely to Autorecover much more reliably than a desktop OS) and almost totally obviates the latter.
The only thing preventing more applications from being designed in this manner is the fact that IE5 is nowhere near ubiquitous. Don't laugh--critical applications are already being designed according to Microsoft's master plan: Dialpad.Com, the surprisingly effective free Voice-Over-IP-To-Any-Landline-Telephone, is written in Java with some kind of Windows specific extensions.
Why? Two reasons: One, Sun has utterly bungled Java beyond belief when it comes to deploying new libraries, and two, Dialpad figures (witheringly reasonably) that the majority of their users can successfully *use* Windows specific extensions.
Of course, the fact that Dialpad apparently works successfully on Netscape for Windows hints at broken not-quite-cross-platform code somewhere in the pipeline. (Probably some native methods being used.) Either that, or the system's intentionally limited. I doubt that though--Dialpad actually added detailed Linux Masq instructions to their site. (Joy!)
Dialpad, incidentally, is a fascinating case study in how an ASP can operate. They are actually entirely standards-compliant, using H.323 to move their voicestreams around. However, they implemented a system they call Split-323(patent patending, which is slightly silly since the core concept is found all over the place) where most of the heavy H.323 lifting is done on the server side, with only the voice codec'ing remaining for the client to execute. Quite nifty, and is likely the general paradigm we're likely to see for systems that traditionally required binary application deployment--a small application, usually net-deployed, that executes whatever specifically requires a presence on the individual host(in this case, digital audio in, out, and compression) with the rest being left on some server out on the global Internet.
I said this is what we're likely to see. I didn't say it's the greatest idea known to man.
On the one hand, ASP style deployments work beautifully for applications that are inherently communication oriented. Dialpad is about connecting to other phone lines. MindTerm, the mind-bogglingly(sorry) cool Java deployed and amazingly full featured and GPL'd SSH client, brings high end communicative security in package that requires no installation beyond accessing a web page.
But do we really want non-communication based applications to require a network connection?
Pundits like to go on and on about how broadband is going to be all over the place in a few years. Bruce Schnier, author of Applied Cryptography and creator of the excellent Blowfish encryption algorithm, observed that while high end processing power will increase on and on ad infinitum, the low end never goes away--it just gets smaller, deployed for never-before imagined applications, etc. Smoothly scaling performance from the high end to the extremely low end is, therefore, a value. I posit that bandwidth is much the same way--maximum speeds will get higher and higher(indeed, in the course of the last 5 years I've gone from a 2400bit link to a 1,500,000bit link!), but there's always going to be something puttering along damn slowly and not entirely reliably. Look at the proliferation of wireless technologies proudly proclaiming speeds that are laughable in wired realm but are actually pretty cool once made wireless.
It's the wireless side, specifically laptops, that suffer the most from the ASP paradigm--wireless bandwidth is far more scarce, and many applications already deployed on them are intrinsically non-communication oriented. To force laptops to initiate connections whenever basic applications are to be used removes much of the freedom intrinsic in a battery powered, portable computing environment.
On the flip side, I'll be the first to admit that laptops have been made much less free by the degree to which communicative uses have taken over the actual applications people run. The concept that a laptop would become almost entirely useless, though, without Net.Mommy somehow being able to tunnel a link to it is rather bothersome nonetheless.
Security is a far more pressing concern. People fail to grasp the vast amount of security embedded in the simple fact that their files are located on their hard drives, in their homes, on a machine that is running no remote access services and is not permanently connected to the Internet. This security is eroded constantly by a disturbingly large number of intentional(in the RealNetworks fiasco) and unintentional(insert browser vulnerability here) ways, but literally moving the location of an application from onsite to a remote location introduces an incredible number of possible points of attack, from data corruption to privacy violation / industrial espionage.
A perfect example: GPS-Assisted Destination Routing. Take something like Mapquest.Com vs. a traditional CD-ROM based Street Atlas USA.
Mapquest requires no CD-ROM sale, would never have out of data information on the marketplace, could probably add a Dialpad-style applet to receive location data from a GPS receiver, and would probably require some form of wireless connectivity a la (the soon to be ridiculously oversubscribed) Ricochet service.
In comparison, Street Atlas USA does require a CD-ROM sale, would eventually suffer from stale data, would have GPS easily integratable with the core application, and would require no (expensive) wireless networking to function.
How easy it is to ignore that Mapquest would be receiving up-to-the-minute accurate positional and destination data for whoever's using their service. Combine the ridiculously pitiful privacy standards that Corporate America operates under with constant pressure from VC's to find sources of funding and the ease at which Net vendors can pass off security and privacy lapses as "accidental occurances which have already been fixed" and suddenly the ASP picture becomes much more dangerous for the end user.
The bottom line is, when it comes to security, trust, no matter how great, is no competition to a brick wall: Security Through Impossibility is simultaneously the simplest and most effective means by which sensitive data can be protected from malicious agents. ASP's demand much trust to be usable, and while benefits from ease of deployment and harms from reduced functionality and accessiblity are significant concerns for any business considering employing an ASP, one has to wonder at what times it is justified to remove the brick wall inherent in on-site deployed solutions.
Yours Truly,
Dan Kaminsky DoxPara Research http://www.doxpara.com
Yes. There are several excellent free DBMS's out there, from PostgreSQL(impressively featured but not amazingly fast) to MySQL(greased lightning but not psychotically featured like PostgreSQL) to the much simpler GDBM.
If you need something like Oracle or Sybase, free single-user versions of the software are available for evaluation purposes.
Go on Freshmeat and look around, and feel free to contact me if you need any further assistance.
Yours Truly,
Dan Kaminsky DoxPara Research http://www.doxpara.com
My god, you are demented. Are you actually trying to equate the process of standardization of a new technology that is fraught with tons of issues to how you you treat your "clients"? Who the hell do you think you are?
Gee, someone who usually tries to improve a situation instead of just implementing mindless upgrades just for the purpose of New Whiz Bang Technology(TM).
I'm rather shocked that that isn't the same policy of an entire industry, which has been singing the praises of Digital Television for around half my life now. How interesting that it's only now, when suddenly a new technological solution arrives from Europe, that any news is released that says the American DTV standard is almost completely and utterly useless, and that it'd essentially remove reception from large swaths of the population.
If this observation offended you in some way, AC, I apologize. Feel free to continue this discussion; however I think I'd prefer an actual argument, based on the facts, rather than some pseudo-effective ad hominem flamage.
If you've got a point to make, make it. If you don't, we've all got better things to do.
Yours Truly,
Dan Kaminsky DoxPara Research http://www.doxpara.com
Whenever I start fixing a misbehaving system, I always abide by one rule:
Don't Make It Worse.
If I give up on fixing the thing for one reason or another, that's fine. I only have so much time in the day. But I'm not going to leave until I get it back, at least, to where it was before I arrived.
It's an issue of trust, and one of reputation: I can't afford to be known as somebody who you much rather have never walked in the door in the first place.
The revelation now that the present DTV standard doesn't even meet the reliability levels of NTSC is jawdropping. You mean to tell me I'm more respectful of my clients than an entire industry?!
The existence of a superior DTV standard from Europe is not particularly relevant to this foulup--NTSC was around ten years ago, and so were the early development versions of the American DTV standard. How, exactly, could it not be noticed that there were large, vast swathes of viewer who would recieve minimal reception even when NTSC offered perfect picture?
How, praytell, did this avoid any and every discussion of the technology?
My guess is that many an R&D budget went into developing the American standard, and should that standard have been left unadoped, upper management would have had to write it all off as a loss--such a significant accounting would be detrimental to the future of Digital TV, and the jobs of all the researchers.
So the reliability issues were supressed, with the improved quality being the siren call that would get widespread industry support. "Color made people watch more TV. More color and more channels means more ad minutes, means more money!", so were told the networks. "Imagine every American being forced to buy a new TV!", and the consumer electronics industry signed on.
And the consumer? "More channels...more quality...all free! You just need new equipment, or you lose all TV." Note, the lack of any less...any downsides...and apparently some degree of truth.
We're really lucky that the European standard actually does do what the American standard was supposed to.
If it wasn't for it, we'd not have known until it was far too late.
Don't think it's purely selfless devotion to the consumer that's leading that standard replacement alliance...suddenly, a large number of television stations just realized that it's very likely that only the biggest stations with the most skilled engineers and highest quality equipment would actually be able to get their signals broadcast successfully.
Anyone else depending on purely off the shelf hardware would be screwed...maybe, just maybe that was the idea?
Yours Truly,
Dan Kaminsky DoxPara Research http://www.doxpara.com
Massive electrical charge has a well known history of clearing the mind.
Just ask Hemingway, who suffered through quite a bit of electroshock assisted mind-clearing(he lost almost all of his memory...supposedly one of the reasons he shot himself.)
Yours Truly,
Dan Kaminsky DoxPara Research http://www.doxpara.com
"Consider that, for most of these displays of extreme electrical discharge, there's a guy sitting *inside* the main electrode." Okay, how many people really trust Faraday that much ?:-)
TrustFaraday++;
Yours Truly,
Dan Kaminsky DoxPara Research http://www.doxpara.com
I can't believe I forgot to link in this psychotic little page on their site. These guys have actually hacked together a Taser Gatling gun using their prodigious electrical skills.
Whoa.
For people like me, who grew up in Northern California and walked outside a few months back in slack jawed amazement for his first exposure to a lightning storm, mass electrical generators of any kind are damn cool, simply because we don't get much of that around here.
The equivalent, of course, is when you take someone from the east coast, or the midwest, and toss a 5.0 quake at them. No big deal to Californians...Armageddon to everyone else;-)
Actually, there are some very, very cool tricks that can be done with static generators. When I was very young, we picked up a "negative ion generator"--essentially a device that used some technology to create a standing static charge. Connect the leads to a big metal bowl, fill the bowl with flour or salt, and as you move your positively charged hand into the bowl, negatively charged particles literally fly onto your hand, (I assume) electrostatically coating it. Fun for the entire family.
Nothing, of course, like being in that metal cage. My god! That thing was built in my hometown! How could I have never seen it:-)
Yours Truly,
Dan Kaminsky DoxPara Research http://www.doxpara.com
Re:Why Linux Supporters Should Be Excited About X-
on
More on the MS "X-Box"
·
· Score: 2
John Carmack hates Direct3D. While his original rant seems to have disappeared from ID's page there is a news article here. John's arguments basicly centered around that A) Direct3D requires you to write more lines of code and B) The lines of code are significantly harder to read.
The article is from 1997. Things change.
Give MS some credit. Carmack ripped DirectX a new orifice back in the days of DirectX1. By DirectX3, they ditched their horrific Talisman-defined Execute Buffer architecture(which even Carmack had problems figuring out) for a rather standard interface game designers could just throw tri's at.
Yes, that specific.plan remains one of my favorite flamages of all time.
It should also be noted that MS is trying to "fix" this by either funding or actually working on getting OpenGL to work on top of Direct3D with some sort of abstraction layer. I haven't been tracking this, so I could be wrong (or the effort may have been abandoned).
Ah yes, Fareinheit(I'm too lazy to spell this right at the moment). Standard MS Vapor, best I can tell. Too bad, it'd be *very* nice to have standard things like Interface Enumeration for OpenGL games.
Yours Truly,
Dan Kaminsky DoxPara Research http://www.doxpara.com
Jail is totally inappropriate in this case. Jail is a bullying manuver. We need to cry out about this. Suspension with required counciling is the appropriate action.
So you're telling me that suspension with required counciling is NOT bullying? We'd be hearing the same stuff from Katz if that happened, and you know it.
Besides, lemme get this straight. They think this kid might kill, so...they're going to tell him he's not welcome as part of the school community right now, and that they think he's crazy?
Sorry, everyone still gets fired for letting the kid shoot up the school.
Yours Truly,
Dan Kaminsky DoxPara Research http://www.doxpara.com
I think that it is fair to make companies liable ex post facto (after the fact). Even if no malice is present, their product did cause damage through normal operation. It's the same argument where tobacco companies would be liable for cancer deaths (which they are) and Ford would be liable for exploding Pintos (which it was).
I don't know about this. The idea is that Tobacco Companies knew and intentionally withheld evidence of the deadliness of tobacco, and Ford either knew or was negligent in not knowing that their cars went boom.
The general scientific consensus for years has been that EM in any strength is completely harmless. The concept that it might not be is rather alien.
Imagine if Slashdot's color/font choices caused breakdown in mental stability in some portion of the population. Should CmdrTaco be liable?
Yours Truly,
Dan Kaminsky DoxPara Research http://www.doxpara.com
Obvious threat? You gotta be kidding. What this kid wrote is not a threat. It's a story. Story, fiction, ring a bell? It's not true. Some people are just too paranoid for their own good.
Real names. If the kid wrote a short story about how he saved the life of some girl in the class and they kissed and were really happy together, it wouldn't take too much thought to consider that the kid might like that girl.
Sadly, it takes very little thought to consider a story where real people get shot to be a threat. Even if, after more thought it's obviously just a story, the fear of others' 20/20 hindsight can take over.
Somebody should have just talked to the kid is said alot...exactly how should the kid have been talked to? We obviously don't want the kid to have been made to feel like he was an outcast, or violated some thought code--you can shove that on a kid in juve or in a counselors office.
What would have been a reasonable act to have been done that would be a fair defense for the administrator if the kid all of the sudden turned around a few months later, changed his mind, and did shoot up his school?
Yours Truly,
Dan Kaminsky DoxPara Research http://www.doxpara.com
That being said, one has to wonder about the structure and function of this type of memory, if ostensibly harmless frequency exposure can cause this kind of damage.
Is it fair to make companies liable ex post facto, incidentally? If I have no knowledge that my behavior could cause serious problems, and I make a good faith effort to both discover problems and handle the problem as best I can be expected, should I be liable?
How did they deliver the Microwave radiation? Any chance there were distracting harmonics only audible to the rats that might have polluted the study?
Yeah, this is pretty worrisome.
Yours Truly,
Dan Kaminsky DoxPara Research http://www.doxpara.com
Slashdot Mirror
Consider the word Government--to govern is to control, limit, wrap, moderate within a set of rules.
Whether policies are set correctly or incompetently, this is the core "philosophy" behind government: To control what would otherwise be destructive chaos.
Y2K falls under this rubric, and what the Government has been attempting to do is create a form of Structured Fear.
There are two possible failure scenarios for a known global-scale disaster sometime in the recent future:
A) Panic. In this scenario, protective and corrective measures fail to be executed, since the belief is that they'll be useless anyway. Large scale breakdown of social order commences before the actual disaster date, as the value of preserving peace for the future is drastically diminished with the elimination of a future to preserve peace for. (Perversely, groups that base their leadership on a mythical "to be delivered some time in the distant future" suddenly are forced to begin their plans, so that the months/years/centuries of planning were not all for naught. Also perversely, the predicted disaster no longer needs to occur--society will have corrupted itself on its own.)
B) Denial. Just as destructively, protective and corrective measures fail to be executed, since the belief is that they're unnecessary. Large scale breakdown of social order commences, with the additional penalty of only the survivalists being truly prepared. The "surprise" aspect would cause widespread chaos and arguably more accelerated social breakdown then even the panic scenario--panic takes time.
The core concept is to scare people enough to fix the problems, but no so much as to make them think it's impossible to fix. Even more dementedly, corporations need to be convinced that they're competitors are guaranteed to fix the problem, so if they don't, they'll lose market share.
Yours Truly,
Dan Kaminsky
DoxPara Research
http://www.doxpara.com
against unreasonable searches and seizures
This presumes there are reasonable searches and seizures.
Nowhere in there does the U.S. Government have the mandate to universally require wiretap ability,
Well, if there are reasonable searches, there must be an ability to execute that search. Since it's impossible to predetermine which communications can be reasonably searched, all must be made searchable, and the courts must determine which ones may be searched.
At least, that's how the argument goes. Where's the flaw in it?
Yours Truly,
Dan Kaminsky
DoxPara Research
http://www.doxpara.com
A subpoena or search warrant is served to an individual. They come and knock on your door.
Or search through your files if you're a corporation. They take over your office and demand you deliver all emails archived over the course of the last year.
The government doesn't (ostensibly) wiretap Bill Gates.
After the fact, they got Gates' private email...
There is no check or balance when law enforcement can wiretap. Using technology, it becomes feasible to place a huge number of people remotely connected to someone they are investigating, scan for key words (even in voice, if not now, then soon). It's 1984. * And that's just government wiretapping. That doesn't even touch criminal wiretapping (and its technological cousins...)
So all wiretapping is bad because some wiretapping can be abused?
This is the kind of logic we hate in Internet discussions--"Some people seduce 16 year olds on IRC, so all of IRC is BAD!"
Yours Truly,
Dan Kaminsky
DoxPara Research
http://www.doxpara.com
I'm no DNS Expert(though I do admin my own personal domain) so there's a sense of rummaging through something much larger than I've grokked at this point.
Here's a useful chunk from the RFC:
"Negative caching" - the storage of knowledge that something does not
exist. We can store the knowledge that a record has a particular
value. We can also do the reverse, that is, to store the knowledge
that a record does not exist. It is the storage of knowledge that
something does not exist, cannot or does not give an answer that we
call negative caching.
What's now mandatory--
[RFC1034] provided a description of how to cache negative responses.
It however had a fundamental flaw in that it did not allow a name
server to hand out those cached responses to other resolvers, thereby
greatly reducing the effect of the caching. This document addresses
issues raise in the light of experience and replaces [RFC1034 Section
4.3.4].
Negative caching was an optional part of the DNS specification and
deals with the caching of the non-existence of an RRset [RFC2181] or
domain name.
Negative caching is useful as it reduces the response time for
negative answers. It also reduces the number of messages that have
to be sent between resolvers and name servers hence overall network
traffic. A large proportion of DNS traffic on the Internet could be
eliminated if all resolvers implemented negative caching. With this
in mind negative caching should no longer be seen as an optional part
of a DNS resolver.
HTH.
Yours Truly,
Dan Kaminsky
DoxPara Research
http://www.doxpara.com
This isn't going to be very popular, but I'd really appreciate some responses from people who've dedicated much more energy to the analysis of these type of questions.
;-)
Now, I say this as a hardcore privacy advocate. I'm not the enemy. I'm a theorist, who wants to know:
Is wiretapping evil?
By that, I mean do people have an intrinsic right to privacy that doesn't end when they begin violating the rights of others?
After all, few of us would complain about the subpeonas that have been delivered unto Tobacco Companies, Microsoft, and hopefully RealNetworks. Subpeonas are after the fact violations of privacy--society is demanding some chunk of personal information from the subpeona'd party. Steganography is designed to defeat such information gathering techniques...but the existence of the technology doesn't mean subpeonas must be evil.
Nor too does the existence of wiretapping prevention technology automatically make wiretaps illegal.
From what I've been able to discern from the literature, there's a slant towards arguing that wiretapping should be difficult--essentially, so it's only used for cases where national security is at risk. Can a system be designed where it is intrinsically difficult, but not impossible for society to spy on certain individuals' communications?
Again, I'm the guy at work who is the point man on SSH, on custom designed secured VPN proxy links(believe me, that actually makes sense), and all these types of technology. But I'm also the guy that, when his friend was attacked by somebody who called her on the phone a half hour before, ran to campus Information Technology demanding the phone logs(and was oh-so-irate when they wouldn't let me write the simple Perl scripts necessary to extract them from the logging port on the switch. And people wonder why IT hates me.
Screaming about how child molestors are being used to justify widespread Big Brother monitoring is all too appropriate...but begs the question, what about the child molestors? Is it possible to shield everyone but expose those who society does need exposed?
At least a government intrinsically possesses citizen oversight. Corporations and "Mafia" style operations have no such limitations, and flourish quite well under power vacuums. A government that cannot keep tabs on such organizations is arguably irrelevant to them--just look at Russia lately.
Sooner or later, I'm going to be taken to task over the secure technologies I'm personally involved with designing and deploying, and I want to be able to reply with something I believe in. I want to be able to defend my position, and I need your help to do so.
So, is wiretapping evil?
Yours Truly,
Dan Kaminsky
DoxPara Research
http://www.doxpara.com
Look bub, having Cisco certification doesn't mean you work for Cisco.
No, sitting at my desk in Building C, 2nd Floor, in San Jose means I work for Cisco.
You're probably some stupid contractor.
No red badge on me. Anyway, I'd be happy to be a contractor; many of the smartest people in the industry contract.
I've read some of your posts and to be quite honest, you're very stupid.
Why thank you. If I've offended the likes of you, I'm doing something right.
If you are indicative of the quality of people at Cisco, I'm calling my financial advisor and instructing him to dump my Cisco stock.
I think that speaks more of your intelligence than of mine.
Yours Truly,
Someone who sees right through you
Ciao, Jizmak.
I think you are making some sort of confusion. If your statement about CSS preventing interoperability, then CSS is illegal. CSS can be interpreted as a mean to spread a monopoly in a given market segment
Hurm. Yes, that's very interesting.
Suppose for a moment that car manufacturers designed a new standard for gasoline pumps that required a special set of grooves to line up in order for the gas to cleanly flow.
Sure, they could dress it up as environmentalism, or as an attempt to prevent gasoline not deemed quality enough for the engine to burn, but the bottom line is that it would be an attempt to control who could sell gas, who could receive gas, and how much everything would cost for all parties involved.
Money is not necessarily power, but power invariably forms wealth.
Now, suppose I analyze the groove design on the pumps and create an adapter for any old pump to fit my car. Am I now violating the industry's right to prevent me from purchasing gasoline they don't want me to? From where could Detroit gather this power?
Standard Oil would have killed for something like this.
Yours Truly,
Dan Kaminsky
DoxPara Research
http://www.doxpara.com
Bear with me a second:
CSS does nothing to prevent the outright copy of a disc. The keys survive copying procedures just fine.
CSS does, however, prevent interoperability with non-approved hardware.
Since reverse engineering for purposes of interoperability is a common and legal practice, and since interoperability could not be achieved outside of a procedure that rendered the colluding cartel's enforcement mechanisms ineffective, the breaking of the CSS encryption scheme is not necessarily a violation of copy protection law.
Yours Truly,
Dan Kaminsky
DoxPara Research
http://www.doxpara.com
Disclosure: I work for Cisco, but believe me, I'm just the tiniest of schmucks in the corporate ladder over there. Translation: This is me talking, not them ;-)
:-)
Lucent continually impresses me with their labs... breeding new technologies from within. Cisco, on the other hand, devotes very little to research.
I wouldn't say this is flat out wrong, merely somewhat short-sighted. From what I've learned, Cisco's employee turnover rate is famously low--there probably is no other company in the high tech field that can claim such a successful acquisition department; indeed there was an article in Fortune about how skilled Cisco is in successfully absorbing new companies.
This is rather critical, if you think about it. Low turnover means those individuals who have proven themselves productive in generating new technologies in a small company on the open market remain working with and for the company--thus, when Cisco purchases a highly skilled research organization, they actually get what makes the organization what it is--the people.
You can't claim Cisco doesn't do any research when they've fully absorbed so many research heavy teams.
That being said, there's a "baselining effect" that's at play here. Cisco spends immense amounts of money creating advances on R&D, and Lucent is not completely averse to buying companies(they recently purchased a major network services company, if I remember correctly). But you hear about Cisco buying companies, and you hear about Lucent inventing technologies, so that becomes the "baseline expectation" even though both organizations invest significantly in the other paradigm.
Of course, it's probably fair to say Cisco does much more internal research than Lucent does external purchases. Lucent comes from Bell Labs, so you're looking at a corporate culture endowed with a pretty significant legacy of advancement--there's a very strong bias against "release early, release often"; rather they prefer to develop ad infinitum. Whether this is good or bad, I can't say
Yours Truly,
Dan Kaminsky
I'll be quick: I have no doubts that Linux has been "allowed" to succeed as well as it has precisely because Microsoft wishes to spawn a competitor simultaneously as weak as possible yet strong enough to demonopolize the market.
This is the same reason why MS gave so much money to Apple, and everybody knows it in the Apple world.
Technological superiority is often not sufficient to drive technological progress. Yet Linux has gone far on its technical strengths. One wonders how much press Linux would have earned had Microsoft been willing or able to exert its full anti-competitive potential against it. The trial was dragged out long enough such that Microsoft believed it could create a nominally, minimally competitive market; the concept of making an "intrinsically unprofitable"(by their thinking) operating system their prime competitor was--is--their plan.
After all, they reason, Linux supporters can't simultaneously claim MS is both a monopoly with no credible competitors and a company under seige by the mighty penguin.
Judge Jackson couldn't make this claim, which is where the Open Source "dis" derived from. I will claim both, on the grounds that the only reason Linux has been able to place Microsoft under seige is the fact that federal anti-trust pressures have prevented MS from using their covert and illegal tactics against Linux. Linux alone, without the Federal Government laying down a competitive framework for Microsoft to operate within, could never be a credible competitor to Microsoft. Nothing and nobody could ever be.
Yours Truly,
Dan Kaminsky
DoxPara Research
http://www.doxpara.com
The RealNetworks incident is bringing up the need for legislation. Such legislation arguably already exists(I'm sure RN's behavior can qualify as a form of Wire Fraud), but it's not really necessary.
The industry can police itself, if it's willing to do so. It merely needs what the government has traditionally provided: Cost.
In economic terms, TrustE could have been predicted to be irrelevant. Consider: Online organizations are almost always desperate for new lines of revenue, due to their ridiculously overstated stock valuations. (In the criminology world, that's called motive.) They're also tied to the hip to advertisers, who are often their primary source of income. (In walks Opportunity.) Aggregation of mass quantities of identifiable information, continually up to date and temporarily difficult to obtain elsewhere, proposes an attractive source of money for companies like RealNetworks.
However, the lack of a direct money trail doesn't immediately, necessarily, or even probably exonerate RealNetworks. It is more than likely that more than a few large media companies agreed to work with RealNetworks in return for "under the table" statistics on the spread(and contraction) of MP3s per Server per State/College/User. Situations like this are perfect for creating plausable deniability, and considering the strength of the Microsoft threat against RealNetworks(nothing short of total annihilation!), it wouldn't be surprising at all if RealNetworks felt blackmailed into violating their customers in such an obscene manner.
But then, Blackmail usually implies risk v. risk calculations--in other words, RealNetworks had to feel that they'd experience some tremendous loss by favoring their corporate partners above the trust of their customers. Thus the genius of sponsoring TrustE. TrustE was practically made-to-order for corporations--whatever the privacy policy happened to say was OK by them, and since they were dependant on the very companies they were supposed to attack for their very existence, the organization was forced to bend over backwards to avoid conflict with their sponsors.
As I argued in this post, privacy policies can be twisted to say anything, and not obviously at that. Truly an ideal situation for companies like RealNetworks.
Add in the fact that the same companies who would demand privacy violations are those same companies who could get glowing stories of new privacy protections being quickly implemented, which of course had a nice +25% impact on stock price(ooh, even more ridiculous stock valuation!) when it finally happened, took what should have been a blackmail situation and converted it into a beautiful example of a Win/Win, with the public absorbing the cost.
But why? In the covert war against MP3, intelligence and co-option is everything. RealNetworks placing itself as the source for (much lower quality 96kbps) MP3s gives them the ability to control who encodes what, using which standard, and reporting back the ever valuable percentage of the population complying.
After all, knowing when to lower the boom on non-compliant MP3s, mainly by releasing players that suddenly refuse to play the finally-rare noncompliant MP3, is completely tied to knowing how many people are in violation.
So the strategy is exposed. The question is, what could have been done in advance to prevent such a situation? Legislation isn't necessarily the answer; laws aren't really that much more than a societally enforced contract with the government. Weak laws(which we already have in abundance) wouldn't have prevented this plan from going into effect.
The simple answer is that TrustE needs to make money for busting violators. Possibly that means a bounty system, paid by a FTC fund. However it works, right now TrustE makes money by pleasing its sponsors.
That not only has to change--it's going to.
Yours Truly,
Dan Kaminsky
DoxPara Research
http://www.doxpara.com
any idea why DialPad wants to have network access...
Well, I'd venture it has something to do with the fact that it lets you call up telephones via the Internet for free.
Yours Truly,
Dan Kaminsky
DoxPara Research
http://www.doxpara.com
Remember all the talk about how, if Linux loses the battle over browser compatibility, it loses the war for the desktop?
This, my friends, is a large reason why.
Only two things have prevented ASPs from becoming an integral part of the standard computing experience:
A) Lack of widespread high speed networking.
B) Immature tools for representing quality interfaces over HTML/Java/etc.
The judicious use of the extensions offered in Internet Explorer 5 arguably makes somewhat irrelevant the former(there's still the problem in that it's not particularly efficient or stable to have application functionality dependant upon a network connection; but then again it's arguable a server is much more likely to Autorecover much more reliably than a desktop OS) and almost totally obviates the latter.
The only thing preventing more applications from being designed in this manner is the fact that IE5 is nowhere near ubiquitous. Don't laugh--critical applications are already being designed according to Microsoft's master plan: Dialpad.Com, the surprisingly effective free Voice-Over-IP-To-Any-Landline-Telephone, is written in Java with some kind of Windows specific extensions.
Why? Two reasons: One, Sun has utterly bungled Java beyond belief when it comes to deploying new libraries, and two, Dialpad figures (witheringly reasonably) that the majority of their users can successfully *use* Windows specific extensions.
Of course, the fact that Dialpad apparently works successfully on Netscape for Windows hints at broken not-quite-cross-platform code somewhere in the pipeline. (Probably some native methods being used.) Either that, or the system's intentionally limited. I doubt that though--Dialpad actually added detailed Linux Masq instructions to their site. (Joy!)
Dialpad, incidentally, is a fascinating case study in how an ASP can operate. They are actually entirely standards-compliant, using H.323 to move their voicestreams around. However, they implemented a system they call Split-323(patent patending, which is slightly silly since the core concept is found all over the place) where most of the heavy H.323 lifting is done on the server side, with only the voice codec'ing remaining for the client to execute. Quite nifty, and is likely the general paradigm we're likely to see for systems that traditionally required binary application deployment--a small application, usually net-deployed, that executes whatever specifically requires a presence on the individual host(in this case, digital audio in, out, and compression) with the rest being left on some server out on the global Internet.
I said this is what we're likely to see. I didn't say it's the greatest idea known to man.
On the one hand, ASP style deployments work beautifully for applications that are inherently communication oriented. Dialpad is about connecting to other phone lines. MindTerm, the mind-bogglingly(sorry) cool Java deployed and amazingly full featured and GPL'd SSH client, brings high end communicative security in package that requires no installation beyond accessing a web page.
But do we really want non-communication based applications to require a network connection?
Pundits like to go on and on about how broadband is going to be all over the place in a few years. Bruce Schnier, author of Applied Cryptography and creator of the excellent Blowfish encryption algorithm, observed that while high end processing power will increase on and on ad infinitum, the low end never goes away--it just gets smaller, deployed for never-before imagined applications, etc. Smoothly scaling performance from the high end to the extremely low end is, therefore, a value. I posit that bandwidth is much the same way--maximum speeds will get higher and higher(indeed, in the course of the last 5 years I've gone from a 2400bit link to a 1,500,000bit link!), but there's always going to be something puttering along damn slowly and not entirely reliably. Look at the proliferation of wireless technologies proudly proclaiming speeds that are laughable in wired realm but are actually pretty cool once made wireless.
It's the wireless side, specifically laptops, that suffer the most from the ASP paradigm--wireless bandwidth is far more scarce, and many applications already deployed on them are intrinsically non-communication oriented. To force laptops to initiate connections whenever basic applications are to be used removes much of the freedom intrinsic in a battery powered, portable computing environment.
On the flip side, I'll be the first to admit that laptops have been made much less free by the degree to which communicative uses have taken over the actual applications people run. The concept that a laptop would become almost entirely useless, though, without Net.Mommy somehow being able to tunnel a link to it is rather bothersome nonetheless.
Security is a far more pressing concern. People fail to grasp the vast amount of security embedded in the simple fact that their files are located on their hard drives, in their homes, on a machine that is running no remote access services and is not permanently connected to the Internet. This security is eroded constantly by a disturbingly large number of intentional(in the RealNetworks fiasco) and unintentional(insert browser vulnerability here) ways, but literally moving the location of an application from onsite to a remote location introduces an incredible number of possible points of attack, from data corruption to privacy violation / industrial espionage.
A perfect example: GPS-Assisted Destination Routing. Take something like Mapquest.Com vs. a traditional CD-ROM based Street Atlas USA.
Mapquest requires no CD-ROM sale, would never have out of data information on the marketplace, could probably add a Dialpad-style applet to receive location data from a GPS receiver, and would probably require some form of wireless connectivity a la (the soon to be ridiculously oversubscribed) Ricochet service.
In comparison, Street Atlas USA does require a CD-ROM sale, would eventually suffer from stale data, would have GPS easily integratable with the core application, and would require no (expensive) wireless networking to function.
How easy it is to ignore that Mapquest would be receiving up-to-the-minute accurate positional and destination data for whoever's using their service. Combine the ridiculously pitiful privacy standards that Corporate America operates under with constant pressure from VC's to find sources of funding and the ease at which Net vendors can pass off security and privacy lapses as "accidental occurances which have already been fixed" and suddenly the ASP picture becomes much more dangerous for the end user.
The bottom line is, when it comes to security, trust, no matter how great, is no competition to a brick wall: Security Through Impossibility is simultaneously the simplest and most effective means by which sensitive data can be protected from malicious agents. ASP's demand much trust to be usable, and while benefits from ease of deployment and harms from reduced functionality and accessiblity are significant concerns for any business considering employing an ASP, one has to wonder at what times it is justified to remove the brick wall inherent in on-site deployed solutions.
Yours Truly,
Dan Kaminsky
DoxPara Research
http://www.doxpara.com
Is there a free DBMS out there?
Yes. There are several excellent free DBMS's out there, from PostgreSQL(impressively featured but not amazingly fast) to MySQL(greased lightning but not psychotically featured like PostgreSQL) to the much simpler GDBM.
If you need something like Oracle or Sybase, free single-user versions of the software are available for evaluation purposes.
Go on Freshmeat and look around, and feel free to contact me if you need any further assistance.
Yours Truly,
Dan Kaminsky
DoxPara Research
http://www.doxpara.com
My god, you are demented. Are you actually trying to equate the process of standardization of a new technology that is fraught with tons of issues to how you you treat your "clients"? Who the hell do you think you are?
Gee, someone who usually tries to improve a situation instead of just implementing mindless upgrades just for the purpose of New Whiz Bang Technology(TM).
I'm rather shocked that that isn't the same policy of an entire industry, which has been singing the praises of Digital Television for around half my life now. How interesting that it's only now, when suddenly a new technological solution arrives from Europe, that any news is released that says the American DTV standard is almost completely and utterly useless, and that it'd essentially remove reception from large swaths of the population.
If this observation offended you in some way, AC, I apologize. Feel free to continue this discussion; however I think I'd prefer an actual argument, based on the facts, rather than some pseudo-effective ad hominem flamage.
If you've got a point to make, make it. If you don't, we've all got better things to do.
Yours Truly,
Dan Kaminsky
DoxPara Research
http://www.doxpara.com
Whenever I start fixing a misbehaving system, I always abide by one rule:
Don't Make It Worse.
If I give up on fixing the thing for one reason or another, that's fine. I only have so much time in the day. But I'm not going to leave until I get it back, at least, to where it was before I arrived.
It's an issue of trust, and one of reputation: I can't afford to be known as somebody who you much rather have never walked in the door in the first place.
The revelation now that the present DTV standard doesn't even meet the reliability levels of NTSC is jawdropping. You mean to tell me I'm more respectful of my clients than an entire industry?!
The existence of a superior DTV standard from Europe is not particularly relevant to this foulup--NTSC was around ten years ago, and so were the early development versions of the American DTV standard. How, exactly, could it not be noticed that there were large, vast swathes of viewer who would recieve minimal reception even when NTSC offered perfect picture?
How, praytell, did this avoid any and every discussion of the technology?
My guess is that many an R&D budget went into developing the American standard, and should that standard have been left unadoped, upper management would have had to write it all off as a loss--such a significant accounting would be detrimental to the future of Digital TV, and the jobs of all the researchers.
So the reliability issues were supressed, with the improved quality being the siren call that would get widespread industry support. "Color made people watch more TV. More color and more channels means more ad minutes, means more money!", so were told the networks. "Imagine every American being forced to buy a new TV!", and the consumer electronics industry signed on.
And the consumer? "More channels...more quality...all free! You just need new equipment, or you lose all TV." Note, the lack of any less...any downsides...and apparently some degree of truth.
We're really lucky that the European standard actually does do what the American standard was supposed to.
If it wasn't for it, we'd not have known until it was far too late.
Don't think it's purely selfless devotion to the consumer that's leading that standard replacement alliance...suddenly, a large number of television stations just realized that it's very likely that only the biggest stations with the most skilled engineers and highest quality equipment would actually be able to get their signals broadcast successfully.
Anyone else depending on purely off the shelf hardware would be screwed...maybe, just maybe that was the idea?
Yours Truly,
Dan Kaminsky
DoxPara Research
http://www.doxpara.com
Massive electrical charge has a well known history of clearing the mind.
Just ask Hemingway, who suffered through quite a bit of electroshock assisted mind-clearing(he lost almost all of his memory...supposedly one of the reasons he shot himself.)
Yours Truly,
Dan Kaminsky
DoxPara Research
http://www.doxpara.com
"Consider that, for most of these displays of extreme electrical discharge, there's a guy sitting *inside* the main electrode."
Okay, how many people really trust Faraday that much ?
TrustFaraday++;
Yours Truly,
Dan Kaminsky
DoxPara Research
http://www.doxpara.com
I can't believe I forgot to link in this psychotic little page on their site. These guys have actually hacked together a Taser Gatling gun using their prodigious electrical skills.
;-)
:-)
Whoa.
For people like me, who grew up in Northern California and walked outside a few months back in slack jawed amazement for his first exposure to a lightning storm, mass electrical generators of any kind are damn cool, simply because we don't get much of that around here.
The equivalent, of course, is when you take someone from the east coast, or the midwest, and toss a 5.0 quake at them. No big deal to Californians...Armageddon to everyone else
Actually, there are some very, very cool tricks that can be done with static generators. When I was very young, we picked up a "negative ion generator"--essentially a device that used some technology to create a standing static charge. Connect the leads to a big metal bowl, fill the bowl with flour or salt, and as you move your positively charged hand into the bowl, negatively charged particles literally fly onto your hand, (I assume) electrostatically coating it. Fun for the entire family.
Nothing, of course, like being in that metal cage. My god! That thing was built in my hometown! How could I have never seen it
Yours Truly,
Dan Kaminsky
DoxPara Research
http://www.doxpara.com
John Carmack hates Direct3D. While his original rant seems to have disappeared from ID's page there is a news article here. John's arguments basicly centered around that A) Direct3D requires you to write more lines of code and B) The lines of code are significantly harder to read.
.plan remains one of my favorite flamages of all time.
The article is from 1997. Things change.
Give MS some credit. Carmack ripped DirectX a new orifice back in the days of DirectX1. By DirectX3, they ditched their horrific Talisman-defined Execute Buffer architecture(which even Carmack had problems figuring out) for a rather standard interface game designers could just throw tri's at.
Yes, that specific
It should also be noted that MS is trying to "fix" this by either funding or actually working on getting OpenGL to work on top of Direct3D with some sort of abstraction layer. I haven't been tracking this, so I could be wrong (or the effort may have been abandoned).
Ah yes, Fareinheit(I'm too lazy to spell this right at the moment). Standard MS Vapor, best I can tell. Too bad, it'd be *very* nice to have standard things like Interface Enumeration for OpenGL games.
Yours Truly,
Dan Kaminsky
DoxPara Research
http://www.doxpara.com
but I cant affort the licensing restructions of MySQL for this.
There's a GPL MySQL out there, perfect for you then.
Yours Truly,
Dan Kaminsky
DoxPara Research
http://www.doxpara.com
Jail is totally inappropriate in this case. Jail is a bullying manuver. We need to cry out about this. Suspension with required counciling is the appropriate action.
So you're telling me that suspension with required counciling is NOT bullying? We'd be hearing the same stuff from Katz if that happened, and you know it.
Besides, lemme get this straight. They think this kid might kill, so...they're going to tell him he's not welcome as part of the school community right now, and that they think he's crazy?
Sorry, everyone still gets fired for letting the kid shoot up the school.
Yours Truly,
Dan Kaminsky
DoxPara Research
http://www.doxpara.com
I think that it is fair to make companies liable ex post facto (after the fact). Even if no malice is present, their product did cause damage through normal operation. It's the same argument where tobacco companies would be liable for cancer deaths (which they are) and Ford would be liable for exploding Pintos (which it was).
I don't know about this. The idea is that Tobacco Companies knew and intentionally withheld evidence of the deadliness of tobacco, and Ford either knew or was negligent in not knowing that their cars went boom.
The general scientific consensus for years has been that EM in any strength is completely harmless. The concept that it might not be is rather alien.
Imagine if Slashdot's color/font choices caused breakdown in mental stability in some portion of the population. Should CmdrTaco be liable?
Yours Truly,
Dan Kaminsky
DoxPara Research
http://www.doxpara.com
Obvious threat? You gotta be kidding. What this kid wrote is not a threat. It's a story. Story, fiction, ring a bell? It's not true. Some people are just too paranoid for their own good.
Real names. If the kid wrote a short story about how he saved the life of some girl in the class and they kissed and were really happy together, it wouldn't take too much thought to consider that the kid might like that girl.
Sadly, it takes very little thought to consider a story where real people get shot to be a threat. Even if, after more thought it's obviously just a story, the fear of others' 20/20 hindsight can take over.
Somebody should have just talked to the kid is said alot...exactly how should the kid have been talked to? We obviously don't want the kid to have been made to feel like he was an outcast, or violated some thought code--you can shove that on a kid in juve or in a counselors office.
What would have been a reasonable act to have been done that would be a fair defense for the administrator if the kid all of the sudden turned around a few months later, changed his mind, and did shoot up his school?
Yours Truly,
Dan Kaminsky
DoxPara Research
http://www.doxpara.com
Rats do possess much, much thinner skulls.
That being said, one has to wonder about the structure and function of this type of memory, if ostensibly harmless frequency exposure can cause this kind of damage.
Is it fair to make companies liable ex post facto, incidentally? If I have no knowledge that my behavior could cause serious problems, and I make a good faith effort to both discover problems and handle the problem as best I can be expected, should I be liable?
How did they deliver the Microwave radiation? Any chance there were distracting harmonics only audible to the rats that might have polluted the study?
Yeah, this is pretty worrisome.
Yours Truly,
Dan Kaminsky
DoxPara Research
http://www.doxpara.com