The difference is that the supporters of.xxx could only get what they wanted if the rest of the net became a porn-free zone. So it was about censorship and control.
What I don't understand is why the author thought that Microsoft would want.msn and Google would want.goog. Microsoft and Google might take those domains to stop squatters but the brands they would want to promote are.microsoft and.google.
I wonder what the governance model for the root zones is going to be. At the moment these are maintained on a pro-bono basis. But this proposal is going to seriously increase the number of domains and the cost of the infrastructure required.
No, the certificates issued by VeriSign have three types: Domain validated (only sold on the Thawte and GeoTrust labels), organizational validation (Class 3) and Extended Validation.
Ob disclaimer, yes I work for a major CA, no I am not speaking for that CA here.
Domain validated certificates are designed to enable use of encryption and to provide protection against a DNS or BGP level man in the middle attack. They are not intended to be adequate for Internet banking or for determining if the merchant you pay for that plasma TV is likely to be trustworthy. They are perfectly adequate for sites like Slashdot
The class 3 and EV certificates are both designed to provide accountability and both have similar validation criteria in principle. In practice the EV validation process is a lot more cumbersome and involved because the criteria are determined by a consortium of the major browser providers and CAs.
Accountability is important because a party is much less likely to default if this is likely to result in civil or criminal consequences. In the EV and Class 3 models the accountability is established by verifying with an independent source that a business with the specified subject name exists, that the party making the application has the right to act on behalf of that party.
The class 3 certificate offers equivalent security to the relying party as the EV cert but the relying party is much less likely to notice that it is being used. The EV security experience is much more noticeable and results in a measurably greater degree of customer confidence - as evidenced by lower rates of abandoned shopping carts.
As for self signed certificates, I have been part of the W3C Web Security Context working group for the past year and a bit which has (amongst other things) been working on the problem of how to make use of self signed certificates more useful and how to avoid the problem of the idiotic 'warning' messages that browsers throw up when encountering a self-signed cert. Adding security should never make the user experience worse!
A lot of people are suspicious when I say that I support the use of self-signed certificates. But I really don't see them as a threat to the business. On the contrary, for every domain validated cert user who downgrades to a self signed certificate there will be tens of servers turning on encryption who were not using it at all earlier. And every one of those self-signed certificate users is a potential upsell to a domain validated or organizational validated certificate. I am not aware that any CA has ever marketed email SSL certificates but you will find quite a few mail servers on the net that are using CA issued certificates for STARTTLS transactions.
Cryptography is like sex (hey I did say I was not speaking for my employer): it is much better when you know who you are engaging in it with. And certificates are currently the cheapest, most effective model for knowing who is at the other end of the pipe.
I have been predicting this one for a while, I wrote in the manifesto that nobody is going to want home automation if it means having to worry if Mr Coffee has been recruited into a botnet.
The solution I proposed there was that a coffee pot does not get a full Internet connection. Instead of the default being full access we switch to default deny. It only gets to connect to the local net at all after authentication. And it only gets access that is appropriate to its function and consistent with site policy. Obviously the typical consumer is not going to be writing security policies so this process is going to have to be automated which is where a small amount of Semantic Web technology comes in.
You have just described every collector of Star Wars action figures.
I am so pissed that I passed up the chance to buy a whole rack of the first gen figures back when they were on closeout after Episode VI. I thought they were overpriced junk then, never imagined anyone would be paying $2,000 for a NIB R2D2.
The first patent was issued in 2008. That is over a decade after the feature appeared in the Web specifications.
I can run through a huge amount of prior art on this one. And not just from the Web. If this does start to appear in the US we should put together a defense pack.
So the marginal cost of production is $10, but your bigger obstacle is the fact that the fab you need to build another copy costs $1 billion plus. And the capital cost of a fab run are huge. So even if there was another company with a fab that could make a chip of that type they would have to make so many to make a profit that they would be sure to be caught and prosecuted.
Having once been in the game industry (like twenty years ago when we handcoded 6502 assembler), I am somewhat sympathetic to the position of a video game company looking to protect a $100 million investment in a new game (Hollywood profits beget Hollywood production budgets). And I am on record as having supported the use of TPM.
So, sorry to say, Bushnell, you are mistaken, TPM is no use to you whatsoever.
The first reason that TPM is no use to the videogame industry is that multiplayer and online content are where the real money is made now. And they both provide the added benefit of an effective revenue protection scheme. So the Video game industry has less need for TPM than other copyright areas, not more.
The second problem with TPM as copyright protection mechanism is that today the number of machines with TPM chips is small and a content provider who decided to only sell to TPM chip protected devices would have a negligible market opportunity. A secondary problem is that a large amount of music is bought to be used in modes that are not compatible with DRM - iPods, car MP3 players etc. This is starting to be the case with DVD as well.
The third problem is that TPM is only designed to be secure against an attacker with a certain level of expertise, time and equipment. TPM chips are not designed to be proof against the type of reverse engineering a moderately high end university lab might have available.
This third issue is not a problem for my area of application - protecting corporate secrets. In that case breaking ONE TPM chip does not invalidate the whole class of TPM devices and enable an attack against the assets I care about unless it is one of the 100 or 2000 or so machines that are within my trust locus.
For copyright enforcement the flaw is fatal because (1) the potential return from breaking the code is tens or hundreds of millions of dollars and (2) any one of the hundred million plus machines permitted to access the content will do.
The practical upshot is that DRM works for protecting corporate secrets but does no better than other hardware based protection schemes for copyright enforcement.
This is a good thing because those corporate secrets include things like SSNs, healthcare records and the like.
Looks like the corporate equivalent of 'the dog ate my homework'.
So perhaps they could explain why municipal bonds have much lower default rates than equivalently rated commercial paper and this has been the case for several decades? Is this also a computer bug? I suspect not, I think they rate the commercial paper higher because they pay for the ratings.
So where is the accountability here? Do people who relied on these faulty (or fraudulent) ratings get to sue? If not, why did they ever trust a rating that nobody can be held accountable for?
Why are we spending money on a Child Porn Flight? WTF? What is one of those when it is at home anyway? An airline which shows kiddie porn as in flight entertainment???? WTF?
A while ago a journalist called me up to ask about an Internet crime issue. She was somewhat 'confused'. I tried to explain what was really going on but she had an unfortunate habit of assuming that she understood things she didn't.
Fortunately she then called up a competitor to ask for a comment and repeated her version of what I told her. He then responded, 'I really don't think thats what PHB said'. The story died there.
You try but sometimes the journalist tries harder than they are able to.
There was a pretty clear claim for trademark infringement here. The court very reasonably found that ORF was trading on Orion's reputation.
Having made that finding the court is quite reasonably penalizing ORF. It is quite reasonable for an injunction to penalize ORF after they clearly took advantage of Orion's reputation.
And any company that does not show up in court when served with papers is likely to find that they end up saddled with onerous terms in any case.
Wow, an old-style Usenet kook! Here on Slashdot! Take a picture, quickly! See how he starts by rationally discussing the subject at hand in the first paragraph, before introducing an unrelated issue in the second that refers to a shared experience that nobody else had.
The second paragraph was a direct response to the first poster making an ironic reference to Americans expecting the right to keep and bear arms to extend to other countries. The great talk.politics.guns roadshow was anything but a singular experience. There must have been at least ten thousand people reading that particular thread.
There we were discussing the Archers and the Montana militia pops up to tell us we are living in a dictatorship (the actual McVeigh posts were removed from the Deja Feed but you can see the flavor of the 'argument'). Then one of them goes off and murders 200 people.
The Internet is not like the regular news. In an Internet of a billion people you are going to meet a lot of kooks. But you are also going to find that there are a lot of people who have a direct connection to pretty much every major event. McVeigh spent his time between Wako and OKC building his bomb and spewing hate posts onto the Internet. He was not the most prominent gun nut, but he was pretty prominent.
The connection here that you appear to be deliberately avoiding is that it is not actually that rare for Americans to have somewhat peculiar notions about foreign countries. Such as the idea that a 'US hotel' operating in China does not have to follow Chinese law and that this is somehow a political affront to the United States as if every Hilton and Marriott in the world was a kind of US Embassy.
I am somewhat surprised that the US hotels would be required to enact censorship, the Chinese state is good enough at that itself. As far as stopping outbound communications goes, fat chance, no censorship filter can do anything with SSL trafic.
Next you're going to tell me that American citizens have their right to bear arms violated when they're in Europe.
You know, a guy called Timothy McVeigh spent three months complaining about that very issue across Usenet. See the thread 'No rights in the UK' on DejaNews. The thread only ended when he murdered two hundred people in the OKC bombing.
Yes, Americans do sometimes have some pretty weird ideas about foreign countries. China is no longer Maoist, arguably it is no longer communist according to any recognizable Marxist doctrine. But it is still a dictatorship. In political terms it is essentially on a par with Chile, the Philippines, or whathave you during the Nixon era military Juntas.
We now know that the US right greatly overestimated the threat from Communism. The communists never had the ability, still less the intention of expanding into Western Europe. The cold war was fought for domestic reasons, they had to have an enemy to point to. When the cold war ended they decided Islamic terror would be the next big thing. That is why they didn't want to eliminate Bin Laden, Regan made that mistake with the Communists. The invasion of Iraq was not a distraction from tackling Bin Laden, it was to cover up the fact that they want him alive and killing as long as possible.
In the process they made two major blunders. The first was that the invasion of Iraq led to the rise of Iran as the dominant regional superpower, a rise that was both predictable and predicted. The second that Bush turned out to have read Putin completely wrong.
Certainly. I had my first job out of college, and my boss tasked me with setting up a fairly complex gopher site, as well as investigating alternatives. (I believe the phrase "this http thing" was used.) The webs technological superiority was so blindingly obvious, the licensing was not even a factor.
Actually to correct my earlier statement. It was a big event for Tim who was pretty much invested in his code (even if he did have to convert it from objective C) and he did not want to see libwww die. But it was not actually an issue for the Web because the Web had already got to the point where it was valuable enough that we could have replaced libwww in short order if necessary.
Tim always believed that the licensing issue was a big factor in killing gopher. I have had that conversation with him on frequent occasions. I think that he is not quite right. If the Web had not come along and offered a superior design, someone would have produced an open source implementation of Gopher.
Where the licensing issue was important was in getting the Whitehouse to adopt the Web over other technologies such as Hyper-G which offered much slicker clients at the time. Everyone involved in that decision has told me that the fact that the WH had free access to the technology the federal government paid for developing at NCSA was decisive. Before www.whitehouse.gov went online we found it very difficult to persuade companies that were not in the IT space to deploy the Web. Afterwards it became an instant craze.
Hyper-G on the other hand was killed by the rapacious licensing terms demanded by the university, or rather the company that the profs had set up to exploit the technology. That is where I think that there is something wrong, if you use public money to develop a technology the result should be public.
Just in case you're not trolling; ISO standards should be independently implementable by anyone. OOXML cannot be independently implemented. Therefor MS should not have submitted & ISO body should not have approved.
Nope, not even close. Nobody ever created an interoperable implementation of X.500 from the spec. It was actually impossible to implement X.25 as specified and there are numerous other examples.
This is not the first time that a group of competitors have ganged up to screw a competitor using the standards process. Some people think that its actually part of the game. But there is no need to insult our intelligence by claiming that blocking OOXML is about anything other than attempting to force ODF onto government users.
It is pretty difficult to get a judicial review of a non-government body in the UK. The BSI is a member organization. It is not apparent that the group bringing the claim was even a member.
The members of BSI are companies rather than individuals and most are more interested in specs for rivets or such than internal IT industry politics.
Well since I was there and you most certainly were not, your reply looks more like a troll to me.
Your claim that all the CERN content was on a single server before NCSA is simply untrue. There were over 100 Web servers in 1992 before the release of Mosaic.
While it is true that NCSA did not actually go so far as to remove the CERN tags from the source files, my statement referred to the original documentation. The NCSA documentation did not mention CERN or the Web till I brought up the issue of plagiarism.
The libwww sources bear the CERN and MIT copyrights as they are the distributors. But the NCSA code split from the libwww trunk before there was any libwww development at MIT so you are looking at the wrong version of the code in any case.
Mosaic was a significant step in the development of the Web, but to deny Tim's role as you attempt to do here is entirely wrong. Tim designed both the protocol and the original Web browser and server before the NCSA team started work. To assert as you do that Tim 'stole' the idea from NCSA is entirely untrue.
The principal contribution made at NCSA was actually the addition of the Forms model to HTML. Although NCSA were the first team to implement inline images they were not the first to propose them and in fact there was an active discussion concerning how to introduce images when Marc presented his approach as a fait acompli.
But the Mosaic browser still misses features that are generally considered to be fundamental. Neither Mosaic nor Netscape were the first browsers with support for the Table model for example.
You are probably correct in stating that NCSA, Andressen and co now get rather less credit than maybe they deserve. But this is entirely of their own making. People stopped giving them credit after they tried to claim rather too much. Take a look at 'Netscape Time', Jim Clark's history of Netscape, it only mentions Tim three times and he slams him every one of them. Or look at 'Architects of the Web' which is another Netscape book with twelve chapters each describing a 'Web Architect' but no mention of Tim at all.
It isn't the 15th anniversary of the Internet, obviously. Nor is it the 15th anniversary of the Web, though that's closer. It's the 15th anniversary of the day when CERN put their code for the first web server and browser into the public domain.
As someone involved in the Web at the time, this really was something of a non-event. There was never a serious expectation that either CERN would attempt to claim proprietary ownership or that it would matter a great deal to the Web if it did.
CERN was prohibited from commercial exploitation of technology developed at CERN and CERNLIB had been distributed under an essentially open source license for years. The need to make the public domain status explicit only arose after UMichigan declared a proprietary interest in the Gopher code. Up to that point nobody seriously worried about the status of the CERN code.
The issue was not in doubt for very long and by the time the announcement had come NCSA was already distributing a server that contained no CERN code. If CERN had not delivered it would simply have caused the exodus from CERN to occur a year earlier. The Web was already gaining adoption at a breakneck speed.
And even that is a stretch. The "web" he invented at CERN had all of the content sitting on a single server. More like today's Wiki-sites, than WWW. If anybody, it is the creators of Mosaic (at NCSA), who really did it.
Untrue and completely wrong. The Mosaic browser was based on the libwww software developed at CERN. They did not credit the work, but all the major intellectual components of the Web came from CERN: The URI, HTTP, HTML, 404 not found.
The NCSA group did make a practice of failing to credit Tim's work. In particular the original releases of Mosaic failled to mention the use of CERN code or that it was built on CERN ideas. That is generally regarded as plagiarism. The original Mosaic instructions did not include the string 'World Wide Web' or 'CERN'
Tim's prior claim is well established, as is the fact that there were Web browsers developed before Tim met the NCSA people.
It's even better because exchange DOES have a retention system. File -> Archive. Hell theres ways for IT to force a retention policy down from group policy!
And if you do not like the Microsoft archive system there is no shortage of third party archive solutions.
The need for an archive system was fully understood by the EOP system management when I worked with them during the Clinton administration. I do not believe that any change would have been acceptable to that management unless there was a fully functional and tested archive retention plan on day one.
The possibility of 'strategic incompetence' has to be considered in the light of the administration statement that Bush would not be using email on account of concerns that his emails would be subject to presidential records archiving requirements and subpoenas. Further there is the fact of the diversion of large quantities of whitehouse mail through the RNC servers.
It not only stinks, it is completely pointless. There is an abundant administrative trail without email.
Some clauses of some EULAs are enforceable. But many are not.
But this particular EULA is clearly unenforceable (under common law at least) as the courts do not adjudicate disputes arising from criminal conduct. There is an ancient case where one thief sued another for failing to pay him his share of two pocket watched they stole.
I don't think they expect the EULA to be observed. They would be fools to expect that as they spend more time ripping each other off than their intended victims (no honor amongst thieves). It is probably more of an attempt to gain notoriety by aping the business practices of legitimate companies.
Its an interesting idea, the limitations of synctoy are quite apparent. There is no reason why backup should be a separate operation these days it should all be automatic. Be nicer when they support mac as well.
Throwing more "experts" at the problem doesn't make the problems go away. Just like making passwords more complex doesn't seem to increase security, especially when the average user doesn't seem to be getting any better (still writing password on post-its, etc)
The obfustication of passwords started in 1990 or thereabouts when crack first appeared and there was a need to strengthen the passwords to prevent the brute force attack taking less than a day.
Forcing users to include a digit increases the search complexity by only an order of magnitude at best, it might even reduce the search space by encouraging use of shorter passwords (ten digits, but 26 characters). forcing capitalization has no effect since it is almost always the first letter that is capitalized.
Since these silly restrictions were put in place computers have become roughly four orders of magnitude faster. Today a strong password would be ten characters.
It is all superstitious pseudo-security. If you want security you do not use a password.
n other words, most of our security problems aren't rooted in flawed cryptography, they are based on the flawed allocation of resources and general human fallibility. Good luck with your studies young man. Perhaps you can fill that hole you think Bruce Schneier has left.
Why is it that everyone who posts on security is immediately compared to Bruce in derogatory terms? He certainly isn't the most influential practitioner within the field and he does not try to be. His focus is on describing what is reasonably close to state of the art to non-specialists.
Frankly, why would you want to read a book from someone who didn't think he could do a better job or at least a different job than Bruce?
On the book itself, I have not yet finished it. What I have read seems reasonable enough. And it is certainly true that in some cases the way to improve security is to focus on the economic issues (I make a related but similar case in my book in the same series). Where I suspect I will have an issue is that I suspect that there are a lot of crimes we simply don't have good measurements for yet and will find it hard to get measurements for them.
ObDisclosure, Addison Wesley have sandwiched a chapter from my book, the dotCrime Manifesto at the end of the New School.
Funny the way that it always seems to be the wars that were lost that get omitted. According to US schoolbook history the was of 1812 was a draw. Funny, most folk would think having your capital burned to the ground and having the peace terms dictated by the other side was a loss. Fortunately for the US the peace terms that the British offered were very generous as they were much more concerned with the real war against Napoleon.
But this omission is nothing compared to the British history books where the English possessions in France grow and grow until suddenly you turn the page and only Calais is left with no explanation at all.
Slashdot Mirror
What I don't understand is why the author thought that Microsoft would want .msn and Google would want .goog. Microsoft and Google might take those domains to stop squatters but the brands they would want to promote are .microsoft and .google.
I wonder what the governance model for the root zones is going to be. At the moment these are maintained on a pro-bono basis. But this proposal is going to seriously increase the number of domains and the cost of the infrastructure required.
Ob disclaimer, yes I work for a major CA, no I am not speaking for that CA here.
Domain validated certificates are designed to enable use of encryption and to provide protection against a DNS or BGP level man in the middle attack. They are not intended to be adequate for Internet banking or for determining if the merchant you pay for that plasma TV is likely to be trustworthy. They are perfectly adequate for sites like Slashdot
The class 3 and EV certificates are both designed to provide accountability and both have similar validation criteria in principle. In practice the EV validation process is a lot more cumbersome and involved because the criteria are determined by a consortium of the major browser providers and CAs.
Accountability is important because a party is much less likely to default if this is likely to result in civil or criminal consequences. In the EV and Class 3 models the accountability is established by verifying with an independent source that a business with the specified subject name exists, that the party making the application has the right to act on behalf of that party.
The class 3 certificate offers equivalent security to the relying party as the EV cert but the relying party is much less likely to notice that it is being used. The EV security experience is much more noticeable and results in a measurably greater degree of customer confidence - as evidenced by lower rates of abandoned shopping carts.
As for self signed certificates, I have been part of the W3C Web Security Context working group for the past year and a bit which has (amongst other things) been working on the problem of how to make use of self signed certificates more useful and how to avoid the problem of the idiotic 'warning' messages that browsers throw up when encountering a self-signed cert. Adding security should never make the user experience worse!
A lot of people are suspicious when I say that I support the use of self-signed certificates. But I really don't see them as a threat to the business. On the contrary, for every domain validated cert user who downgrades to a self signed certificate there will be tens of servers turning on encryption who were not using it at all earlier. And every one of those self-signed certificate users is a potential upsell to a domain validated or organizational validated certificate. I am not aware that any CA has ever marketed email SSL certificates but you will find quite a few mail servers on the net that are using CA issued certificates for STARTTLS transactions.
Cryptography is like sex (hey I did say I was not speaking for my employer): it is much better when you know who you are engaging in it with. And certificates are currently the cheapest, most effective model for knowing who is at the other end of the pipe.
The solution I proposed there was that a coffee pot does not get a full Internet connection. Instead of the default being full access we switch to default deny. It only gets to connect to the local net at all after authentication. And it only gets access that is appropriate to its function and consistent with site policy. Obviously the typical consumer is not going to be writing security policies so this process is going to have to be automated which is where a small amount of Semantic Web technology comes in.
I am so pissed that I passed up the chance to buy a whole rack of the first gen figures back when they were on closeout after Episode VI. I thought they were overpriced junk then, never imagined anyone would be paying $2,000 for a NIB R2D2.
You say that like its a problem.
I prefer to consider Windows Vista to be like the overclocked Voodoo quadcore with twin nVidia 8800s I run it on: reassuringly exclusive.
I can run through a huge amount of prior art on this one. And not just from the Web. If this does start to appear in the US we should put together a defense pack.
Having once been in the game industry (like twenty years ago when we handcoded 6502 assembler), I am somewhat sympathetic to the position of a video game company looking to protect a $100 million investment in a new game (Hollywood profits beget Hollywood production budgets). And I am on record as having supported the use of TPM.
So, sorry to say, Bushnell, you are mistaken, TPM is no use to you whatsoever.
The first reason that TPM is no use to the videogame industry is that multiplayer and online content are where the real money is made now. And they both provide the added benefit of an effective revenue protection scheme. So the Video game industry has less need for TPM than other copyright areas, not more.
The second problem with TPM as copyright protection mechanism is that today the number of machines with TPM chips is small and a content provider who decided to only sell to TPM chip protected devices would have a negligible market opportunity. A secondary problem is that a large amount of music is bought to be used in modes that are not compatible with DRM - iPods, car MP3 players etc. This is starting to be the case with DVD as well.
The third problem is that TPM is only designed to be secure against an attacker with a certain level of expertise, time and equipment. TPM chips are not designed to be proof against the type of reverse engineering a moderately high end university lab might have available.
This third issue is not a problem for my area of application - protecting corporate secrets. In that case breaking ONE TPM chip does not invalidate the whole class of TPM devices and enable an attack against the assets I care about unless it is one of the 100 or 2000 or so machines that are within my trust locus.
For copyright enforcement the flaw is fatal because (1) the potential return from breaking the code is tens or hundreds of millions of dollars and (2) any one of the hundred million plus machines permitted to access the content will do.
The practical upshot is that DRM works for protecting corporate secrets but does no better than other hardware based protection schemes for copyright enforcement.
This is a good thing because those corporate secrets include things like SSNs, healthcare records and the like.
So perhaps they could explain why municipal bonds have much lower default rates than equivalently rated commercial paper and this has been the case for several decades? Is this also a computer bug? I suspect not, I think they rate the commercial paper higher because they pay for the ratings.
So where is the accountability here? Do people who relied on these faulty (or fraudulent) ratings get to sue? If not, why did they ever trust a rating that nobody can be held accountable for?
I mean, seriously, WTF!
Oh Fight, never mind...
Fortunately she then called up a competitor to ask for a comment and repeated her version of what I told her. He then responded, 'I really don't think thats what PHB said'. The story died there.
You try but sometimes the journalist tries harder than they are able to.
Having made that finding the court is quite reasonably penalizing ORF. It is quite reasonable for an injunction to penalize ORF after they clearly took advantage of Orion's reputation.
And any company that does not show up in court when served with papers is likely to find that they end up saddled with onerous terms in any case.
The second paragraph was a direct response to the first poster making an ironic reference to Americans expecting the right to keep and bear arms to extend to other countries. The great talk.politics.guns roadshow was anything but a singular experience. There must have been at least ten thousand people reading that particular thread.
There we were discussing the Archers and the Montana militia pops up to tell us we are living in a dictatorship (the actual McVeigh posts were removed from the Deja Feed but you can see the flavor of the 'argument'). Then one of them goes off and murders 200 people.
The Internet is not like the regular news. In an Internet of a billion people you are going to meet a lot of kooks. But you are also going to find that there are a lot of people who have a direct connection to pretty much every major event. McVeigh spent his time between Wako and OKC building his bomb and spewing hate posts onto the Internet. He was not the most prominent gun nut, but he was pretty prominent.
The connection here that you appear to be deliberately avoiding is that it is not actually that rare for Americans to have somewhat peculiar notions about foreign countries. Such as the idea that a 'US hotel' operating in China does not have to follow Chinese law and that this is somehow a political affront to the United States as if every Hilton and Marriott in the world was a kind of US Embassy.
Next you're going to tell me that American citizens have their right to bear arms violated when they're in Europe.
You know, a guy called Timothy McVeigh spent three months complaining about that very issue across Usenet. See the thread 'No rights in the UK' on DejaNews. The thread only ended when he murdered two hundred people in the OKC bombing.
Yes, Americans do sometimes have some pretty weird ideas about foreign countries. China is no longer Maoist, arguably it is no longer communist according to any recognizable Marxist doctrine. But it is still a dictatorship. In political terms it is essentially on a par with Chile, the Philippines, or whathave you during the Nixon era military Juntas.
We now know that the US right greatly overestimated the threat from Communism. The communists never had the ability, still less the intention of expanding into Western Europe. The cold war was fought for domestic reasons, they had to have an enemy to point to. When the cold war ended they decided Islamic terror would be the next big thing. That is why they didn't want to eliminate Bin Laden, Regan made that mistake with the Communists. The invasion of Iraq was not a distraction from tackling Bin Laden, it was to cover up the fact that they want him alive and killing as long as possible.
In the process they made two major blunders. The first was that the invasion of Iraq led to the rise of Iran as the dominant regional superpower, a rise that was both predictable and predicted. The second that Bush turned out to have read Putin completely wrong.
Actually to correct my earlier statement. It was a big event for Tim who was pretty much invested in his code (even if he did have to convert it from objective C) and he did not want to see libwww die. But it was not actually an issue for the Web because the Web had already got to the point where it was valuable enough that we could have replaced libwww in short order if necessary.
Tim always believed that the licensing issue was a big factor in killing gopher. I have had that conversation with him on frequent occasions. I think that he is not quite right. If the Web had not come along and offered a superior design, someone would have produced an open source implementation of Gopher.
Where the licensing issue was important was in getting the Whitehouse to adopt the Web over other technologies such as Hyper-G which offered much slicker clients at the time. Everyone involved in that decision has told me that the fact that the WH had free access to the technology the federal government paid for developing at NCSA was decisive. Before www.whitehouse.gov went online we found it very difficult to persuade companies that were not in the IT space to deploy the Web. Afterwards it became an instant craze.
Hyper-G on the other hand was killed by the rapacious licensing terms demanded by the university, or rather the company that the profs had set up to exploit the technology. That is where I think that there is something wrong, if you use public money to develop a technology the result should be public.
Nope, not even close. Nobody ever created an interoperable implementation of X.500 from the spec. It was actually impossible to implement X.25 as specified and there are numerous other examples.
This is not the first time that a group of competitors have ganged up to screw a competitor using the standards process. Some people think that its actually part of the game. But there is no need to insult our intelligence by claiming that blocking OOXML is about anything other than attempting to force ODF onto government users.
It is pretty difficult to get a judicial review of a non-government body in the UK. The BSI is a member organization. It is not apparent that the group bringing the claim was even a member.
The members of BSI are companies rather than individuals and most are more interested in specs for rivets or such than internal IT industry politics.
Your claim that all the CERN content was on a single server before NCSA is simply untrue. There were over 100 Web servers in 1992 before the release of Mosaic.
While it is true that NCSA did not actually go so far as to remove the CERN tags from the source files, my statement referred to the original documentation. The NCSA documentation did not mention CERN or the Web till I brought up the issue of plagiarism.
The libwww sources bear the CERN and MIT copyrights as they are the distributors. But the NCSA code split from the libwww trunk before there was any libwww development at MIT so you are looking at the wrong version of the code in any case.
Mosaic was a significant step in the development of the Web, but to deny Tim's role as you attempt to do here is entirely wrong. Tim designed both the protocol and the original Web browser and server before the NCSA team started work. To assert as you do that Tim 'stole' the idea from NCSA is entirely untrue.
The principal contribution made at NCSA was actually the addition of the Forms model to HTML. Although NCSA were the first team to implement inline images they were not the first to propose them and in fact there was an active discussion concerning how to introduce images when Marc presented his approach as a fait acompli.
But the Mosaic browser still misses features that are generally considered to be fundamental. Neither Mosaic nor Netscape were the first browsers with support for the Table model for example.
You are probably correct in stating that NCSA, Andressen and co now get rather less credit than maybe they deserve. But this is entirely of their own making. People stopped giving them credit after they tried to claim rather too much. Take a look at 'Netscape Time', Jim Clark's history of Netscape, it only mentions Tim three times and he slams him every one of them. Or look at 'Architects of the Web' which is another Netscape book with twelve chapters each describing a 'Web Architect' but no mention of Tim at all.
As someone involved in the Web at the time, this really was something of a non-event. There was never a serious expectation that either CERN would attempt to claim proprietary ownership or that it would matter a great deal to the Web if it did.
CERN was prohibited from commercial exploitation of technology developed at CERN and CERNLIB had been distributed under an essentially open source license for years. The need to make the public domain status explicit only arose after UMichigan declared a proprietary interest in the Gopher code. Up to that point nobody seriously worried about the status of the CERN code.
The issue was not in doubt for very long and by the time the announcement had come NCSA was already distributing a server that contained no CERN code. If CERN had not delivered it would simply have caused the exodus from CERN to occur a year earlier. The Web was already gaining adoption at a breakneck speed.
Untrue and completely wrong. The Mosaic browser was based on the libwww software developed at CERN. They did not credit the work, but all the major intellectual components of the Web came from CERN: The URI, HTTP, HTML, 404 not found.
The NCSA group did make a practice of failing to credit Tim's work. In particular the original releases of Mosaic failled to mention the use of CERN code or that it was built on CERN ideas. That is generally regarded as plagiarism. The original Mosaic instructions did not include the string 'World Wide Web' or 'CERN'
Tim's prior claim is well established, as is the fact that there were Web browsers developed before Tim met the NCSA people.
I started using the Web in 1992 and it was demonstrated in public then. And in any case the Internet is more like 30 years.
And if you do not like the Microsoft archive system there is no shortage of third party archive solutions.
The need for an archive system was fully understood by the EOP system management when I worked with them during the Clinton administration. I do not believe that any change would have been acceptable to that management unless there was a fully functional and tested archive retention plan on day one.
The possibility of 'strategic incompetence' has to be considered in the light of the administration statement that Bush would not be using email on account of concerns that his emails would be subject to presidential records archiving requirements and subpoenas. Further there is the fact of the diversion of large quantities of whitehouse mail through the RNC servers.
It not only stinks, it is completely pointless. There is an abundant administrative trail without email.
Some clauses of some EULAs are enforceable. But many are not. But this particular EULA is clearly unenforceable (under common law at least) as the courts do not adjudicate disputes arising from criminal conduct. There is an ancient case where one thief sued another for failing to pay him his share of two pocket watched they stole. I don't think they expect the EULA to be observed. They would be fools to expect that as they spend more time ripping each other off than their intended victims (no honor amongst thieves). It is probably more of an attempt to gain notoriety by aping the business practices of legitimate companies.
Its an interesting idea, the limitations of synctoy are quite apparent. There is no reason why backup should be a separate operation these days it should all be automatic. Be nicer when they support mac as well.
The obfustication of passwords started in 1990 or thereabouts when crack first appeared and there was a need to strengthen the passwords to prevent the brute force attack taking less than a day.
Forcing users to include a digit increases the search complexity by only an order of magnitude at best, it might even reduce the search space by encouraging use of shorter passwords (ten digits, but 26 characters). forcing capitalization has no effect since it is almost always the first letter that is capitalized.
Since these silly restrictions were put in place computers have become roughly four orders of magnitude faster. Today a strong password would be ten characters.
It is all superstitious pseudo-security. If you want security you do not use a password.
Why is it that everyone who posts on security is immediately compared to Bruce in derogatory terms? He certainly isn't the most influential practitioner within the field and he does not try to be. His focus is on describing what is reasonably close to state of the art to non-specialists.
Frankly, why would you want to read a book from someone who didn't think he could do a better job or at least a different job than Bruce?
On the book itself, I have not yet finished it. What I have read seems reasonable enough. And it is certainly true that in some cases the way to improve security is to focus on the economic issues (I make a related but similar case in my book in the same series). Where I suspect I will have an issue is that I suspect that there are a lot of crimes we simply don't have good measurements for yet and will find it hard to get measurements for them.
ObDisclosure, Addison Wesley have sandwiched a chapter from my book, the dotCrime Manifesto at the end of the New School.
But this omission is nothing compared to the British history books where the English possessions in France grow and grow until suddenly you turn the page and only Calais is left with no explanation at all.