Secure DNS makes this kind of impersonation impossible
Mmm, no. It makes this kind of impersonation possible by anyone who can coerce/corrupt/control some part of the chain of trust.
outside the standards committees which have served the Internet well for 30 years.
Actually, on the topic of security and cryptography, I'd say the standards committees have failed the internet pretty badly. The apparent fixation with providing Verisign with revenue streams has gotten in the way of designing acceptable trust systems.
The only result that the fixation with certificates and authorities has gotten us is a situation wherein everyone is becoming their own authority and nobody cares about certificate warnings anymore.
If one wanted to repair the systematic damage by now, the best way would be to simply scrap the CA's out of browsers and anywhere else and just add a way to easily add specific CA's for each new domain/service provider one comes in contact with.
Depending on the configuration of forwarding they will still have the original From: tho, so the way it usually works is like this:
The mail will have the original From, and the rewritten headers indicating the mail came from the forwarding server. Upon googles SPF check, the SPF record will not contain the forwarding server as an appropriate or permitted sender for the From: field in question. The mail is rejected (or, rather, silently dropped).
It's not a trivial problem to solve unless you have control over all the mailservers involved. You have to rewrite the From field so it no longer appears to originate from the original domain. It could rewrite with a valid name (something at the forwarding server), or by adding something to the domain name, creating a non-SPF protected From field, but however you do that you end up with a not-quite-accurate (or more accurate, depending on your view) From field. Which may cause problems in your client as you reply to the mail.
If you have control of the destination mailserver, it's much easier: you could simply not check for valid SPF records for mails coming from the forwarding server.
How can they tell the difference in a real-time fashion?
They have what was the #5 of the top known computer clusters in the world.
I think the overwhelming problems are:
The main flaw in the legislation is diverting any and all traffic without explicit court orders targeting specific cases. The rest derive from that.
And I wouldn't say 'arguable' returns, I'd say negative returns. The scheme is trivial to bog down beyond recovery; phrase generators are one thing, a much more useful form of clogging the works would be simply adding variable length encrypted segments of/dev/random to every mail you send. Can't decrypt it, can't prove it isnt decryptable, if you ever have something you actually care to hide you can stick it in the crypt section and you'd be previously whitelisted to avoid your mails bogging the system down or your mail will end up on the queue of unbreakable mails.
The days of a monitorable internet are at their end. Pressure from intellectual monopoly rights holders and the wars on everything have created many projects that are evolving into cell-structured encrypted anonymous darknets; the desire to monitor everyone and everything has created a situation where, soon enough, all communications will be structured akin to subversive cell networks.
Monitor everyone as if they were criminals, and everyone will develop and use tools that protect those being monitored as if they were criminals. Too bad there now is no extra measure to take when you want to monitor actual criminals.
Personally I find those low-end fully fledged laptops completely worthless. They have little storage, almost no memory, no expansion capability, a pitiful screen, a barely useful graphics card and a painfully slow CPU.
They're simply not a useful replacement for a desktop. And on top of that they're just not that portable; you dont quickly throw them in your bag, purse or coat pocket and go.
Still, I have a need for something to take notes, run presentations and look stuff up on when not at the desk. And while I find the low-end laptop unsuitable for the task due to it's desktop-replacement complex, the EEE segment is extremely suitable for the purpose (the £1000+ micro laptop segment is also suitable, but, eh, I'm buying a glorified pencil+paper, not some form of jewelry or fashion statement).
Putting the shareholders interest first is, however, a concept wide open to interpretation. Do the shares become worth more if you keep your customers? Will the company grow faster if you are attractive to employees? Will a company find it easier to extend business through partnerships if they don't constantly stab partners in the back? Were, for example, the actions of SCO's leadership in the long and/or short term interests of the shareholders?
Apart from the CEO selling the company real estate for $1 to his nephew, ie, outright fraud, it's quite hard to argue that company executive policy is not in the shareholders interest, no matter what it is. In the end, it comes down to opinions on how to profitably execute a business and maximize shareholder value.
So saying 'it's the shareholders interests' is a meaningless cop-out. If shareholders don't agree with management on the way to maximizing profits they can vote to replace board and/or the executive or sell their stock. Arguing the CEO has to do what some specific shareholders want is, however, inane. The CEO can treat customers well, assist partners, pay high salaries and pretty much anything else that may or may not be in the immediate shareholder interest as long as he can make a reasonable case that long term shareholder value benefits and defend his actions to the board.
Re:Political Views
on
A Year of GPLv3
·
· Score: 5, Insightful
giving all of us the free choice to buy one or not.
And when I donate source code I donate it with the intention that any end user be allowed to modify and run it, wherever or on whatever they recieved that code from. If Tivo wants to prevent the end user from doing that they have the free choice to not use my code.
If the GPLv3 prevents products like Tivo from appearing, then it's a Bad Thing.
If Tivo's abuse of the intent of GPL prevents products _better_ than Tivo from appearing, I'd say that's a Bad Thing. And finding examples where customers would have a better product if they could load modified software on their Tivo ain't exactly hard.
People really need to realize that someone else making money doesn't harm them.
Most Free software proponents have no problem with someone else making money. They do, however, have a problem with someone else harming others.
pseudo-socialism is NOT making the world a better place, just a slightly more egalitarian one
Free software is the epitome of free market economics; it's the enforcement of absolute competition.
Considering that proprietary software builds upon state protected monopoly rights and, as is becoming quite obvious, has more in common with former soviet style state factories (you _will_ use Vista and you _will_ like it; no alternate providers here), I'd say comments about socialism are weak.
I found Firefox stability improved significantly with noscript and flashblock (noscript does flashblocking too now tho). The ease of allowing specific sites and click-to-play flash makes the tradeoff well worth it, IMO.
There are a few thousand dead people from a few years back
And since then, as many people have died in bathtub related accidents.
it's hardly a 'non-existant' problem.
Indeed. Neither are bathtubs. Almost 300 people die every year in bathtubs. Both terrorism and bathtub related fatalities are serious issues that need to have appropriate levels of funding.
Will they kill you if they can?
If any terrorists wanted to kill Americans they'd be selling oil to Americans. That would nail about 50K citizens every year, 20 times more efficient than blowing up random things.
The world isn't black and white
And in a greyscale world, 'terrorist killings' merit about the same level of attention as bathtub safety.
Now, if you have a name like some suspect, or look like some other suspect, or if they need a scapegoat, that's another thing. If they can get the profiles in advance, it's much easier to pick the appropriate scapegoats, and they can even be waiting for them on arrival. Nothing personal, but the government needs to be looking like it's doing something.
Of course, you'd know if you were guilty of being an reasonable scapegoat, right?
I said goodbye to the US last time I was there. The country's just not the same anymore, and there are better places to go that actually welcome visitors. Maybe it'll change in the future, but until then I'm taking my money and business elsewhere.
It sounds like the Internet and other technologies that support globalization and scale favor the mega-retailers
Actually, it's government granted monopoly rights and marketing budgets that favour scale and mega-retailers. Channel control, payola and marketing costs get amortized over many more sales, making it very easy to crowd out most middle folks. Had it actually been a competetive field, people would have tended to buy the $1 Walmart print of the top ten songs, rather than the labels print, thus limiting the value of marketing by cutting the revenue possible to exact from the market.
The internet and other technologies favour the smaller players as their costs are highly reduced, and as they are not as sensitive to marketing measures (never having a chance offline in that area anyway), they will do better than the midrange.
Many small labels will die off; the only way they can avoid that fate is to rapidly adapt to the internet and cut their costs as much as possible (and sadly, there are many that arent even available in some online shops, leading me to really question their desire to survive at all).
I get all my CDs either from CDBaby
I get most of mine from eMusic. I'm spending about three times as much money on music these days as I did five years ago; the easy availability of the long tail, combined with last.fm giving me the ability to explore nearby music taste has rekindled my interest in music.
It's the north pole. It was already in the ocean, floating as it were. Floating ice melting doesn't cause changes in sea level; archimedes, density, modulo some frozen fishes, salt and stuff.
I would suggest that the nature of the "long tail" itself makes any accurate (ie. statistics-based) research on this extremely difficult, if not impossible
Not to mention that the remenants of channel control tend to skew the data; marketing, availability, payola, etc, skews the data towards the head. Heck, much of what I listen to isn't even available on Rhapsody.
Researching on, for example, last.fm data would be more interesting, as their range tends to be far wider and the preferences less (but still) affected by marketing and more by actual preference.
And of course, the whole conclusion is moronic; being a market leader in a field with low per-unit marginal cost, where you can set your own price and holding government protected monopoly rights is more profitable? Well, duh. Try doing the same thing in a highly competetive field.
Count the value in the wealth added to humanity instead; every new work adds value, all resources diverted away from creating more works are lost wealth.
And you have to predict, ahead of time, how much space you need for snapshots
I haven't actually ever tried to extend an lvm snapshot, as I've never had a use for it, but it would be trivial technically.
As snapshots tend to be used for things like backups and state-saves the problem tends to be framed by average rate considerations and storage time.
it's much more convenient to just treat a hard drive as a big blob of space, and to use free space on that partition for the delta.
In some cases, definitely. There are advantages to the approach.
it's going to cause a fair amount of disk fragmentation
Mmm, speaking of fragmentation, have you tried running ZFS for a longer period? If you think that would cause fragmentation issues, try running ZFS with high-write-transaction files like database files. Combine it with traditional SAN storage with huge cache blocks and you have a recipe for disaster. Copy-on-write tends to shred your files and destroy cache hit ratios.
I suspect they'll have to replace the 'change pointer on write' approach with an actual 'copy the old data on write'. Or simply offer an option to turn the COW off (is there one yet?).
Didn't the Iphone get absolutely slammed for the lack of it
Sure, but the IPhone is a highly hyped product, so it has to be appropriately buzzword compliant. Any poor IPhone user would get the lack pointed out to them; instant put-down for the device-chic.
The OpenMoko is a different field entirely. For most prospective users there simply is no feature that carries a higher importance than freedom, nor are there many alternatives with that essential feature. I have no interest in the iPhone with or without 3g; it's even more locked than many other phones.
And no, for the more pragmatic crowd, 3g isnt something you really have to have on your phone (especially not if you have wifi). 3g is more useful as a modem for a small computer like the eee; it's nice to have when you have the UI to fully utilize more bandwidth intensive applications.
Also, can I ssh into my computer and restart my webserver,
The more interesting question is, can you ssh into your phone and restart the webserver you're running there?
will have his cert, which is signed by the bank, which is signed by a CA, which is signed by a root CA.
See, there's where it breaks. I may trust the bank, and I may trust the bank to sign the truck guys cert, but I neither trust the CA (unless it _is_, verifiably, the bank), nor the root CA.
I assume you trust those developers
Trust them to write software, or trust their judgment as far as deciding who is worthy of my trust? One, perhaps, definitely not the other.
(if not you can modify your trust authorities list to fit your desires)
Which is, a bit simplified, pretty much what accepting (and storing) a self-signed certificate is. I initially accept that the party are who they say they are; trust is then built upon that; as long as I can track the original identity, my trust is against that entity.
Self-signed certs ONLY acceptable for encrypting traffic to an entity that you have first hand knowledge you can trust.
Trusting anyone you don't have first hand knowledge of, in one way or another, is a bad idea.
Liability is, for most purposes, worthless as a replacement for trust. A CA can be compromised in a multitude of ways, ranging from government pressure to software faults; actually recovering any damages would be difficult and most likely not a profitable avenue to pursue.
They do? I certainly don't. Verisign has given me no reason to trust them, in fact, their corporate history, actions, statements as well as the judicial climate of their legal venue have given me plenty of reasons to explicitly distrust them.
The reason people trust sites like Verisign
I'd say the reason people trust Verisign is that it gets installed in their browsers by default and they cant be bothered to check. You could install RusChin Phishing Corporation as a default CA in peoples browsers and they'd trust that. So it comes down more to people trusting what their browser vendors put as default CA's. So do you trust Microsoft? Your Firefox distributor? Do you trust the judgement of someone who considers Verisign trustworthy?
Also, even if I trust a site, I wouldn't necessarily trust the people they trust.
Exactly. And the conclusion one can draw from that is that it's simply better to establish trust with each separate entity, or otherwise simply not trust them.
if you don't know who you are talking to in the first place?
For most purposes it's sufficient to know I'm talking to the same guy I was last time.
Or would you trust the guy in the truck because he showed you a self-signed document
Instead I'm supposed to trust the guy in the truck because he shows me a document signed by the guy in the truck next to him?
The economic interest of a CA is diametrically opposed to their purpose. They maximize their profit margins by _not_ doing what they should be doing; hence I have no more reason for trusting Verisign (the guy in the truck next to him) than the guy himself.
In fact, I'd be better off establishing my trust once with the guy in the truck, then accepting that trust in the future; trusting the CA merely means I've opened myself up to being blindly tricked coercion of the CA. If the certificate of the person I've established trust with changes I know somethings up. If I'm subjected to a MITM attack signed by a trusted CA I wont even notice.
False sense of security
Funny, I'd say that the false sense of security is exactly what you get from CA signed certificates.
I mean, yes, you can do snapshots -- clumsily, as you have to set aside space for it
Well, not that much, lvm snapshots are copy-on-write, so you merely need to store the delta.
If you tell the filesystem it's on a 10 gig device, and it's really on a 5 gig device, what happens when I write 6 gigs of high-entropy data to it?
Technically, we already have that problem on one level in the filesystem layer; sparse files. I dont know the internal mechanics of most filesystems, but I'd expect that knowing the exact size of the underlying device would not really be necessary; remaining space free would be more important.
For a really ugly hack you start with 'actual size with 100% entropy', then you could resize to keep free space in front of used space as compression makes extra space available in your block device, then call resize2fs or similar api call (I said ugly hack:) that will format the new space in front of writes.
Conceptually it's not impossible. It would, of course, be a pita if you then start deleting data and replacing it with higher entropy data, as that would start causing the device to shrink (back to the uncompressed size)... so you'd have to hack the filesystem to be able to actually handle shrinking too (and slap a huge warning label on it:).
it has snapshotting, intelligent striping and mirroring, dynamic resizing
Eh, exactly which feature is unique? Snapshotting, striping, mirroring, resizing, encryption, etc, all of it can be done through the device mapper stack.
I have situations where I don't want any filesystem at all on the mixed chunks (shared iSCSI block devices, for example), others where I want partial mirrors, parts crypted, parts remote-synced, etc. Mixing block device, volume management and filesystem together in my opinion, simply bad engineering. There are far too many assumptions about what people usually do so you end up with something suitable only for exactly what the designer had in mind, and worse, sometimes completely unsuitable for what people actually do.
Having run both AdvFS and ZFS, I _vastly_ prefer the layered approach of ext3/LVM/md/etc.
there's no comparable production filesystem
Yes, well, try actually running ZFS in production for a while with any kind of odd load (and some not so odd loads at all). Sometimes things just aren't all they're hyped up to be.
Filesystems are one part of most systems where 'exciting' isn't the most desirable feature.
and being spied on by governments (not necessarily our own, mind you)
These types of laws typically have provisions against 'domestic spying'. As does the swedish law.
The traditional way to get around that is to simply listen on foreign traffic, then exchange that info with foreign intelligence services (A method which the swedish law explicitly allows).
whether we'll see people using SSL/TLS
Perhaps.
If you really want to make things hard for the listeners, start putting encrypted input from/dev/random as a.sig to every mail you send. They'll never to be able to either decrypt it or verify it contains no real encrypted info...
Then if you ever wanted to send anything you actually mind having listeners to you can just stick it there; either your mail will already have gotten whitelisted to avoid clogging their filters, or it'll get stuck in a queue so deep the sun will have gone out before they can decrypt it.
I don't know why, and I'm pretty sure it did work before.
Did it? Or do we merely have better tools to keep ourselves informed these days? Did the government do what the people wanted, or were they better at convincing the people what they should want when there were fewer independent channels?
Look back at history; backroom deals are hardly new, you'll find them behind everything from the Federal Reserve to wars, wiretapping and surveillance. Look at things ranging from prohibition to vietnam to McCarthy.
Is the fact that this recent shift occurred contemporaneously with the rise of the internet a coincidence?
If you look at it through the more positive view then it's no coincidence. The internet has made real-time monitoring of politics possible; today you can check a politicians voting record with a mouseclick and compare it with his bovine feces and see if they match up. You can check many sources and publish your own opinions, etc, etc
The end result is that democracy is not working the way it once did.
On the more negative side, assuming our observations are simply more accurate these days, then democracy is actually working the way it once did. Which turns out to be quite badly. Perhaps it'll get better once the old guard who thinks they can get away with this crap dies off; it's encouraging that the younger swedish politicians managed to withstand a fair amount of pressure for a while at least, and I suspect the voters will show no mercy in letting them know exactly how they value loyalty to the constituents versus loyalty to the party whip. Those caving in will find it costs.
Until then, much of internet communications will evolve into an f2f cell structured topology reminiscent of the kinds of cell structures the intelligence services try to find. The push to monitor and control will merely create a vastly more powerful push back, essentially destroying any chance of ever reliably monitoring communications again. Way to organize the entire population as a mass cell network, but there you go.
Which rather highlights the point that for many purposes there is no reason to trust Verisign or any other standard-installed CA more than JoeBasementGuy's self-signing CA. Better to just install the signing cert on first connection...
much degradation to the trust of the certificate system.
Well, the CA's certainly don't need much help with that. The last shred of trust I had in the certificate system was lost when they came out and said we need more money to do what we said we did but didn't.
They simply have no financial incentive to actually check anything; the highest profit margin would be achieved with a webpage and an automatic signing script.
Wouldn't it be easier to just set up SMTP with TLS? That way you don't need a secure tunnel, and it has the added advantage of actually encrypting to any TLS capable peer.
I set that up recently... ironically, not because mail security was an issue, but because some customers mailing via the gateway in question came from ISP's with port 25 outgoing blocked...
Slashdot Mirror
Secure DNS makes this kind of impersonation impossible
Mmm, no. It makes this kind of impersonation possible by anyone who can coerce/corrupt/control some part of the chain of trust.
outside the standards committees which have served the Internet well for 30 years.
Actually, on the topic of security and cryptography, I'd say the standards committees have failed the internet pretty badly. The apparent fixation with providing Verisign with revenue streams has gotten in the way of designing acceptable trust systems.
The only result that the fixation with certificates and authorities has gotten us is a situation wherein everyone is becoming their own authority and nobody cares about certificate warnings anymore.
If one wanted to repair the systematic damage by now, the best way would be to simply scrap the CA's out of browsers and anywhere else and just add a way to easily add specific CA's for each new domain/service provider one comes in contact with.
Depending on the configuration of forwarding they will still have the original From: tho, so the way it usually works is like this:
The mail will have the original From, and the rewritten headers indicating the mail came from the forwarding server. Upon googles SPF check, the SPF record will not contain the forwarding server as an appropriate or permitted sender for the From: field in question. The mail is rejected (or, rather, silently dropped).
It's not a trivial problem to solve unless you have control over all the mailservers involved. You have to rewrite the From field so it no longer appears to originate from the original domain. It could rewrite with a valid name (something at the forwarding server), or by adding something to the domain name, creating a non-SPF protected From field, but however you do that you end up with a not-quite-accurate (or more accurate, depending on your view) From field. Which may cause problems in your client as you reply to the mail.
If you have control of the destination mailserver, it's much easier: you could simply not check for valid SPF records for mails coming from the forwarding server.
How can they tell the difference in a real-time fashion?
They have what was the #5 of the top known computer clusters in the world.
I think the overwhelming problems are:
The main flaw in the legislation is diverting any and all traffic without explicit court orders targeting specific cases. The rest derive from that.
And I wouldn't say 'arguable' returns, I'd say negative returns. The scheme is trivial to bog down beyond recovery; phrase generators are one thing, a much more useful form of clogging the works would be simply adding variable length encrypted segments of /dev/random to every mail you send. Can't decrypt it, can't prove it isnt decryptable, if you ever have something you actually care to hide you can stick it in the crypt section and you'd be previously whitelisted to avoid your mails bogging the system down or your mail will end up on the queue of unbreakable mails.
The days of a monitorable internet are at their end. Pressure from intellectual monopoly rights holders and the wars on everything have created many projects that are evolving into cell-structured encrypted anonymous darknets; the desire to monitor everyone and everything has created a situation where, soon enough, all communications will be structured akin to subversive cell networks.
Monitor everyone as if they were criminals, and everyone will develop and use tools that protect those being monitored as if they were criminals. Too bad there now is no extra measure to take when you want to monitor actual criminals.
Personally I find those low-end fully fledged laptops completely worthless. They have little storage, almost no memory, no expansion capability, a pitiful screen, a barely useful graphics card and a painfully slow CPU.
They're simply not a useful replacement for a desktop. And on top of that they're just not that portable; you dont quickly throw them in your bag, purse or coat pocket and go.
Still, I have a need for something to take notes, run presentations and look stuff up on when not at the desk. And while I find the low-end laptop unsuitable for the task due to it's desktop-replacement complex, the EEE segment is extremely suitable for the purpose (the £1000+ micro laptop segment is also suitable, but, eh, I'm buying a glorified pencil+paper, not some form of jewelry or fashion statement).
Nobody I know of has cut short travel plans because of the terrorism threat,
I suspect far more people cut travel plans short because of the TSA.
Putting the shareholders interest first is, however, a concept wide open to interpretation. Do the shares become worth more if you keep your customers? Will the company grow faster if you are attractive to employees? Will a company find it easier to extend business through partnerships if they don't constantly stab partners in the back? Were, for example, the actions of SCO's leadership in the long and/or short term interests of the shareholders?
Apart from the CEO selling the company real estate for $1 to his nephew, ie, outright fraud, it's quite hard to argue that company executive policy is not in the shareholders interest, no matter what it is. In the end, it comes down to opinions on how to profitably execute a business and maximize shareholder value.
So saying 'it's the shareholders interests' is a meaningless cop-out. If shareholders don't agree with management on the way to maximizing profits they can vote to replace board and/or the executive or sell their stock. Arguing the CEO has to do what some specific shareholders want is, however, inane. The CEO can treat customers well, assist partners, pay high salaries and pretty much anything else that may or may not be in the immediate shareholder interest as long as he can make a reasonable case that long term shareholder value benefits and defend his actions to the board.
giving all of us the free choice to buy one or not.
And when I donate source code I donate it with the intention that any end user be allowed to modify and run it, wherever or on whatever they recieved that code from. If Tivo wants to prevent the end user from doing that they have the free choice to not use my code.
If the GPLv3 prevents products like Tivo from appearing, then it's a Bad Thing.
If Tivo's abuse of the intent of GPL prevents products _better_ than Tivo from appearing, I'd say that's a Bad Thing. And finding examples where customers would have a better product if they could load modified software on their Tivo ain't exactly hard.
People really need to realize that someone else making money doesn't harm them.
Most Free software proponents have no problem with someone else making money. They do, however, have a problem with someone else harming others.
pseudo-socialism is NOT making the world a better place, just a slightly more egalitarian one
Free software is the epitome of free market economics; it's the enforcement of absolute competition.
Considering that proprietary software builds upon state protected monopoly rights and, as is becoming quite obvious, has more in common with former soviet style state factories (you _will_ use Vista and you _will_ like it; no alternate providers here), I'd say comments about socialism are weak.
I found Firefox stability improved significantly with noscript and flashblock (noscript does flashblocking too now tho). The ease of allowing specific sites and click-to-play flash makes the tradeoff well worth it, IMO.
There are a few thousand dead people from a few years back
And since then, as many people have died in bathtub related accidents.
it's hardly a 'non-existant' problem.
Indeed. Neither are bathtubs. Almost 300 people die every year in bathtubs. Both terrorism and bathtub related fatalities are serious issues that need to have appropriate levels of funding.
Will they kill you if they can?
If any terrorists wanted to kill Americans they'd be selling oil to Americans. That would nail about 50K citizens every year, 20 times more efficient than blowing up random things.
The world isn't black and white
And in a greyscale world, 'terrorist killings' merit about the same level of attention as bathtub safety.
I doubt it.
Now, if you have a name like some suspect, or look like some other suspect, or if they need a scapegoat, that's another thing. If they can get the profiles in advance, it's much easier to pick the appropriate scapegoats, and they can even be waiting for them on arrival. Nothing personal, but the government needs to be looking like it's doing something.
Of course, you'd know if you were guilty of being an reasonable scapegoat, right?
I said goodbye to the US last time I was there. The country's just not the same anymore, and there are better places to go that actually welcome visitors. Maybe it'll change in the future, but until then I'm taking my money and business elsewhere.
It sounds like the Internet and other technologies that support globalization and scale favor the mega-retailers
Actually, it's government granted monopoly rights and marketing budgets that favour scale and mega-retailers. Channel control, payola and marketing costs get amortized over many more sales, making it very easy to crowd out most middle folks. Had it actually been a competetive field, people would have tended to buy the $1 Walmart print of the top ten songs, rather than the labels print, thus limiting the value of marketing by cutting the revenue possible to exact from the market.
The internet and other technologies favour the smaller players as their costs are highly reduced, and as they are not as sensitive to marketing measures (never having a chance offline in that area anyway), they will do better than the midrange.
Many small labels will die off; the only way they can avoid that fate is to rapidly adapt to the internet and cut their costs as much as possible (and sadly, there are many that arent even available in some online shops, leading me to really question their desire to survive at all).
I get all my CDs either from CDBaby
I get most of mine from eMusic. I'm spending about three times as much money on music these days as I did five years ago; the easy availability of the long tail, combined with last.fm giving me the ability to explore nearby music taste has rekindled my interest in music.
It's the north pole. It was already in the ocean, floating as it were. Floating ice melting doesn't cause changes in sea level; archimedes, density, modulo some frozen fishes, salt and stuff.
South pole is worse, sea level wise.
I would suggest that the nature of the "long tail" itself makes any accurate (ie. statistics-based) research on this extremely difficult, if not impossible
Not to mention that the remenants of channel control tend to skew the data; marketing, availability, payola, etc, skews the data towards the head. Heck, much of what I listen to isn't even available on Rhapsody.
Researching on, for example, last.fm data would be more interesting, as their range tends to be far wider and the preferences less (but still) affected by marketing and more by actual preference.
And of course, the whole conclusion is moronic; being a market leader in a field with low per-unit marginal cost, where you can set your own price and holding government protected monopoly rights is more profitable? Well, duh. Try doing the same thing in a highly competetive field.
Count the value in the wealth added to humanity instead; every new work adds value, all resources diverted away from creating more works are lost wealth.
And you have to predict, ahead of time, how much space you need for snapshots
I haven't actually ever tried to extend an lvm snapshot, as I've never had a use for it, but it would be trivial technically.
As snapshots tend to be used for things like backups and state-saves the problem tends to be framed by average rate considerations and storage time.
it's much more convenient to just treat a hard drive as a big blob of space, and to use free space on that partition for the delta.
In some cases, definitely. There are advantages to the approach.
it's going to cause a fair amount of disk fragmentation
Mmm, speaking of fragmentation, have you tried running ZFS for a longer period? If you think that would cause fragmentation issues, try running ZFS with high-write-transaction files like database files. Combine it with traditional SAN storage with huge cache blocks and you have a recipe for disaster. Copy-on-write tends to shred your files and destroy cache hit ratios.
I suspect they'll have to replace the 'change pointer on write' approach with an actual 'copy the old data on write'. Or simply offer an option to turn the COW off (is there one yet?).
Didn't the Iphone get absolutely slammed for the lack of it
Sure, but the IPhone is a highly hyped product, so it has to be appropriately buzzword compliant. Any poor IPhone user would get the lack pointed out to them; instant put-down for the device-chic.
The OpenMoko is a different field entirely. For most prospective users there simply is no feature that carries a higher importance than freedom, nor are there many alternatives with that essential feature. I have no interest in the iPhone with or without 3g; it's even more locked than many other phones.
And no, for the more pragmatic crowd, 3g isnt something you really have to have on your phone (especially not if you have wifi). 3g is more useful as a modem for a small computer like the eee; it's nice to have when you have the UI to fully utilize more bandwidth intensive applications.
Also, can I ssh into my computer and restart my webserver,
The more interesting question is, can you ssh into your phone and restart the webserver you're running there?
will have his cert, which is signed by the bank, which is signed by a CA, which is signed by a root CA.
See, there's where it breaks. I may trust the bank, and I may trust the bank to sign the truck guys cert, but I neither trust the CA (unless it _is_, verifiably, the bank), nor the root CA.
I assume you trust those developers
Trust them to write software, or trust their judgment as far as deciding who is worthy of my trust? One, perhaps, definitely not the other.
(if not you can modify your trust authorities list to fit your desires)
Which is, a bit simplified, pretty much what accepting (and storing) a self-signed certificate is. I initially accept that the party are who they say they are; trust is then built upon that; as long as I can track the original identity, my trust is against that entity.
Self-signed certs ONLY acceptable for encrypting traffic to an entity that you have first hand knowledge you can trust.
Trusting anyone you don't have first hand knowledge of, in one way or another, is a bad idea.
Liability is, for most purposes, worthless as a replacement for trust. A CA can be compromised in a multitude of ways, ranging from government pressure to software faults; actually recovering any damages would be difficult and most likely not a profitable avenue to pursue.
For example, most people trust Verisign.
They do? I certainly don't. Verisign has given me no reason to trust them, in fact, their corporate history, actions, statements as well as the judicial climate of their legal venue have given me plenty of reasons to explicitly distrust them.
The reason people trust sites like Verisign
I'd say the reason people trust Verisign is that it gets installed in their browsers by default and they cant be bothered to check. You could install RusChin Phishing Corporation as a default CA in peoples browsers and they'd trust that. So it comes down more to people trusting what their browser vendors put as default CA's. So do you trust Microsoft? Your Firefox distributor? Do you trust the judgement of someone who considers Verisign trustworthy?
Also, even if I trust a site, I wouldn't necessarily trust the people they trust.
Exactly. And the conclusion one can draw from that is that it's simply better to establish trust with each separate entity, or otherwise simply not trust them.
The answer is: Never.
Actually, the answer is: Always.
if you don't know who you are talking to in the first place?
For most purposes it's sufficient to know I'm talking to the same guy I was last time.
Or would you trust the guy in the truck because he showed you a self-signed document
Instead I'm supposed to trust the guy in the truck because he shows me a document signed by the guy in the truck next to him?
The economic interest of a CA is diametrically opposed to their purpose. They maximize their profit margins by _not_ doing what they should be doing; hence I have no more reason for trusting Verisign (the guy in the truck next to him) than the guy himself.
In fact, I'd be better off establishing my trust once with the guy in the truck, then accepting that trust in the future; trusting the CA merely means I've opened myself up to being blindly tricked coercion of the CA. If the certificate of the person I've established trust with changes I know somethings up. If I'm subjected to a MITM attack signed by a trusted CA I wont even notice.
False sense of security
Funny, I'd say that the false sense of security is exactly what you get from CA signed certificates.
I mean, yes, you can do snapshots -- clumsily, as you have to set aside space for it
Well, not that much, lvm snapshots are copy-on-write, so you merely need to store the delta.
If you tell the filesystem it's on a 10 gig device, and it's really on a 5 gig device, what happens when I write 6 gigs of high-entropy data to it?
Technically, we already have that problem on one level in the filesystem layer; sparse files. I dont know the internal mechanics of most filesystems, but I'd expect that knowing the exact size of the underlying device would not really be necessary; remaining space free would be more important.
For a really ugly hack you start with 'actual size with 100% entropy', then you could resize to keep free space in front of used space as compression makes extra space available in your block device, then call resize2fs or similar api call (I said ugly hack :) that will format the new space in front of writes.
Conceptually it's not impossible. It would, of course, be a pita if you then start deleting data and replacing it with higher entropy data, as that would start causing the device to shrink (back to the uncompressed size)... so you'd have to hack the filesystem to be able to actually handle shrinking too (and slap a huge warning label on it :).
it has snapshotting, intelligent striping and mirroring, dynamic resizing
Eh, exactly which feature is unique? Snapshotting, striping, mirroring, resizing, encryption, etc, all of it can be done through the device mapper stack.
I have situations where I don't want any filesystem at all on the mixed chunks (shared iSCSI block devices, for example), others where I want partial mirrors, parts crypted, parts remote-synced, etc. Mixing block device, volume management and filesystem together in my opinion, simply bad engineering. There are far too many assumptions about what people usually do so you end up with something suitable only for exactly what the designer had in mind, and worse, sometimes completely unsuitable for what people actually do.
Having run both AdvFS and ZFS, I _vastly_ prefer the layered approach of ext3/LVM/md/etc.
there's no comparable production filesystem
Yes, well, try actually running ZFS in production for a while with any kind of odd load (and some not so odd loads at all). Sometimes things just aren't all they're hyped up to be.
Filesystems are one part of most systems where 'exciting' isn't the most desirable feature.
and being spied on by governments (not necessarily our own, mind you)
These types of laws typically have provisions against 'domestic spying'. As does the swedish law.
The traditional way to get around that is to simply listen on foreign traffic, then exchange that info with foreign intelligence services (A method which the swedish law explicitly allows).
whether we'll see people using SSL/TLS
Perhaps.
If you really want to make things hard for the listeners, start putting encrypted input from /dev/random as a .sig to every mail you send. They'll never to be able to either decrypt it or verify it contains no real encrypted info...
Then if you ever wanted to send anything you actually mind having listeners to you can just stick it there; either your mail will already have gotten whitelisted to avoid clogging their filters, or it'll get stuck in a queue so deep the sun will have gone out before they can decrypt it.
if I get caught speeding i get fined instantly
You're not, however, denied the use of roads.
I don't know why, and I'm pretty sure it did work before.
Did it? Or do we merely have better tools to keep ourselves informed these days? Did the government do what the people wanted, or were they better at convincing the people what they should want when there were fewer independent channels?
Look back at history; backroom deals are hardly new, you'll find them behind everything from the Federal Reserve to wars, wiretapping and surveillance. Look at things ranging from prohibition to vietnam to McCarthy.
Is the fact that this recent shift occurred contemporaneously with the rise of the internet a coincidence?
If you look at it through the more positive view then it's no coincidence. The internet has made real-time monitoring of politics possible; today you can check a politicians voting record with a mouseclick and compare it with his bovine feces and see if they match up. You can check many sources and publish your own opinions, etc, etc
The end result is that democracy is not working the way it once did.
On the more negative side, assuming our observations are simply more accurate these days, then democracy is actually working the way it once did. Which turns out to be quite badly. Perhaps it'll get better once the old guard who thinks they can get away with this crap dies off; it's encouraging that the younger swedish politicians managed to withstand a fair amount of pressure for a while at least, and I suspect the voters will show no mercy in letting them know exactly how they value loyalty to the constituents versus loyalty to the party whip. Those caving in will find it costs.
Until then, much of internet communications will evolve into an f2f cell structured topology reminiscent of the kinds of cell structures the intelligence services try to find. The push to monitor and control will merely create a vastly more powerful push back, essentially destroying any chance of ever reliably monitoring communications again. Way to organize the entire population as a mass cell network, but there you go.
Which rather highlights the point that for many purposes there is no reason to trust Verisign or any other standard-installed CA more than JoeBasementGuy's self-signing CA. Better to just install the signing cert on first connection...
much degradation to the trust of the certificate system.
Well, the CA's certainly don't need much help with that. The last shred of trust I had in the certificate system was lost when they came out and said we need more money to do what we said we did but didn't.
They simply have no financial incentive to actually check anything; the highest profit margin would be achieved with a webpage and an automatic signing script.
Wouldn't it be easier to just set up SMTP with TLS? That way you don't need a secure tunnel, and it has the added advantage of actually encrypting to any TLS capable peer.
I set that up recently... ironically, not because mail security was an issue, but because some customers mailing via the gateway in question came from ISP's with port 25 outgoing blocked...