I've found a ton of new bands that I love, and after discovering them, I've often purchased their music,
See, there's the problem. You finding new bands dilutes the revenue stream of the big players in the music industry. Web radio reduces the value of payola, distribution control and marketing. It reduces the artists dependency on crap contracts, and gives them a larger chance of succeeding on merits.
The very flexibility and customer use of web radio is what pits it against the industry interest; it allows people to build their own taste instead of having it built for them.
That I have to be ashamed of my vote... is bothersome to me.
There is also the issue of complicity. You are, in a way, morally responsible for their actions, what they do with the power you've been part of giving them.
I don't like McCain
Then don't vote for him. Sure, the other guy may win, but at least his actions wont be your fault.
In the end the US needs to get rid of the winner-takes-all system and replace it with proportional representation if you ever want to vote 'for' something and have a reasonable change of actually getting represented, but considering how much easier it is for lobbyists if they just have to pay off two politicians it's not likely to happen.
This has nothing to do with the international community.
If you follow the links in TFA, here's the deal: The US has trade restrictions preventing the purchase of materials from countries that sell missile or nuclear technology to The AXIS of EVIL. Russia trades with some of them. Ergo, the US will prevent itself from purchasing Soyuz access from Russia.
Some old saying about cutting off the nose to spite the face comes to mind.
It's quite interesting sometimes to read the "Have Your Say"
I have to agree. I saw one interesting reference to 'Operation Storm', and reading up on that on Wikipedia it's easy to draw parallels and understand the rather severe Russian reaction.
There's a load of history here, and frankly there's a stink coming from a whole host of interests outside the most obvious parties.
Depending on the specifics of what this guy's dealing with,
Depending on the specifics of what you use to clean your oven, polish your silverware, wash your car or your bathroom and the jurisdiction you're in, you may be subject to rules regarding your disposal of such waste chemicals.
Perhaps raiding houses with shiny silverware and bleached tablecloth would be in order?
Disposal rules are not limited to chemists, and I'd assume (perhaps naively) that a practicing chemist would be more aware of how to handle his waste than the average user of various hazardous and toxic household chemicals.
I generally don't trust the CA's further than I can throw them. Who do you figure is trustworthy enough to handle it for DNS? Who could be regarded as trustworthy, no matter who in the world you ask? There seems to be some administrative problems with handing the keys to Mother Theresa.
hundreds of trust anchors
Having trust anchors at all is the problem. You need to verify against several independent sources, preferably sources you have some reason to trust, to avoid single points of corruption.
Designing a system based on a single point not failing is simply bad engineering. You design with the expectancy that individual points _will_ fail, but minimizing the consequence of the failure of any such points.
secure network database
It's spelled _in_secure.
I certainly see the possibilities for what you want to be talking about. DNSSEC isn't it.
and people are still questioning whether DNSSEC is a good idea.
Ok, here's a hint. If you've failed to convince people that DNSSEC is a good idea after this many years, and with the current (and, many would argue, since a long time ongoing) DNS situation, it should really, I mean, _REALLY_ tell you something. Maybe the problem is in the actual idea.
It's not like it's hard to come up with a list of options to improve and design a naming system to be redundant, fault tolerant, intervention tolerant and secure, yet there's an apparent fixation of going with a system that has obvious flaws. Numerous suggestions to fix the flaws that made the latest round of problems obvious have been made in the past, yet the push continues.
Why not actually sit down and redesign in a distributed way that would be acceptable to all parties? I mean, how bad does it have to get? DNSSEC gets bogged down in political and paranoid issues because DNSSEC has political issues designed into its core. It caters to the paranoid by ensuring there is plenty of opportunity to make paranoids right.
When you reach insurmountable political issues you design around them. Maybe they'll go away in some utopian future when we'll have utterly secure trust anchors in the hands of incorruptible angels, but until then we could do well with a system that doesn't require unobtainable dreams to work.
but the right way to solve this problem is by improving the protocol itself.
Which, if one reads various proposals to do just that, appears to be hampered by the group that thinks we should let the old DNS protocol be crap until people adopt, tada, DNSSEC.
But preferably, it means moving to a cryptographically-strong domain name system such as DNSSEC.
I'm fine with DNSSEC. As long as I get to have the root keys, m'kay?
In the end, I think the trust issue is the killer and final showstopper for DNSSEC. Until DNSSEC is reengineered to solve the political issues in ways palatable to all parties (ie, scrap the third party hierarchial trust) I doubt it will get as widely deployed as would be necessary.
Meanwhile, adding a much larger transaction ID would make things safer and leave more time for fixing DNSSEC.
if they have a signed certificate for that domain name
Or if they can control the domain name. In which case they can obtain the certificate in question. And many more ISPs do DNS than do CA.
It would probably work better if there was a single, well-known, trusted entity
Or multiple such entities that keep redundant information so an attack would have to compromise several parties to achieve a fully trusted forgery.
The current system does leave it open to silent tampering.
Yep, and that's the main reason I don't consider it trustworthy; the ability for a third party to allow silent corruption of the channel encryption makes it worse than various two party or distributed systems.
And with a trusted certificate anyone able to get a CA to sign a certificate can still do the same thing without either party noticing. Which still leaves us with no way to secure the link. The entities with the most capability to engage in MITM attacks, wiretapping, etc, ie, governments, ISP's, etc, are to a large extent capable of inserting themselves into, and corrupting, the verifications process leaving the 'trust' aspect protecting against, eh, exactly who? Phishers? They'll just pick the low-hanging fruit by registering (and getting signed certificates for!) c1t1b4nk.com and figure the idiots they're after wont notice the odd looking letters anyway (the key is there and it looks _trusted!_).
So with little actual extra security offered by ssl either with or without CA signed certificates there is little reason to differentiate between the two to such an extent.
There may be other ways to have a signed certificate system, and that is where you should be looking.
And other ways to initiate trust between two parties; ssh does it in a fairly good way, most often it's more relevant to know you're talking to the _same_ entity you were last time rather than knowing you're talking someone that someone else thinks is the one you should be talking to.
You now have the illusion of security and encryption which some would consider worse than no encryption at all.
And the current state of CA's make things different how? Besides the social engineering aspects, I'd be hard pressed to come up with a government TLA I don't think could obtain signed cert for basically whatever they want.
And if you are compromising the CA and running an MITM there wouldn't even be a complaint about different keys; even worse than the self-signed situation.
Trusting a CA today just means you're compromising your limited trust relationship by adding an untrusted third party.
Frankly I'd rather see an ssh type exchange-keys-on-first-meeting and build trust from there; connect to a new site and you get the choice to add the domain CA. For important things like banks you could get it via physical mail. Even better would be web-of-trust type security, and/or/complemented with having multiple independent CA's sign off on a certificate, at least allowing levels of trust and fewer single points of failure.
I do find it rather fascinating how many appear to be fine with trusting corporations like the CA's and anyone willing and able to apply pressure to them. Basically the structure encourages something that's not much different from the various "if you want to encrypt anything you need to hand the government your keys" schemes that have been suggested.
I don't look to commercial corporations to be philanthropists.
It's not the purpose of corporations to be philanthropists. In fact, a corporation that can actually afford to be philanthropist is unlikely to be engaged in free market capitalism.
The theory of free market capitalism has it that competition with the incentive of possible profit will enhance the efficiency of production so that everyone benefits from lower costs for more value. Most corporations are not interested in that; increasing efficiency is hard. It's often easier to affect the other side of the equation; decrease competition. Buy the competition, lobby for more protection, raise switching costs, tie products, use loss-leaders, etc. Gates is the posterboy for such corporate monopolism; anticompetetive behaviour that keeps the price of things out of the hands of exactly the people he claims to want to help.
So, give Gates a break.
I see no indication that Gates has changed. He's still not interested in competitive free markets; he's got his fingers deep in the patent pot, something that's actively preventing cheap medicines in many countries.
Sure, he's found a new mission in whitewashing now, but his actions suggest it's the same old Gates. Control and profit's the name of the game, wether you're pushing software or image.
What platforms did you test, and with what virtualized OS's? I've run some fairly comprehensive tests, but comparing ESX with paravirtualized Xen, Xen tends to perform as well on most benchmarks and significantly better on some (as expected, IO, system related and SMP scaling).
On fully virtual systems ESX is without a doubt the way to go tho.
don't give a flying f**k about the rights of the big bad scary publishers.
Indeed. That's why the big scary publishers use the creators as the excuse. But you don't have to do a particularly thorough analysis of the revenue flow or power balance to draw conclusions about who is the primary benefactor. When only a miniscule amount of the revenue generated ends up with the intended recipient the purpose is obviously something else.
How do you damage creativity exactly?
Monetizing the whole chain extends influence over the creative process to outside parties; while not necessarily damaging in itself, as the distributive chains control and keep the produced works limited to best sales, it becomes part of the incentive, not to create 'new works', but to repeat formulaic successes.
But tell me, are we really going to miss all those create works with tiny portions of the work altered?
Ask Hollywood? You have the comic hero trend, you have things like 'beowulf' (not one, but two major productions recently), you have a horde of remakes. Nowadays, when you type a movie you think is new into IMDB you're as likely as not to notice it's a remake of the 90's version which was a remake of a french 70's version which was a remake of a 30's...
We can criticize the lack of new, and I'd love to join you, but the fact remains that since the beginnings of oral tradition, creative works have been largely the repetition of previous works.
artists trying to find a meal ticket want the best chance at a financial break, they will try to please people
The problem isn't artists trying to please people. If that was the extent, that would be fine. However, as copyright protects not only the artists input into the production, but everything from there on, you get mass resources tagged on afterwards. Marketing, payola, production, etc, etc, gets tied into the chain, everything cooperating to maximize exposure for the few works aimed at the lowest common denominator and push everything else out to the sides. The fewer the works the lower the overhead, as long as you maintain the same level of revenue...
In an ideal system, take the fixed amount of spending available from consumers. Divide that over, and distribute to the artists available.
Now take the same fixed amount and take away 90% that disappears in production, marketing and distribution. Take the remaining 10% and distribute to the artists. Combine that with the fact that the artists that in this case no longer get paid get drowned out by the financing of the lowest common denominator.
(Take a look at monopoly pricing theory to understand why it's appropriate to use a fixed available level of funding.)
seem to be taking our rich culture for granted
Apart from the fact that it's not particularly rich, the fact is large parts of it appears to have existed before copyright...
But besides that, can you imagine how much richer the culture would be if the money to a large extent actually went to the artists? Ten times the current input, at worst...
Even if you personally consider the majority to be crap, which not everyone agrees with (obviously, because it sells)
Well, everyone would probably consider the majority to be crap, but most people would have different majorities. The successes lies in that which pisses the fewest off... but like I've said, I have no objection to popularity or lowest common denominator, I object to the extent to which a monopoly system skews the profitability curve towards that end and becomes reinforcing. A system that actually accomplished what you say copyright is good for should probably cut off revenue at a maximum level and spread further revenue downwards the long tail; _maximizing_ creative talent and its funding.
The big labels won't finance that pub-band down the road?
Then again, without the labels raising the barrier to entry, the pub-band wouldn't have to use payola to get on the radio as the DJ's might
The rights of artists to their works came way before the rights of others to trample them.
Copyright has never been about the rights of artists. Since the seventeenth century stationers guild it's been about the right to profit by exploiting the artists and the crowns need to censor and control publication.
Had protecting the rights of authors and artists actually mattered, rather than being used as a thinly disguised excuse to fool the gullible, intellectual 'property' would have been concerned with funneling resources to the actual artists and creators rather than securing monopolies for the holders of the rights.
all the positive effects of copyrights.
There are no positive effects of copyrights. As a whole they damage creativity, slow down creative derivative works, hamper incremental improvement and skew the distribution channels towards creative poverty. More talent and works are marginalized than are aided, helped and spread through the current regime.
Don't get me wrong, there _could_ be positive effects of a system funneling money towards the creators of works and creating a financial incentive for creative work. But intellectual monopoly rights aren't that, nor have they been, nor are they going to be.
the theory goes that if intellectual property can be protected totally, then money will be made in large amounts.
Of course, as intellectual 'property' usually doesn't involve actually making money (unless you're the mint), it's more appropriate to say that protecting intellectual 'property' means more money will be transferred to corporate accounts.
As that money would otherwise have been spent on other things in the economy, it's most likely that the transfer of money into highly wasteful monopolistic corporations result in a net loss of jobs for the economy (not to mention a net loss of wealth for the economy as a whole).
The HD is the only piece of the machine standing in the way of silent operation,
Actually there are ways around that; the usual problem is that you attach the HD directly to the chassis, which creates a nice resonance box. Place the HD in a cradle suspended from rubber bands and you can actually make modern disks very silent.
Another alternative is to use diskless clients booted via PXE and running on iSCSI volumes.
I expect government agencies to have the ability to compel any participant in a PKI system to produce signed keys saying pretty much anything they want. Which is rather where PKI systems fail; as the third parties are not trustworthy they merely add a third party that can be compromised without notice, and which can now control the level of trust between the first two parties.
As, in the first case you mention, there would be no need for an actual database I'll leave it up to the audience to figure out if they're using the statistics in the fair or the meaningless way...
From TFA: 'In a database of fewer than 30,000 profiles, 32 pairs matched at nine or more loci. Three of those pairs were "perfect" matches, identical at 13 out of 13 loci.'
Complete DNA sequences may not match anyway; eventually you get such a good discrimination that you'll start seeing variance within the body.
I'm glad they're finally figuring this out tho; if anything, it makes it obvious exactly how idiotic mass registration of DNA is. The more irrelevant samples you add to the database the less valuable it becomes; eventually most results you'll get will be false matches.
Like I said, a small fraction of sites. Had ssl 'worked' it would be deployed on close to every single site.
When you do a lookup on "example.com" for the first time, how do you check the signature if you don't have the public key?
The first time you connect to a site you have no business trusting it, anymore than the average person trusts people the first time they meet. Transfer the appropriate key then; trust is built over repeat interactions. For the purpose of building trust the interesting part is knowing it's the same entity as it was previously (something that third party CA's ruin, as a corrupt third party can put themselves (or anyone they choose) between you and the entity with which you've built your trust.
And, how do you get the public key in a trustworthy way without a third party?
How do you get it _with_ a third party? You assume the third party is trustworthy; how do you establish that? The ability to jump through hoops and pass an audit simply doesn't engender much trust.
There are ways; one is a web of trust/multi point trust structure. Designating multiple trust levels to multiple trust holders is one way. If several third parties have to verify it at least decreases the impact of compromised or subverted CA's.
With your Amazon example, that's a prefect case for first-meeting key distribution.
For other situations, such as banks, you'd most likely prefer to actually get the key from the bank via mail or on a smartcard.
Any secure DNS system that doesn't allow you to find that domain securely without any extra work on your part just isn't a viable solution.
And any secure DNS system that requires you to trust third parties simply isn't secure. So we get the current situation where DNSSEC just isn't a solution.
Why? Chairmakers don't receive compensations for as long as people are enjoying their chairs. Builders don't receive compensation for as long as people enjoy their houses.
How about this; people get paid for working, and the state interfering in the market to create monopolies favouring certain classes of work is a particularly bad idea.
If you want to argue for why certain groups need extra support, be intellectually honest and handle it as an ordinary welfare system. If you think creative work is particularly heavy and dangerous, or particularly valuable to society, perhaps they should get a lower retirement age? Argue the case and fund it through ordinary state budgets, not hidden away in the uncounted taxation of intellectual monopoly rights.
Actually, I'd say exactly the opposite. SSL is used only on a fraction of the net, and in many cases, for many uses, self-signed certificates are as trustworthy as the CA's. Overall, I'd say that's not working.
Imagine if you had to buy a cert for ssh; we'd still be using telnet...
a lot of the reason it works is because of the money
A lot of the reason it doesn't work is because of the money. The CA's maximize their profit by taking money and _not_ doing any checking. They have no financial incentive to do what they're supposed to do; they become untrustworthy by default.
Making money and being able to pay for a certificate isn't any foundation for trust either; scammers make money too...
For any system to work and get widely deployed it has to be built on end-to-end, without a third party, trust. Each site has to be in control of their own keys and not dependent on someone elses good will and business.
Slashdot Mirror
I've found a ton of new bands that I love, and after discovering them, I've often purchased their music,
See, there's the problem. You finding new bands dilutes the revenue stream of the big players in the music industry. Web radio reduces the value of payola, distribution control and marketing. It reduces the artists dependency on crap contracts, and gives them a larger chance of succeeding on merits.
The very flexibility and customer use of web radio is what pits it against the industry interest; it allows people to build their own taste instead of having it built for them.
That I have to be ashamed of my vote ... is bothersome to me.
There is also the issue of complicity. You are, in a way, morally responsible for their actions, what they do with the power you've been part of giving them.
I don't like McCain
Then don't vote for him. Sure, the other guy may win, but at least his actions wont be your fault.
In the end the US needs to get rid of the winner-takes-all system and replace it with proportional representation if you ever want to vote 'for' something and have a reasonable change of actually getting represented, but considering how much easier it is for lobbyists if they just have to pay off two politicians it's not likely to happen.
This has nothing to do with the international community.
If you follow the links in TFA, here's the deal: The US has trade restrictions preventing the purchase of materials from countries that sell missile or nuclear technology to The AXIS of EVIL. Russia trades with some of them. Ergo, the US will prevent itself from purchasing Soyuz access from Russia.
Some old saying about cutting off the nose to spite the face comes to mind.
It's quite interesting sometimes to read the "Have Your Say"
I have to agree. I saw one interesting reference to 'Operation Storm', and reading up on that on Wikipedia it's easy to draw parallels and understand the rather severe Russian reaction.
There's a load of history here, and frankly there's a stink coming from a whole host of interests outside the most obvious parties.
Depending on the specifics of what this guy's dealing with,
Depending on the specifics of what you use to clean your oven, polish your silverware, wash your car or your bathroom and the jurisdiction you're in, you may be subject to rules regarding your disposal of such waste chemicals.
Perhaps raiding houses with shiny silverware and bleached tablecloth would be in order?
Disposal rules are not limited to chemists, and I'd assume (perhaps naively) that a practicing chemist would be more aware of how to handle his waste than the average user of various hazardous and toxic household chemicals.
who are really not that trustworthy.
I generally don't trust the CA's further than I can throw them. Who do you figure is trustworthy enough to handle it for DNS? Who could be regarded as trustworthy, no matter who in the world you ask? There seems to be some administrative problems with handing the keys to Mother Theresa.
hundreds of trust anchors
Having trust anchors at all is the problem. You need to verify against several independent sources, preferably sources you have some reason to trust, to avoid single points of corruption.
Designing a system based on a single point not failing is simply bad engineering. You design with the expectancy that individual points _will_ fail, but minimizing the consequence of the failure of any such points.
secure network database
It's spelled _in_secure.
I certainly see the possibilities for what you want to be talking about. DNSSEC isn't it.
and people are still questioning whether DNSSEC is a good idea.
Ok, here's a hint. If you've failed to convince people that DNSSEC is a good idea after this many years, and with the current (and, many would argue, since a long time ongoing) DNS situation, it should really, I mean, _REALLY_ tell you something. Maybe the problem is in the actual idea.
It's not like it's hard to come up with a list of options to improve and design a naming system to be redundant, fault tolerant, intervention tolerant and secure, yet there's an apparent fixation of going with a system that has obvious flaws. Numerous suggestions to fix the flaws that made the latest round of problems obvious have been made in the past, yet the push continues.
Why not actually sit down and redesign in a distributed way that would be acceptable to all parties? I mean, how bad does it have to get? DNSSEC gets bogged down in political and paranoid issues because DNSSEC has political issues designed into its core. It caters to the paranoid by ensuring there is plenty of opportunity to make paranoids right.
When you reach insurmountable political issues you design around them. Maybe they'll go away in some utopian future when we'll have utterly secure trust anchors in the hands of incorruptible angels, but until then we could do well with a system that doesn't require unobtainable dreams to work.
but the right way to solve this problem is by improving the protocol itself.
Which, if one reads various proposals to do just that, appears to be hampered by the group that thinks we should let the old DNS protocol be crap until people adopt, tada, DNSSEC.
But preferably, it means moving to a cryptographically-strong domain name system such as DNSSEC.
I'm fine with DNSSEC. As long as I get to have the root keys, m'kay?
In the end, I think the trust issue is the killer and final showstopper for DNSSEC. Until DNSSEC is reengineered to solve the political issues in ways palatable to all parties (ie, scrap the third party hierarchial trust) I doubt it will get as widely deployed as would be necessary.
Meanwhile, adding a much larger transaction ID would make things safer and leave more time for fixing DNSSEC.
if they have a signed certificate for that domain name
Or if they can control the domain name. In which case they can obtain the certificate in question. And many more ISPs do DNS than do CA.
It would probably work better if there was a single, well-known, trusted entity
Or multiple such entities that keep redundant information so an attack would have to compromise several parties to achieve a fully trusted forgery.
The current system does leave it open to silent tampering.
Yep, and that's the main reason I don't consider it trustworthy; the ability for a third party to allow silent corruption of the channel encryption makes it worse than various two party or distributed systems.
First of all, you do not have to hand over your private key to get a certificate.
Of course, but as there's no requirement to have _the_ signed key, only _a_ signed key, anyone who can get a signed key can still mitm.
even if it just happens the first time the user connects to that server.
So don't even prompt the first time, just store the relevant info the first time and prompt if it changes.
In the real world, these problems are solved by liability
And in the real world, the problem of liability is solved by litigation cost barriers, weasel-wording and jurisdictional issues.
I wouldn't assume I could get a dime out of a CA under any circumstance.
the issue is that without a trusted certificate
And with a trusted certificate anyone able to get a CA to sign a certificate can still do the same thing without either party noticing. Which still leaves us with no way to secure the link. The entities with the most capability to engage in MITM attacks, wiretapping, etc, ie, governments, ISP's, etc, are to a large extent capable of inserting themselves into, and corrupting, the verifications process leaving the 'trust' aspect protecting against, eh, exactly who? Phishers? They'll just pick the low-hanging fruit by registering (and getting signed certificates for!) c1t1b4nk.com and figure the idiots they're after wont notice the odd looking letters anyway (the key is there and it looks _trusted!_).
So with little actual extra security offered by ssl either with or without CA signed certificates there is little reason to differentiate between the two to such an extent.
There may be other ways to have a signed certificate system, and that is where you should be looking.
And other ways to initiate trust between two parties; ssh does it in a fairly good way, most often it's more relevant to know you're talking to the _same_ entity you were last time rather than knowing you're talking someone that someone else thinks is the one you should be talking to.
You now have the illusion of security and encryption which some would consider worse than no encryption at all.
And the current state of CA's make things different how? Besides the social engineering aspects, I'd be hard pressed to come up with a government TLA I don't think could obtain signed cert for basically whatever they want.
And if you are compromising the CA and running an MITM there wouldn't even be a complaint about different keys; even worse than the self-signed situation.
Trusting a CA today just means you're compromising your limited trust relationship by adding an untrusted third party.
Frankly I'd rather see an ssh type exchange-keys-on-first-meeting and build trust from there; connect to a new site and you get the choice to add the domain CA. For important things like banks you could get it via physical mail. Even better would be web-of-trust type security, and/or/complemented with having multiple independent CA's sign off on a certificate, at least allowing levels of trust and fewer single points of failure.
I do find it rather fascinating how many appear to be fine with trusting corporations like the CA's and anyone willing and able to apply pressure to them. Basically the structure encourages something that's not much different from the various "if you want to encrypt anything you need to hand the government your keys" schemes that have been suggested.
I don't look to commercial corporations to be philanthropists.
It's not the purpose of corporations to be philanthropists. In fact, a corporation that can actually afford to be philanthropist is unlikely to be engaged in free market capitalism.
The theory of free market capitalism has it that competition with the incentive of possible profit will enhance the efficiency of production so that everyone benefits from lower costs for more value. Most corporations are not interested in that; increasing efficiency is hard. It's often easier to affect the other side of the equation; decrease competition. Buy the competition, lobby for more protection, raise switching costs, tie products, use loss-leaders, etc. Gates is the posterboy for such corporate monopolism; anticompetetive behaviour that keeps the price of things out of the hands of exactly the people he claims to want to help.
So, give Gates a break.
I see no indication that Gates has changed. He's still not interested in competitive free markets; he's got his fingers deep in the patent pot, something that's actively preventing cheap medicines in many countries.
Sure, he's found a new mission in whitewashing now, but his actions suggest it's the same old Gates. Control and profit's the name of the game, wether you're pushing software or image.
And some things are just weird.
Try entering:
svenska
Svenska
into translate.google.com and translate from swedish to english.
Translating swedish to english doesn't quite imply changing the actual meaning from swedish to english.
What platforms did you test, and with what virtualized OS's? I've run some fairly comprehensive tests, but comparing ESX with paravirtualized Xen, Xen tends to perform as well on most benchmarks and significantly better on some (as expected, IO, system related and SMP scaling).
On fully virtual systems ESX is without a doubt the way to go tho.
don't give a flying f**k about the rights of the big bad scary publishers.
Indeed. That's why the big scary publishers use the creators as the excuse. But you don't have to do a particularly thorough analysis of the revenue flow or power balance to draw conclusions about who is the primary benefactor. When only a miniscule amount of the revenue generated ends up with the intended recipient the purpose is obviously something else.
How do you damage creativity exactly?
Monetizing the whole chain extends influence over the creative process to outside parties; while not necessarily damaging in itself, as the distributive chains control and keep the produced works limited to best sales, it becomes part of the incentive, not to create 'new works', but to repeat formulaic successes.
But tell me, are we really going to miss all those create works with tiny portions of the work altered?
Ask Hollywood? You have the comic hero trend, you have things like 'beowulf' (not one, but two major productions recently), you have a horde of remakes. Nowadays, when you type a movie you think is new into IMDB you're as likely as not to notice it's a remake of the 90's version which was a remake of a french 70's version which was a remake of a 30's...
We can criticize the lack of new, and I'd love to join you, but the fact remains that since the beginnings of oral tradition, creative works have been largely the repetition of previous works.
artists trying to find a meal ticket want the best chance at a financial break, they will try to please people
The problem isn't artists trying to please people. If that was the extent, that would be fine. However, as copyright protects not only the artists input into the production, but everything from there on, you get mass resources tagged on afterwards. Marketing, payola, production, etc, etc, gets tied into the chain, everything cooperating to maximize exposure for the few works aimed at the lowest common denominator and push everything else out to the sides. The fewer the works the lower the overhead, as long as you maintain the same level of revenue...
In an ideal system, take the fixed amount of spending available from consumers. Divide that over, and distribute to the artists available.
Now take the same fixed amount and take away 90% that disappears in production, marketing and distribution. Take the remaining 10% and distribute to the artists. Combine that with the fact that the artists that in this case no longer get paid get drowned out by the financing of the lowest common denominator.
(Take a look at monopoly pricing theory to understand why it's appropriate to use a fixed available level of funding.)
seem to be taking our rich culture for granted
Apart from the fact that it's not particularly rich, the fact is large parts of it appears to have existed before copyright...
But besides that, can you imagine how much richer the culture would be if the money to a large extent actually went to the artists? Ten times the current input, at worst...
Even if you personally consider the majority to be crap, which not everyone agrees with (obviously, because it sells)
Well, everyone would probably consider the majority to be crap, but most people would have different majorities. The successes lies in that which pisses the fewest off... but like I've said, I have no objection to popularity or lowest common denominator, I object to the extent to which a monopoly system skews the profitability curve towards that end and becomes reinforcing. A system that actually accomplished what you say copyright is good for should probably cut off revenue at a maximum level and spread further revenue downwards the long tail; _maximizing_ creative talent and its funding.
The big labels won't finance that pub-band down the road?
Then again, without the labels raising the barrier to entry, the pub-band wouldn't have to use payola to get on the radio as the DJ's might
The rights of artists to their works came way before the rights of others to trample them.
Copyright has never been about the rights of artists. Since the seventeenth century stationers guild it's been about the right to profit by exploiting the artists and the crowns need to censor and control publication.
Had protecting the rights of authors and artists actually mattered, rather than being used as a thinly disguised excuse to fool the gullible, intellectual 'property' would have been concerned with funneling resources to the actual artists and creators rather than securing monopolies for the holders of the rights.
all the positive effects of copyrights.
There are no positive effects of copyrights. As a whole they damage creativity, slow down creative derivative works, hamper incremental improvement and skew the distribution channels towards creative poverty. More talent and works are marginalized than are aided, helped and spread through the current regime.
Don't get me wrong, there _could_ be positive effects of a system funneling money towards the creators of works and creating a financial incentive for creative work. But intellectual monopoly rights aren't that, nor have they been, nor are they going to be.
the theory goes that if intellectual property can be protected totally, then money will be made in large amounts.
Of course, as intellectual 'property' usually doesn't involve actually making money (unless you're the mint), it's more appropriate to say that protecting intellectual 'property' means more money will be transferred to corporate accounts.
As that money would otherwise have been spent on other things in the economy, it's most likely that the transfer of money into highly wasteful monopolistic corporations result in a net loss of jobs for the economy (not to mention a net loss of wealth for the economy as a whole).
The HD is the only piece of the machine standing in the way of silent operation,
Actually there are ways around that; the usual problem is that you attach the HD directly to the chassis, which creates a nice resonance box. Place the HD in a cradle suspended from rubber bands and you can actually make modern disks very silent.
Another alternative is to use diskless clients booted via PXE and running on iSCSI volumes.
I expect government agencies to have the ability to compel any participant in a PKI system to produce signed keys saying pretty much anything they want. Which is rather where PKI systems fail; as the third parties are not trustworthy they merely add a third party that can be compromised without notice, and which can now control the level of trust between the first two parties.
As, in the first case you mention, there would be no need for an actual database I'll leave it up to the audience to figure out if they're using the statistics in the fair or the meaningless way...
There has not been a 13-locus match
From TFA:
'In a database of fewer than 30,000 profiles, 32 pairs matched at nine or more loci. Three of those pairs were "perfect" matches, identical at 13 out of 13 loci.'
Complete DNA sequences may not match anyway; eventually you get such a good discrimination that you'll start seeing variance within the body.
I'm glad they're finally figuring this out tho; if anything, it makes it obvious exactly how idiotic mass registration of DNA is. The more irrelevant samples you add to the database the less valuable it becomes; eventually most results you'll get will be false matches.
Amazon, Google, eBay, PayPal,
Like I said, a small fraction of sites. Had ssl 'worked' it would be deployed on close to every single site.
When you do a lookup on "example.com" for the first time, how do you check the signature if you don't have the public key?
The first time you connect to a site you have no business trusting it, anymore than the average person trusts people the first time they meet. Transfer the appropriate key then; trust is built over repeat interactions. For the purpose of building trust the interesting part is knowing it's the same entity as it was previously (something that third party CA's ruin, as a corrupt third party can put themselves (or anyone they choose) between you and the entity with which you've built your trust.
And, how do you get the public key in a trustworthy way without a third party?
How do you get it _with_ a third party? You assume the third party is trustworthy; how do you establish that? The ability to jump through hoops and pass an audit simply doesn't engender much trust.
There are ways; one is a web of trust/multi point trust structure. Designating multiple trust levels to multiple trust holders is one way. If several third parties have to verify it at least decreases the impact of compromised or subverted CA's.
With your Amazon example, that's a prefect case for first-meeting key distribution.
For other situations, such as banks, you'd most likely prefer to actually get the key from the bank via mail or on a smartcard.
Any secure DNS system that doesn't allow you to find that domain securely without any extra work on your part just isn't a viable solution.
And any secure DNS system that requires you to trust third parties simply isn't secure. So we get the current situation where DNSSEC just isn't a solution.
for as long as people are enjoying them
Why? Chairmakers don't receive compensations for as long as people are enjoying their chairs. Builders don't receive compensation for as long as people enjoy their houses.
How about this; people get paid for working, and the state interfering in the market to create monopolies favouring certain classes of work is a particularly bad idea.
If you want to argue for why certain groups need extra support, be intellectually honest and handle it as an ordinary welfare system. If you think creative work is particularly heavy and dangerous, or particularly valuable to society, perhaps they should get a lower retirement age? Argue the case and fund it through ordinary state budgets, not hidden away in the uncounted taxation of intellectual monopoly rights.
but overall it works.
Actually, I'd say exactly the opposite. SSL is used only on a fraction of the net, and in many cases, for many uses, self-signed certificates are as trustworthy as the CA's. Overall, I'd say that's not working.
Imagine if you had to buy a cert for ssh; we'd still be using telnet...
a lot of the reason it works is because of the money
A lot of the reason it doesn't work is because of the money. The CA's maximize their profit by taking money and _not_ doing any checking. They have no financial incentive to do what they're supposed to do; they become untrustworthy by default.
Making money and being able to pay for a certificate isn't any foundation for trust either; scammers make money too...
For any system to work and get widely deployed it has to be built on end-to-end, without a third party, trust. Each site has to be in control of their own keys and not dependent on someone elses good will and business.