Use a cloud company with no US operations whatsoever.
No, the obvious solution is to store your own data on your own servers, and make damned sure there is no US company that has access to it which will be covered by this law.
Governments putting their information into the cloud are being stupid if they don't realize they've given up the sovereignty of their own data. It's fairly obvious that if you're not controlling physical access to it, you don't know who is.
With the Patriot Act, the US has more or less said they'll trample any other countries security and sovereignty in order to protect their own. The solution is to pass reciprocal laws, and don't give them any data to access in the first place.
I'll be curious to see what happens when the EU drags people off to jail for violating EU laws... on the one hand I can see the company being compelled by the US, on the other hand I can see people who actually live in the EU being the ones on the hook for breaking the law.
"Frazer explained that, as Microsoft is a U.S.-headquartered company, it has to comply with local laws (the United States, as well as any other location where one of its subsidiary companies is based)."
While the focus is on the US Patriot Act; that quote implies that cloud based data is essentially subject to any local law and that privacy laws don't protect someone if the law requires access outside of the jurisdiction covered by privacy laws. A local subsidiary would cough up the information, as required by law, not the one where the data may have originated and is covered by privacy laws.
I work for a consulting company, and we do a fair amount of work for the Canadian government. You pretty much have to be sure to keep your data only on servers that reside 100% in Canada for this exact reason. I know of companies that had arms-length subsidiaries based solely in Canada because of this law. I can't use certain company tools for certain contracts, because they reside on US servers.
Basically, once the US granted themselves access to all of your data, it was pretty much game over. As you point out, what's to stop every local jurisdiction to pass similar laws?
This has been my biggest beef with cloud computing... it more or less surrenders control of your data to governments you might consider hostile. And, while we're neighbors and friends of the US, letting them access to the data generated by the workings of our government is a no no.
I'm completely unsurprised to hear that European subsidiaries of Microsoft might have to be handing over data to US agencies... and I think it's a really bad precedent of a government which is over-reaching by a lot. The US would screech and howl if other governments did the same thing to them.
"I'm not sure anybody has found a reliable method to do that yet.:-P"
Yes, but it requires ditching the Bible.
I ditched the Bible a very long time ago... except for a few very narrow circumstances, it hasn't substantially reduced the number of idiots I have to deal with.
These are my options? The Bible or Karl Marx? My answer is mu.
Genuine question here - where are data caps becoming the norm?
You mean there are places where they aren't?
Certainly in the US and Canada you increasingly hear about ISPs imposing caps on how much data you can transfer before you have to pay more. Lots of coverage about how "unlimited" doesn't actually mean "without limits", but some arbitrary number which is deemed "big enough for anybody unless they're willing to pay more".
This is happening for both internet connections, and mobile data plans.
How so? What he did was basically to allow interoperability.
I find it hard to believe that Sony ever came close to demonstrating that GeoHot violated the DMCA... they just managed to intimidate him enough to make him stop doing what he was doing and promise never to do it again.
I'm not at all convinced what he did was wrong, or anywhere near illegal.
In Sony's defense, licensing fees for the PS3, like all other consoles, is the primary revenue stream, so bypassing the security and license requirement means Sony doesn't earn money on their console games
Except, that none of the stuff GeoHot was doing was actually illegal. It was in support of doing perfectly legal things which Sony said could lead to doing illegal things.
For you and me that is an unpopular stance, but honestly, they have to protect their revenue stream
Well, Sony has already used up any good will I could ever have for them as a company... I'm not sure you could give me something made by Sony unless I was fairly sure the ways in which they could dictate how I use it were pretty narrow. They're not a company I trust for either their quality, or their track record with how they treat customers.
If you don't like the Gillette razor model, buy a PC instead.
Which, just supports Microsoft instead. Which, I ultimately did when my wife decided she wanted an Xbox to play the dancing games with the Kinect.
Besides Oracle is a DB company and I don't see many DB houses that need the speed of an Oracle DB and are willing to pay the crazy Oracle prices for it running old tech.
And, Sun was a server company.
Which means that people who were using their machines for completely different things than databases, are now more or less getting screwed out of newer functionality on older hardware.
Some older Sun machines are still fairly big boxes, and could likely keep with the new OS.
I think it's mostly the clients of Sun who are getting screwed over in this... but Oracle doesn't seem to care about that.
No. They just want a choice in who gets to use their information. Is it fair that a company can keep using my information long after I discontinue use of their product?
I'm less worried about that... if I actually used your product, and you have my information on file because I gave it to you, I can at least understand how you have it.
It's the people who I have never had a business dealing with, who have managed to get my information that I have a big problem with. who the hell are you, and why do I care? These companies who sell their client lists so that some asshole I've never had any dealings with can call me up... that I have a problem with.
And, pretty much all telemarketers can go to hell... you don't have my permission to call me at 9pm to see if I want your product. Besides, so many of the telemarketers I get are sufficiently shady, that I don't care if you might be legitimate or not. I'm on the do not call list, and at this point I'm forced to assume that anybody still calling me is covered under one of the exemptions they feel entitled to, or is a scam... either way, my response is going to tell you to go away and don't call back. If you're a charity and call three times in a week, well, I pity that last bastard to call because I'll tear him a new one.
My latest scam that I get calls for is some idiot calling from a call center in India or whatever telling me that he's from "the Windows support" -- not what company, just support. I can only assume it's a straight up scam, because there's no indication he actually works for anybody I do business with.
Oh, and before I forget it. You don't pay them for consumption, you pay them for delivery. You still have to pay them immediately if you put the energy into a battery for later use.
Again, ignoring the technical specifics of "power" vs "energy"... from their perspective, if you pull in the power to put it into a battery, it's consumption. The fact that it's available for later use is largely irrelevant.
If I buy a gallon of gas and put it into a red plastic can, that doesn't mean that from the pump perspective, I didn't just 'consume' a gallon of gas.
However, I'm glad to see that the fine tradition of pedantry here on Slashdot is being upheld.;-)
Isn't that just another way of saying that they are idiots?
Why, yes... in fact, that was the crux of the article. I'm not arguing against the idea that these people probably are idiots. I'm just shocked that people who have likely been on training to explain to them the risks are still just as idiotic as the population at large.
The solution, as I see it, isn't to try to make the systems idiot-proof, because that will fail, but to not put idiots in front of critical machines.
I'm not sure anybody has found a reliable method to do that yet.:-P
I hope it does a better job recognizing drag queens than I do...
Pro tip... look for the Adams apple.
The plastic cigarette holder, cocktail gloves, and using the word "dahling" might help, but not in all cases.;-)
Also, if they go into the men's room and use the urinal... but I've actually seen women do that, so it's again not something which works in all cases.:-P
Completely floors me what people will give up with regards to privacy. Then again, this is yet another shining example that sex sells.
This is really necessary? I probably would NOT end up going to bars that use this technology
That was my first reaction... I'm not sure I'm comfortable with random commercial establishments doing full-on facial recognition. It's sure as hell not opt-in, and at what point does this happen every public place I'm in? Way too much erosion of privacy and way too much surveillance society.
The whole notion kind of skeeves me out a little... as you say "Big Brother at it's finest, portraying themselves as the sheep in wolves clothing."
You can never make systems fully foolproof through technology, and Bruce of all people should know this. It's the goal of the engineers to build better foolproof equipment, and it's the goal of nature to build better fools.
But, surely government employees and contractors have been through some training that tells them to be careful with stuff like this. They get told to be careful and suspicious because they have sensitive data... but when DHS throws a bunch of USB sticks into a parking lot, these same people plug it into a government computer.
This isn't Bruce Schneier saying "OMG, these people are idiots"... this is a test that DHS themselves did which re-affirmed that people are always going to be the weak link in security. I'm still amazed at the extent to which people who should know better still act like complete idiots in the face of something like this.
Bruce is just reporting on this, and the linked article is just pointing to a story on Bloomberg. And, yes, sadly nature is way ahead of the curve on the creation of fools.
But seriously, I'd check out the data on a stick I picked up. I'm a Linux user so at least I wouldn't have the autorun issue, but a mysterious piece of software I may try running in Wine or a VM so I could just as well have fallen victim.
I couldn't agree with this more... I've always hated the fact that Microsoft (in their on-going attempt to pander to drooling idiots) has set it up by default so that it will pretty much run anything that comes near it, without asking the user or any level of assumption that this could be a bad idea.
Yes, computers confused people for a bunch of years... but running any old binary that comes along is stupid. Merely plugging in a USB drive should not really be a vector for automatic execution of arbitrary code.
In fact, the default to be to NOT run it... but, everybody is so enthralled with their autorun.exe that they seem to think it's a good idea.
That's what I was thinking... AFAIK, he was working on something to allow loading of homebrew games onto a PS3... other than the fact that Sony are dick heads, what exactly did GeoHot do that was illegal or criminal?
Whoever is lumping him in with people who got somewhere due to their "misdeeds" is an idiot. Sony disagreed with what he did, and claimed it could be used to do illegal things... but nothing he did was illegal.
Yep. What sucks is that they are taking a case where the defendant is clearly someone that the government should have been tracking and just didn't go through the correct channels of authorization (warrants).
Ah, but the beauty of the law is that saying that he really was a bad guy is irrelevant.
There are rules and procedures... cutting corners when tracking bad guys is just as wrong as using FBI resources to follow the guy you think is screwing your wife.
If you're not allowed to have round the clock GPS tracking without a warrant, and you did it anyway, then everything which comes from that is basically poisoned and likely to be ruled inadmissable.
For the supreme court to decide to hear this case makes me think that they want to look like the good guys when they decide that the government can track anyone for any reason at any time.
Which will mark the point at which America ceases to be anything but a police state. Which, sadly, has been the trajectory for the last decade or so.
We used to give gifts of food and clothes to the poor children in far away lands at harvest time. All the gifts would be on show a the front of the Hall. Sorry children, our church cannot give you anything this year. Kindness is patented.
No no no.... like all software patents, this is a "method for doing something we've all been doing for a very long time, but with a computer."
So your real-world situation isn't covered by this patent, merely doing the exact same thing involving a computer. Not having read the patent, I can only imagine that every claim is unique and something nobody else thought of before.
I think I shall patent "a method for pissing and moaning about the inequities of the world but with a computer"... then every schmuck who gripes about the state of the world owes me money. That would be awesome.
Oracle's acquisition and recent activity against other platforms (HPUX comes to mind) shows that Larry's got his eyes on one thing... money
A couple of years ago an actual Oracle employee told me that Oracle stands for "One Rich Asshole Called Larry Ellison".
Given that he was about to tell us how much something cost, I found the joke rather on point. I know lots of people who suddenly found themselves with older Sun equipment which wasn't on a maintenance program which suddenly didn't have access to updates and patches any more -- because Oracle won't give away anything for free.
It really is a shame to see the demise of Sun hardware, I have such fond memories of it from years ago. Though, truthfully, I haven't personally seen an operating Sun machine in several years (but I'm sure they're out there in droves). Pity to see Oracle speeding up that demise in the name of squeezing out more profit.
Google is the one you should be mad with. The law is good, but google's reaction to it just plain sucks.
Well, I don't see why.
Taiwan told Google that if they're going to sell stuff, they have to offer refunds. If they don't have a mechanism in place to offer refunds, they stop selling.
It's a valid response. It might not be the one you'd prefer, but I don't see why they don't get the option of saying "well, that's not how it works anywhere else". Is Taiwan entitled to buy stuff from Google or something?
I always pick Avagadro's number, unless I'm told they want a number less than 10^23.
Well, he did explicitly say "a number between 1 and 10", so Avogadros' number would be right out.
Even among geeks, the pedantry of selecting non-integers will get you an eye roll, and maybe a friendly offer of a poke in the eye with a sharp stick.;-)
Who exactly is putting a gun to your head and forcing you to upgrade?
Corporations generally don't want to run software that is past it's end-of-life and will not be receiving support. I'm just observing that if it comes down to running IE, or having Firefox become unsupported after 3 months (and creating extra work to upgrade), companies will run IE.
Nobody is forcing us to upgrade. But nobody is compelling us to keep running Firefox either. If it's just as easy to choose not to run Firefox.... well, that's a decision people might make, it's a two way street.
Mozilla is free to not give a damn about how companies are affected by this. And companies are free to decide that Mozilla isn't really ready for the enterprise. But, acting like companies should just suck it up and do it the way Mozilla thinks they should... well, good luck with that.
I think Microsoft would love to hear that companies are leaving Firefox due to this. People can give a shit or not as they feel inclined.
So why doesn't the cheapass and lazy corporations support it themselves. The code is there for them to continue to use it as they want.
Because the corporations aren't willing to exert the effort and resources to maintain a browser, because it's a complete waste of money for something which is now treated as infrastructure.
This is pretty much what happens when you hear about people asking Linux questions and being told "RTFM n00b". If the beauty of open source is that when it breaks you get to keep all of the pieces... well, nobody wants a web browser in a kit.
Now, Mozilla might not actually care if corporations stop using their product... which is fine. But, if you've been trying to grow your market share, not making it impossible for corporations to keep using your product is a good start.
A three month cycle before a release is marked as end-of-life and no longer supported is simply not going to work for corporations. This will work for end users on their own machines, but I can't see it working in a corporate IT environment. In all but a few places I've ever worked, this just couldn't be made to work.
No, the obvious solution is to store your own data on your own servers, and make damned sure there is no US company that has access to it which will be covered by this law.
Governments putting their information into the cloud are being stupid if they don't realize they've given up the sovereignty of their own data. It's fairly obvious that if you're not controlling physical access to it, you don't know who is.
With the Patriot Act, the US has more or less said they'll trample any other countries security and sovereignty in order to protect their own. The solution is to pass reciprocal laws, and don't give them any data to access in the first place.
I'll be curious to see what happens when the EU drags people off to jail for violating EU laws ... on the one hand I can see the company being compelled by the US, on the other hand I can see people who actually live in the EU being the ones on the hook for breaking the law.
I work for a consulting company, and we do a fair amount of work for the Canadian government. You pretty much have to be sure to keep your data only on servers that reside 100% in Canada for this exact reason. I know of companies that had arms-length subsidiaries based solely in Canada because of this law. I can't use certain company tools for certain contracts, because they reside on US servers.
Basically, once the US granted themselves access to all of your data, it was pretty much game over. As you point out, what's to stop every local jurisdiction to pass similar laws?
This has been my biggest beef with cloud computing ... it more or less surrenders control of your data to governments you might consider hostile. And, while we're neighbors and friends of the US, letting them access to the data generated by the workings of our government is a no no.
I'm completely unsurprised to hear that European subsidiaries of Microsoft might have to be handing over data to US agencies ... and I think it's a really bad precedent of a government which is over-reaching by a lot. The US would screech and howl if other governments did the same thing to them.
I ditched the Bible a very long time ago ... except for a few very narrow circumstances, it hasn't substantially reduced the number of idiots I have to deal with.
These are my options? The Bible or Karl Marx? My answer is mu.
You mean there are places where they aren't?
Certainly in the US and Canada you increasingly hear about ISPs imposing caps on how much data you can transfer before you have to pay more. Lots of coverage about how "unlimited" doesn't actually mean "without limits", but some arbitrary number which is deemed "big enough for anybody unless they're willing to pay more".
This is happening for both internet connections, and mobile data plans.
How so? What he did was basically to allow interoperability.
I find it hard to believe that Sony ever came close to demonstrating that GeoHot violated the DMCA ... they just managed to intimidate him enough to make him stop doing what he was doing and promise never to do it again.
I'm not at all convinced what he did was wrong, or anywhere near illegal.
I expect nothing less than the high quality pedantry I've come to expect from Slashdot over the years.
And you haven't disappointed. ;-)
Except, that none of the stuff GeoHot was doing was actually illegal. It was in support of doing perfectly legal things which Sony said could lead to doing illegal things.
Well, Sony has already used up any good will I could ever have for them as a company ... I'm not sure you could give me something made by Sony unless I was fairly sure the ways in which they could dictate how I use it were pretty narrow. They're not a company I trust for either their quality, or their track record with how they treat customers.
Which, just supports Microsoft instead. Which, I ultimately did when my wife decided she wanted an Xbox to play the dancing games with the Kinect.
And, Sun was a server company.
Which means that people who were using their machines for completely different things than databases, are now more or less getting screwed out of newer functionality on older hardware.
Some older Sun machines are still fairly big boxes, and could likely keep with the new OS.
I think it's mostly the clients of Sun who are getting screwed over in this ... but Oracle doesn't seem to care about that.
I'm less worried about that ... if I actually used your product, and you have my information on file because I gave it to you, I can at least understand how you have it.
It's the people who I have never had a business dealing with, who have managed to get my information that I have a big problem with. who the hell are you, and why do I care? These companies who sell their client lists so that some asshole I've never had any dealings with can call me up ... that I have a problem with.
And, pretty much all telemarketers can go to hell ... you don't have my permission to call me at 9pm to see if I want your product. Besides, so many of the telemarketers I get are sufficiently shady, that I don't care if you might be legitimate or not. I'm on the do not call list, and at this point I'm forced to assume that anybody still calling me is covered under one of the exemptions they feel entitled to, or is a scam ... either way, my response is going to tell you to go away and don't call back. If you're a charity and call three times in a week, well, I pity that last bastard to call because I'll tear him a new one.
My latest scam that I get calls for is some idiot calling from a call center in India or whatever telling me that he's from "the Windows support" -- not what company, just support. I can only assume it's a straight up scam, because there's no indication he actually works for anybody I do business with.
Again, ignoring the technical specifics of "power" vs "energy" ... from their perspective, if you pull in the power to put it into a battery, it's consumption. The fact that it's available for later use is largely irrelevant.
If I buy a gallon of gas and put it into a red plastic can, that doesn't mean that from the pump perspective, I didn't just 'consume' a gallon of gas.
However, I'm glad to see that the fine tradition of pedantry here on Slashdot is being upheld. ;-)
Yeah, but my power bill doesn't have a line item for "energy provided for conversion into another form".
So, for purposes of discussion, the heat, light and mechanical action it turns into is "consumption".
Why, yes ... in fact, that was the crux of the article. I'm not arguing against the idea that these people probably are idiots. I'm just shocked that people who have likely been on training to explain to them the risks are still just as idiotic as the population at large.
I'm not sure anybody has found a reliable method to do that yet. :-P
Pro tip ... look for the Adams apple.
The plastic cigarette holder, cocktail gloves, and using the word "dahling" might help, but not in all cases. ;-)
Also, if they go into the men's room and use the urinal ... but I've actually seen women do that, so it's again not something which works in all cases. :-P
That was my first reaction ... I'm not sure I'm comfortable with random commercial establishments doing full-on facial recognition. It's sure as hell not opt-in, and at what point does this happen every public place I'm in? Way too much erosion of privacy and way too much surveillance society.
The whole notion kind of skeeves me out a little ... as you say "Big Brother at it's finest, portraying themselves as the sheep in wolves clothing."
Do not want.
But, surely government employees and contractors have been through some training that tells them to be careful with stuff like this. They get told to be careful and suspicious because they have sensitive data ... but when DHS throws a bunch of USB sticks into a parking lot, these same people plug it into a government computer.
This isn't Bruce Schneier saying "OMG, these people are idiots" ... this is a test that DHS themselves did which re-affirmed that people are always going to be the weak link in security. I'm still amazed at the extent to which people who should know better still act like complete idiots in the face of something like this.
Bruce is just reporting on this, and the linked article is just pointing to a story on Bloomberg. And, yes, sadly nature is way ahead of the curve on the creation of fools.
I couldn't agree with this more ... I've always hated the fact that Microsoft (in their on-going attempt to pander to drooling idiots) has set it up by default so that it will pretty much run anything that comes near it, without asking the user or any level of assumption that this could be a bad idea.
Yes, computers confused people for a bunch of years ... but running any old binary that comes along is stupid. Merely plugging in a USB drive should not really be a vector for automatic execution of arbitrary code.
In fact, the default to be to NOT run it ... but, everybody is so enthralled with their autorun.exe that they seem to think it's a good idea.
That's what I was thinking ... AFAIK, he was working on something to allow loading of homebrew games onto a PS3 ... other than the fact that Sony are dick heads, what exactly did GeoHot do that was illegal or criminal?
Whoever is lumping him in with people who got somewhere due to their "misdeeds" is an idiot. Sony disagreed with what he did, and claimed it could be used to do illegal things ... but nothing he did was illegal.
Ah, but the beauty of the law is that saying that he really was a bad guy is irrelevant.
There are rules and procedures ... cutting corners when tracking bad guys is just as wrong as using FBI resources to follow the guy you think is screwing your wife.
If you're not allowed to have round the clock GPS tracking without a warrant, and you did it anyway, then everything which comes from that is basically poisoned and likely to be ruled inadmissable.
Which will mark the point at which America ceases to be anything but a police state. Which, sadly, has been the trajectory for the last decade or so.
No no no .... like all software patents, this is a "method for doing something we've all been doing for a very long time, but with a computer."
So your real-world situation isn't covered by this patent, merely doing the exact same thing involving a computer. Not having read the patent, I can only imagine that every claim is unique and something nobody else thought of before.
I think I shall patent "a method for pissing and moaning about the inequities of the world but with a computer" ... then every schmuck who gripes about the state of the world owes me money. That would be awesome.
A couple of years ago an actual Oracle employee told me that Oracle stands for "One Rich Asshole Called Larry Ellison".
Given that he was about to tell us how much something cost, I found the joke rather on point. I know lots of people who suddenly found themselves with older Sun equipment which wasn't on a maintenance program which suddenly didn't have access to updates and patches any more -- because Oracle won't give away anything for free.
It really is a shame to see the demise of Sun hardware, I have such fond memories of it from years ago. Though, truthfully, I haven't personally seen an operating Sun machine in several years (but I'm sure they're out there in droves). Pity to see Oracle speeding up that demise in the name of squeezing out more profit.
Well, I don't see why.
Taiwan told Google that if they're going to sell stuff, they have to offer refunds. If they don't have a mechanism in place to offer refunds, they stop selling.
It's a valid response. It might not be the one you'd prefer, but I don't see why they don't get the option of saying "well, that's not how it works anywhere else". Is Taiwan entitled to buy stuff from Google or something?
Well, he did explicitly say "a number between 1 and 10", so Avogadros' number would be right out.
Even among geeks, the pedantry of selecting non-integers will get you an eye roll, and maybe a friendly offer of a poke in the eye with a sharp stick. ;-)
I always pick pi until they explicitly tell me they wanted an integer.
Corporations generally don't want to run software that is past it's end-of-life and will not be receiving support. I'm just observing that if it comes down to running IE, or having Firefox become unsupported after 3 months (and creating extra work to upgrade), companies will run IE.
Nobody is forcing us to upgrade. But nobody is compelling us to keep running Firefox either. If it's just as easy to choose not to run Firefox .... well, that's a decision people might make, it's a two way street.
Mozilla is free to not give a damn about how companies are affected by this. And companies are free to decide that Mozilla isn't really ready for the enterprise. But, acting like companies should just suck it up and do it the way Mozilla thinks they should ... well, good luck with that.
I think Microsoft would love to hear that companies are leaving Firefox due to this. People can give a shit or not as they feel inclined.
Because the corporations aren't willing to exert the effort and resources to maintain a browser, because it's a complete waste of money for something which is now treated as infrastructure.
This is pretty much what happens when you hear about people asking Linux questions and being told "RTFM n00b". If the beauty of open source is that when it breaks you get to keep all of the pieces ... well, nobody wants a web browser in a kit.
Now, Mozilla might not actually care if corporations stop using their product ... which is fine. But, if you've been trying to grow your market share, not making it impossible for corporations to keep using your product is a good start.
A three month cycle before a release is marked as end-of-life and no longer supported is simply not going to work for corporations. This will work for end users on their own machines, but I can't see it working in a corporate IT environment. In all but a few places I've ever worked, this just couldn't be made to work.