After reading the article and the whitepaper, I still have no idea what new technology these people are proposing.
I found this particularly telling;
... an i-name can be viewed as the ultimate SPAM filter, since you will never again need to put your email address on the net
Even assuming for the moment that you could substitute an i-name for an email address, there's no reason to suppose that your i-name wouldn't get just as much spam.
Then there's this;
Over time, you will be able to decide just how much or little information about you that site should obtain.
In other words, this part doesn't work yet.
Personally, I have more trouble preventing my personal data from getting into databases that I don't want it in, than I do getting in to the ones I do. i-names makes that problem worse, not better.
1. Spammers make money by using a disproportionate amount of bandwidth than what they pay for. Stopping spam from entering peoples' inboxes is less than half the problem. 70% or more of all SMTP traffic is UCE and everyone pays for that in higher costs and slower performance regardless of whether they have spam filters in place.
Bandwidth is a problem, but it's the least of our problems. Typical spam is under 10K. Cost to send 10K is under $0.0001 - and the cost is falling. Compare that with the amount of time you spend deleting spam - about 1 second. Even a $1/hour, it costs a lot more to for a human to look at and delete spam than for the computer to receive it.
Spam read by the human is closer to 90% of the problem.
2. The majority of the anti-spam solutions (with the exception of RBLs) including the one related to this article, require extra time, bandwidth and resources on the part of innocent networks to deal with the spam problem. This is a step backwards.
Once again, bandwidth is not the only cost, nor is it the major cost. However, there is a large human-time cost for any spam solution, including RBLs. RBLs aren't a fire-and-forget solution.
If you want to stop spammers you have to stop them from stealing bandwidth. To date, the ONLY effective solution thus far has been relay blacklisting. This has several added benefits including: stopping propagating of worms/viruses, and forcing ISPs to police the illegal activities of their users and shut down nodes which are spamming through their network.
RBLs are not the only effective method. Greylisting for example, reduces bandwidth costs, and blocks 85-95% of all spam. In fact, greylisting has fewer false positives and fewer false negatives than any RBL I've ever tested. Which includes almost every RBL mentioned at http://www.declude.com/Articles.asp?ID=97
And I'll point out that the system described in the fine article can reduce bandwidth too. 70% of all senders would be rejected before the data stage, a very small challenge sent, and better than 99% would never be heard from again. So instead of receiving a 5K spam, you send a 1K message - a net reduction.
As an ISP, I have no interest in yet another costly anti-spam solution that I have to install that doesn't address the larger issue of the tons of bandwidth spammers waste on my network and every one in between. This system wastes even more resources by attempting to verify the source of every e-mail in an even more detailed manner than before, so the end result is: more computing resources needed, more bandwidth needed and slower mail service.
Actually there is no problem: A company can easily determine how many click-throughs from Google eventually lead to sales, and thus assign a dollar value to their presence in Google. Now they divide this total value by the number of click-throughs reported by Google (even if said number is totally bogus) and that is exactly what they bid for in adwords.
That's only true if the behavior of the market isn't changing, and isn't influenced by your actions.
If bogus click-throughs are on the rise, then last month's value isn't a good predictor of this month's value. Scams tend to rise exponentially until something is done about them. The value therefore rapidily approaches zero.
Using a DDOS on spammers is kind of like sending an arsonist to burn down the house of a murderer...
You could make an analogy to hangin' an accused horse thief without a trial, but there's a significant difference. Instead of ending up dead, the accused has a higher than normal bandwidth bill. A few thousand bucks, tops. If Lycos picks an innocent victim, they could make reparation.
There needs to be a clearcut distinction made between good guys and bad guys in the wiretapping statues. If keystroke logging isn't wiretapping, maybe this opens a whole can of worms whereby spyware becomes legal.
If? Two judges agree it's not wiretapping.
Frankly, I'm more concerned by your assumption that there's a clearcut distintion between "good guys" and "bad guys". If the "good guys" think obeying the fourth amendment is a problem, then in my book, they're no longer good guys.
-- should you belileve authority without question?
If you limit the current flowing to an LED, it will dim in much the same way an incandecent does. Even those cheap dimmer switches you use for incandesant bulbs will work. And there's no theoretical reason an LED "light bulb" couldn't be shaped like anything.
It's been a while, but I think most of the numbers are still correct;
Lumens/Watt Light Source 100-190 low pressure Sodium (HID)
(150 90W low pressure sodium lamp, clear) 50-150 High pressure Sodium (HID)
(115 1000W dual arc-tube high pressure sodium lamp, clear) 100 Sylvania 18 watt low pressure sodium 84 32W, 48" MOL, T8 OCTRON fluorescent lamp, 60-65 standard F40T12 cool white fluorescent 64 250W mogul based metal halide lamp, clear 60 150W single ended compact metal halide lamp 48-60 compact fluorescents 45-55 Super bright Red/Orange LED 35-45 Super bright Green LED 17.5 Tungsten Halogen Single-End SUPER-Q Frosted Finish D.C. Bay 100Watt 17.5 100W Incandescent A19 Bulb, softwhite 14.5 60W Incandescent A19 Bulb, softwhite (standard bulb) 6 incandescent night light bulb (7w) 6w incandescent flashlight bulbs
For normal home lighting T8 fluorescents are probably your best bet today. LEDs are good when you're want colored light, when you want a small amount of light, or when the cost/hassle of replacing the bulb is the major factor.
Cree recently announced a 75 lumens per watt white LED, but AFAIK they aren't available in quantity yet. There's a lot of hope for the future of LEDs, but they're still a few years off.
LED's are definately the way to go, but the price still needs to come down quite a bit. People ask me if I used LED's for my Christmas Lights since when you have 22,000 of 'em (as I did in 2002), that's a lotta electricity. So while there are some GREAT looking LED Christmas Lights (with all the obvious advantages - and don't forget the color stays fairly permanent unlike painted on mini's), they are still really pricey... especially when I can buy lights after the Holidays at 75% off.
If you run lights 12 hours a day for a month (roughly what you'd expect for chirstmas lights) a "normal" 100 light strip burns about $2 worth of electricity. A 100 foreverbright strip burns about 1/10 of that, so in 10 years it pays for itself, even if you get "normal" strips for free.
LED christmas lights are a long term investment, but they are price competitive.
And for every part other than the Republicans and Democrats and the larger of the third parties who don't have mulit million dollars to spend can get a recount how?
Recounts aren't that expensive. If you can muster 1% of the vote, then you can certainly afford to pay for recount.
But... If the paper audit differs significantly from the electronic count, then the cost should be refunded. (If it were up to me, the company that sold us the voting machine would have to pay in that case, but probably it's the tax payer who gets stuck with the bill.)
Hopefully, a few random precincts are audited regardless, just to verify the accuracy of the method.
And how about mechanical voting machines? Are those audited? Especially those in New York City where there have been many reports over many elections that conservative votes seem to either not register, or jam up the machine invalidating a voter's entire ballot.
Those should have paper trails too.
What I don't like about paper audit trails in electronic voting machines is that everyone thinks they should be printed out in real time, like a cash register receipt at the grocery store as each item (voter) goes past. That makes it rather simple to match up voters to their votes if someone wished, and remove all the protections of the secret ballot process.
The most common method I've seen suggested is this; Each machine prints out an audit slip which the voter is allowed to examine, and then the voter drops it the audit box.
How exactly were you planning on matching the audit slips to the voters?
And I do find it curious that voting machines are only being questioned in states that Republicans have won.
It's human nature to only question things when they turn out they way you don't want. That means the democrats only question the republican's victories, and the republicans only question the democrat's victories.
But most of slashdot has been questioning the Diebold voting machines in general, not any election in particular.
Given that the votes are challeneged and recounted every time, there is no point to going electronic at all.
When I withdrawn a large sum of money from the bank, the teller counts it, then gets a second teller to count it, then they both initial the withdrawl slip.
Since they always get a second teller to count, does that mean that the first count is unnecessary?
I favor electronic counts and paper audits. If there's a large discrepancy between the two methods, then you investigate everything.
If paying for an audit count is a problem, then make the party asking for it pay for it.
Takes about 1 second to delete a spam. 1 year is about 30 million seconds. So one year of jail for every 30 million spams sent isn't out of proportion.
I'll bet he sent a lot more than 9 years worth.
An eye for an eye and a tooth for tooth is the fastest way to an eyeless toothless world. But if we don't stop the people who are poking out eyes and teeth, then that too leads to an eyeless toothless world.
/* devil's advocate */ What happens when someone brings extra, forged cards with them and slips them into the audit box? Is there a simple way to make sure that there is only one card / voter without attatching reversable, unique IDs to each card (and therefore each voter)?
If the machine count and the ballot count don't match, then you know you've got a problem. Since voters sign their name when they vote, you could narrow it down to extra cards (as opposed to the machine miss-counting). In such a case, I'd trust the machine count more than the cards. And I'd want a lot of extra workers at that polling station in the next election. (someone wasn't paying attention to the audit box.) If you were serious about it, you could dust the cards for finger prints.
I think it's a mistake to think that the audit cards are somehow more trustworthy than the machine count. They're different. They make it so that in order to defraud the election undetectably, you need to gimmick both. If the counts match, we have a lot more confidence that the results are correct.
Cards numbered in a knowable sequence could be compared with the time that people vote to figure out how everybody voted. But you could use a unique number in an unknowable sequence. (Like a shuffled deck of cards) Since that's essentially free, I don't see any reason not to do it. And while we're at it, print the same random number on each card, chosen when the polls open. That way if you're going to print up extra cards, you'll at least need to see a real one first so you can't print them in advance. Again, it doesn't stop everything, but it's free so why not.
You're missing the point. Why on earth are we NOT required to show photo ID?
Seems to me he didn't miss the point at all.
You aren't required to show you're ID, because you aren't required to have one. If you had to have one to vote, then anyone who didn't have an ID wouldn't get to vote.
Is this a likely attack vector? No. Because if you vote as someone else, then when they vote, it becomes obvious that something strange is going on. To do this undetected you need to know who didn't vote, which means you have the assistance of a poll worker. But if you had the assistance of a poll worker, then they could just as easily claim to have seen your ID too.
The best solution isn't proof of identity, it's an out of band confirmation of the vote. Post the times everyone voted, and do some random crosschecking. (Knock on their doors and ask them if they voted)
Though, someone raised a valid concern in a previous slashdot story: if we have so little faith in our ability to oversee, manage, and use e-voting systems, what's to stop any number of groups from demanding paper recounts in almost every jurisdiction, every time.
If we have no faith in the method, then the method should be scraped. If a small percentage has no faith in the fairness of the method, then we should be looking for a better method.
When one side loses, they should be thinking "it's a fair cop" not "I wonder if the election was tampered with." The question of election tampering shouldn't even be entering into their minds. It should be so unlikely and difficult that even a well organized political organization is incapable of it.
A few simply things go a long way toward that goal; A vote summary, printed on a card and dropped into an audit box at the polls. When the polls close, print a summary at each polling station and drop it in the audit box, post it conspicuously in addition to modeming/email or hand delivering it to the main counting station.
Your guy lost. Your reported anomilies aren't going to change that. Get over it.
No.
All anonmilies should be investigated, even the ones that don't have a chance of changing the outcome. If cheating is going on, then it should be stopped. No exceptions. Even if it's just stupidity and not malice, it should be stopped.
Any compiled language... Unlike interpreted languages...
No.
There is no fundamental difference between compiled and interpreted code. Compiled languages will frequently let you do what you want (good or bad) whereas many interpreted languages will not (good or bad). But it's not compiling that makes the languages different, it's the language design. You could write a C interpreter and it would be just as insecure as compiled C.
We walk into a grocery store and usually buy stuff instead of stuffing it in our pockets and running. We know it's wrong to leave without paying.
Why do votes need uber security check technology? Whatever happened to scrutiny by peers?
I find it strange that anyone would argue against making it harder to cheat.
Whenever I withdraw over $2000 in cash, the teller calls over another teller to recount the bills. The bank knows that double checking the count is a good idea.
Adding a paper trail to an election isn't an "uber security check". It's a simple, easy to add process that allows for verification of accuracy.
... solar energy varies throughout the year and according to latitude...
What I've been looking for is an indicator of the square-footage of solar cells required, daylight hours and latitude to produce 'x' watts of power, but everyone seems to vary their estimates.
Well estimates vary, because solar energy varies throughout the year and according to latitude.
The amount of energy from sunlight is approximately 1Kilowatt per square meter, or about 100 watts per square foot.
Assume 10% conversion, - 10 watts per square foot.
Multiply by how often the sun shines in your area, (night, clouds, mountain shadows, latitude...) say 3 watts per square foot. Or if you prefer ranges, 1.5 - 6 watts per square foot. (Unless you live inside the artic or antartic circles)
Even at 1.5 watts per square foot, the entire electrical needs of a house can be met with just 1/2 the roof. I.e. if you covered the back half of your roof with solar cells you'd get enough electricity to power your house.
Of course, it's currently more expensive to do that than to hook up to the grid.
In the prototype stage at the moment. The production systems should compete very favourably in cost terms with photovoltaic cells.
At $5000 / kilowatt it would have to run without maintenance for over 20 years to be cost competitive with solar cells. (Solar cells are currently $2500 / kilowatt.)
STMicroelectronics claims there's going to have $0.20 / watt solar cells "real soon now", http://slashdot.org/article.pl?sid=03/10/02/155215 I doubt $0.20, but a $1/watt photovoltaic seems likely in the next few years. A $1/watt Stirling engine doesn't.
I know it seems low - downloadanime.org claims over 300 Terabytes and it's just one of the thousands of public bit torrent sites. But remember, those are just the numbers for Kazaa, only a fraction of all the P2P traffic.
Slashdot Mirror
I found this particularly telling;
Even assuming for the moment that you could substitute an i-name for an email address, there's no reason to suppose that your i-name wouldn't get just as much spam.
Then there's this;
In other words, this part doesn't work yet.
Personally, I have more trouble preventing my personal data from getting into databases that I don't want it in,
than I do getting in to the ones I do.
i-names makes that problem worse, not better.
-- should you believe authority without question?
Bandwidth is a problem, but it's the least of our problems.
Typical spam is under 10K.
Cost to send 10K is under $0.0001 - and the cost is falling.
Compare that with the amount of time you spend deleting spam - about 1 second.
Even a $1/hour, it costs a lot more to for a human to look at and delete spam than for the computer to receive it.
Spam read by the human is closer to 90% of the problem.
Once again, bandwidth is not the only cost, nor is it the major cost.
However, there is a large human-time cost for any spam solution, including RBLs.
RBLs aren't a fire-and-forget solution.
RBLs are not the only effective method.
Greylisting for example, reduces bandwidth costs, and blocks 85-95% of all spam.
In fact, greylisting has fewer false positives and fewer false negatives than any RBL I've ever tested.
Which includes almost every RBL mentioned at http://www.declude.com/Articles.asp?ID=97
And I'll point out that the system described in the fine article can reduce bandwidth too.
70% of all senders would be rejected before the data stage, a very small challenge sent, and better than 99% would never be heard from again.
So instead of receiving a 5K spam, you send a 1K message - a net reduction.
I encourage my competitors to agree with you.
-- Should you belive authority without question?
That's only true if the behavior of the market isn't changing, and isn't influenced by your actions.
If bogus click-throughs are on the rise, then last month's value isn't a good predictor of this month's value.
Scams tend to rise exponentially until something is done about them.
The value therefore rapidily approaches zero.
-- Should you trust authority without question?
You could make an analogy to hangin' an accused horse thief without a trial, but there's a significant difference.
Instead of ending up dead, the accused has a higher than normal bandwidth bill.
A few thousand bucks, tops.
If Lycos picks an innocent victim, they could make reparation.
-- should you believe authority without question?
Jesus Christ?
Who would vote for an anti-war activist and convicted felon?
If?
Two judges agree it's not wiretapping.
Frankly, I'm more concerned by your assumption that there's a clearcut distintion between "good guys" and "bad guys".
If the "good guys" think obeying the fourth amendment is a problem, then in my book, they're no longer good guys.
-- should you belileve authority without question?
If you limit the current flowing to an LED, it will dim in much the same way an incandecent does.
Even those cheap dimmer switches you use for incandesant bulbs will work.
And there's no theoretical reason an LED "light bulb" couldn't be shaped like anything.
Maybe you're thinking of Compact Flourescents?
It's been a while, but I think most of the numbers are still correct;
Lumens/Watt Light Source
100-190 low pressure Sodium (HID)
(150 90W low pressure sodium lamp, clear)
50-150 High pressure Sodium (HID)
(115 1000W dual arc-tube high pressure sodium lamp, clear)
100 Sylvania 18 watt low pressure sodium
84 32W, 48" MOL, T8 OCTRON fluorescent lamp,
60-65 standard F40T12 cool white fluorescent
64 250W mogul based metal halide lamp, clear
60 150W single ended compact metal halide lamp
48-60 compact fluorescents
45-55 Super bright Red/Orange LED
35-45 Super bright Green LED
17.5 Tungsten Halogen Single-End SUPER-Q Frosted Finish D.C. Bay 100Watt
17.5 100W Incandescent A19 Bulb, softwhite
14.5 60W Incandescent A19 Bulb, softwhite (standard bulb)
6 incandescent night light bulb (7w)
6w incandescent flashlight bulbs
For normal home lighting T8 fluorescents are probably your best bet today.
LEDs are good when you're want colored light, when you want a small amount of light, or when the cost/hassle of replacing the bulb is the major factor.
Cree recently announced a 75 lumens per watt white LED, but AFAIK they aren't available in quantity yet.
There's a lot of hope for the future of LEDs, but they're still a few years off.
-- should you believe authority without question?
You can buy a 100 light foreverbrite strip for under $20US (available online at http://www.brite-lite.com/Products/LEDchristmas.h
If you run lights 12 hours a day for a month (roughly what you'd expect for chirstmas lights) a "normal" 100 light strip burns about $2 worth of electricity.
A 100 foreverbright strip burns about 1/10 of that, so in 10 years it pays for itself, even if you get "normal" strips for free.
LED christmas lights are a long term investment, but they are price competitive.
Flood lights are a different story.
-- should you believe authority without question?
Recounts aren't that expensive.
If you can muster 1% of the vote, then you can certainly afford to pay for recount.
But... If the paper audit differs significantly from the electronic count, then the cost should be refunded.
(If it were up to me, the company that sold us the voting machine would have to pay in that case, but probably it's the tax payer who gets stuck with the bill.)
Hopefully, a few random precincts are audited regardless, just to verify the accuracy of the method.
-- should you believe authority without question?
Those should have paper trails too.
The most common method I've seen suggested is this;
Each machine prints out an audit slip which the voter is allowed to examine, and then the voter drops it the audit box.
How exactly were you planning on matching the audit slips to the voters?
It's human nature to only question things when they turn out they way you don't want.
That means the democrats only question the republican's victories, and the republicans only question the democrat's victories.
But most of slashdot has been questioning the Diebold voting machines in general, not any election in particular.
-- should you believe authority without question?
When I withdrawn a large sum of money from the bank, the teller counts it, then gets a second teller to count it, then they both initial the withdrawl slip.
Since they always get a second teller to count, does that mean that the first count is unnecessary?
I favor electronic counts and paper audits.
If there's a large discrepancy between the two methods, then you investigate everything.
If paying for an audit count is a problem, then make the party asking for it pay for it.
So, what, we call it a fluffy bunny instead?
Do you really think there would be less opposition if it was called a "Waste Energy Recycling Plant"?
Is this really out of proportion?
Takes about 1 second to delete a spam.
1 year is about 30 million seconds.
So one year of jail for every 30 million spams sent isn't out of proportion.
I'll bet he sent a lot more than 9 years worth.
An eye for an eye and a tooth for tooth is the fastest way to an eyeless toothless world.
But if we don't stop the people who are poking out eyes and teeth, then that too leads to an eyeless toothless world.
If the machine count and the ballot count don't match, then you know you've got a problem.
Since voters sign their name when they vote, you could narrow it down to extra cards (as opposed to the machine miss-counting).
In such a case, I'd trust the machine count more than the cards.
And I'd want a lot of extra workers at that polling station in the next election.
(someone wasn't paying attention to the audit box.)
If you were serious about it, you could dust the cards for finger prints.
I think it's a mistake to think that the audit cards are somehow more trustworthy than the machine count.
They're different.
They make it so that in order to defraud the election undetectably, you need to gimmick both.
If the counts match, we have a lot more confidence that the results are correct.
Cards numbered in a knowable sequence could be compared with the time that people vote to figure out how everybody voted.
But you could use a unique number in an unknowable sequence.
(Like a shuffled deck of cards)
Since that's essentially free, I don't see any reason not to do it.
And while we're at it, print the same random number on each card, chosen when the polls open.
That way if you're going to print up extra cards, you'll at least need to see a real one first so you can't print them in advance.
Again, it doesn't stop everything, but it's free so why not.
-- should you believe authority without question?
Seems to me he didn't miss the point at all.
You aren't required to show you're ID, because you aren't required to have one.
If you had to have one to vote, then anyone who didn't have an ID wouldn't get to vote.
Is this a likely attack vector?
No. Because if you vote as someone else, then when they vote, it becomes obvious that something strange is going on.
To do this undetected you need to know who didn't vote, which means you have the assistance of a poll worker.
But if you had the assistance of a poll worker, then they could just as easily claim to have seen your ID too.
The best solution isn't proof of identity, it's an out of band confirmation of the vote.
Post the times everyone voted, and do some random crosschecking.
(Knock on their doors and ask them if they voted)
-- should you believe authority without question?
If we have no faith in the method, then the method should be scraped.
If a small percentage has no faith in the fairness of the method, then we should be looking for a better method.
When one side loses, they should be thinking "it's a fair cop" not "I wonder if the election was tampered with."
The question of election tampering shouldn't even be entering into their minds.
It should be so unlikely and difficult that even a well organized political organization is incapable of it.
A few simply things go a long way toward that goal;
A vote summary, printed on a card and dropped into an audit box at the polls.
When the polls close, print a summary at each polling station and drop it in the audit box, post it conspicuously in addition to modeming/email or hand delivering it to the main counting station.
-- should you believe authority without question?
No.
All anonmilies should be investigated, even the ones that don't have a chance of changing the outcome.
If cheating is going on, then it should be stopped. No exceptions.
Even if it's just stupidity and not malice, it should be stopped.
-- should you believe authority without question?
No.
There is no fundamental difference between compiled and interpreted code.
Compiled languages will frequently let you do what you want (good or bad) whereas many interpreted languages will not (good or bad).
But it's not compiling that makes the languages different, it's the language design.
You could write a C interpreter and it would be just as insecure as compiled C.
-- should you believe authority without question?
I find it strange that anyone would argue against making it harder to cheat.
Whenever I withdraw over $2000 in cash, the teller calls over another teller to recount the bills.
The bank knows that double checking the count is a good idea.
Adding a paper trail to an election isn't an "uber security check".
It's a simple, easy to add process that allows for verification of accuracy.
-- should you believe authority without question?
geothermal?
tidal?
No, the prices listed are guesses, and likely to be optimistic.
Buying an actual protype would cost considerably more.
-- should you believe authority without question?
Well estimates vary, because solar energy varies throughout the year and according to latitude.
The amount of energy from sunlight is approximately 1Kilowatt per square meter,
or about 100 watts per square foot.
Assume 10% conversion, - 10 watts per square foot.
Multiply by how often the sun shines in your area, (night, clouds, mountain shadows, latitude
Or if you prefer ranges, 1.5 - 6 watts per square foot. (Unless you live inside the artic or antartic circles)
Even at 1.5 watts per square foot, the entire electrical needs of a house can be met with just 1/2 the roof.
I.e. if you covered the back half of your roof with solar cells you'd get enough electricity to power your house.
Of course, it's currently more expensive to do that than to hook up to the grid.
-- should you believe authority without question?
At $5000 / kilowatt it would have to run without maintenance for over 20 years to be cost competitive with solar cells.
(Solar cells are currently $2500 / kilowatt.)
STMicroelectronics claims there's going to have $0.20 / watt solar cells "real soon now", http://slashdot.org/article.pl?sid=03/10/02/15521
I doubt $0.20, but a $1/watt photovoltaic seems likely in the next few years.
A $1/watt Stirling engine doesn't.
-- should you believe authority without question?
I know it seems low - downloadanime.org claims over 300 Terabytes and it's just one of the thousands of public bit torrent sites.
But remember, those are just the numbers for Kazaa, only a fraction of all the P2P traffic.
-- should you believe authority without question?