The law makes a differentiation between that which is a right and that which is a power. For example, the Second Amendment defends the right to bear arms. It does not grant anyone the right to overthrow the government, but it does serve (in a fashion) to preserve the power to overthrow the government.
Jury nullification is similarly a power, not a right. No jury has the right to ignore the law and find a guilty defendent innocent. But every jury has the power to do so nonetheless.
The first Amendment does not guarantee anyone the right to pass counterfeit bills. But it does guarantee (rather explicitly, IMHO) the uninfringed right to print them.
Yes, it's pedantic. Constitutions are meant to be like that.
Only a fool would argue against a law prohibiting counterfeiting. But do we want to imbed such a law at the Constitutional level? If a law is found to be in conflict with the Constitution, the Constitution wins hands down. If two parts of the Constitution are found to be ambiguous or in conflict with each other, it may (barring resolution by the Supreme Court) require a Constitutional Amendment (Oh, so THAT's what those are...) to resolve.
Do we want to live in a country where a basic right (such as those delineated in the Rill of Rights) can be legislated away without a change to the Constitution? Clearly not. But if we allow a non-Constitutional process (such as economic pressure on manufacturers) to have the same status as Constitutionally guaranteed rights, we open the door to a situation where some future Attorney General might argue "the need to prevent counterfeiting is in conflict with the need to maintain free press. To resolve the conflict, we must declare the First Amendment unconstitutional."
I hope HP is doing this purely and completely on their own motivation. I would not want to be the one trying to convince the Supreme Court that a government mandated (or even encouraged) printing restriction was not an "infringment of the free press" under the scope of the First Amendment.
... any form of security employed today, other than biometrics, relies on the user knowing something that someone else doesn't.
Well, there's something you know like a password, there's something you are like biometrics and something you have like a physical token, access card or key.
Any (or all) of these can be considered keys, and as such need to be managed. You are correct that every system must have keys, but it's important for the users of these systems to understand what the keys are, and understand that the keys have to be managed.
...you haven't explained why it's a bad thing that the firewall's behavior is changed.
To the extent that the "standard firewall behavior" is changed, two things happen.
First, you gain a certain amount of security (albeit security by obscurity) from the fact that your firewall behavior is different from the standard model. I'd argue the gain a) has limited value, only to the extent that the person implementing the modified behavior takes steps to keep it secret, b) is non-existant against insiders (people who have been told the secret), and c) evaporates completely if the modified firewall behavior becomes the new standard.
Secondly, you introduce the possibility that your modified firewall behavior exposes new vulnerabilities not present in the standard model. We all know the consequences of allowing buffer overflows in firewall software, and we code accordingly. Have we studied at all the consequences of strapping a perl script into IP tables? I don't know what those vulnerabilities are, but as a general rule whenever complexity is added to a system, the possibility of vulnerability increases. This isn't something I'd want to bet on.
I would be very impressed and surprised if you could argue some actual weakness from this...,
So would I.;-) And I'm thinking a system like this won't ever get deployed widely enough to get the attention of the people who could. But systems I would previously considered "near perfect" (like SSH) have had actual weaknesses exposed after deployment, so I wouldn't rule out the possibly that a system with "patently obvious" inperfections harbors them.
The same can be said about any common combination-lock, great against people who don't know the combo, but lets anybody who does through.
In that case, the combination is the key. The owner knows the key must be kept secret and that if the key is revealed, the system is no longer secure.
You are supposing that the knock sequence is static - it need not be.
That is a common mitigation; changing the protocol in this way eliminates replay vulnerabilities but introduces key management challenges, some of which you've acknowledged:
...generated from an initial seed value known by both client & server...
which means the initial seed value becomes a seperate secret which must be tracked, managed, and which could be compromised. It also means that if the random number generator, or the algorithm used to derive the current key from the seed is discovered (it's another secret which has to be managed) then the system is compromised.
...or from the current time of day...
Is that meant to be some sort of secret, too?
When designing a crypto system, you divide it into two pieces: those parts which you will treat as part of the key (and are prepared to keep secret) and those parts which you accept that sooner or later your advesary is going to know. (Purists put everything into the second class, and demand that even passwords be changed frequently) Either the correlation between the key and time-of-day is a part of the secret or it isn't. If it isn't, it adds no security. If it is, you've gained maybe 7 bits of keyspace (using your "5 minutes either side" suggestion) at a huge complexity cost.
What happens if some script kiddie pings the one of the critical ports while the knock-knock password is being entered? The choices are 1) build the system to accept a knock-knock password even if it's "misspelled", or 2) accept the fact that a script kiddie can intentionally DOS you, or (perhaps worse) force you to enter and re-enter your knock-knock password multiple times in hopes of getting through once. It's also vulnerable to man-in-the-middle attacks.
The only advantage I can see from such a system is if it were deployed a) in addition to a secure key negotiation scheme (as a safeguard against the discovery of a vulnerability in that system) and b) if it were custom engineered in each case, as opposed to widely deployed. I don't think it introduces that much of a vulnerability as long as it remains obsecure.
I heed Schneier's advice on this one: leave the design of crypto systems to those who know what they're doing.
No, it doesn't. Read the article. It would be running an added firewall rule that responds differently to connections that were previously attempted on the set ports earlier. There's still no daemon listening. Yes, a slightly higher load from a slightly more complex firewall rule. But not much.
It changes the behavior of the firewall (or whatever is acting as a firewall) from "drop and forget" to "drop, but make a note of it". The behavior is not visible to the outsider if the outsider is looking for a normal reply, but is visible if the outsider knows what's going on. It's great added security from people who don't know the secret, no added security against people who do. In short: security through obscurity.
And your added keyspace is quite significant in this case, since it's not just a mathematical gain, but, in the real world, means you can set your targets all to DROP and hide the existence of your machine completely, making it likely that kiddies will simply leave you alone (obviously this makes no sense if you are running some other public server).
It's as secure as using TELNET was back before everyone started sniffing for passwords.
We all (I hope) already know that anyone with a sniffer can steal your key (password) if you choose telnet. That's why clued people use ssh instead.
But once "knock to open" becomnes common, anyone with a sniffer will also be looking for sequences of probes to non-responsive ports (or whatever) and try replaying those as a form of password. The particular ports, the sequence, the timing, all of these now have to be treated as a guarded secret as well. You wouldn't write down a password, but you'd likely have to write down this information. Or worse, code it into a program.
Don't rely on something remaining secret unless you're willing to protect it as a secret. This "knock to open" is just another hoop a cracker has to jump through on the way into your machine. It will stop the clueless ones cold until they read about how the observant ones got around it, then it won't stop anybody.
But it might also lull the owner of the box into a false sense of security, and to the extent it does, it's a bad idea.
It doesn't have to be listening on the 'knock' ports...
Yes, it does. And thats the point. You're still expending resources monitoring the port, and (presuming it does catch on) you're still responding. You're just not responding in the RFC-approved way.
For now, you'd be gaining some added keyspace to your theorhetical access path, while at the same time introducing a lot of complexity (thus potential compromise points).
At best, you get some added protection from the diversity. At worst, it's just another false sense of security through obscurity blanket.
Is it really? These machines were "completely secure" until a bunch of hackers were kind enough to explain how wrong headed that belief was. I have news for you: there's a bunch of hackers out there who haven't been heard from yet. There's always a bunch of hackers out there who haven't been heard from yet.
Let's face it. Public preception counts for a lot here. If no one questions the securrity of the vote, there is no issue. To the extent that a system allows questions it's bad. That's what we're really talking about here. With paper votes the hacker has to convince some pretty sane people how a bunch of votes for that other candidate got into the box while we were all watching it. With electronic voting he can likely convince them something is wrong even if it isn't.
I'll bet you think your PC is secure. I'll bet you think it's that way for the duration of the time between when you applied the patch for the last vulnerability and when you hear about the next one. Wanna bet there will be another one after that?
Why do people who run the vote presume the burden of proof to be on the black hats? What kind of braindead policy is that? They have no interest in proof, only results.
...simply inspect the internal tape, and if it's intact, reapply new tape to the outside.
You're missing the point. Unless you're very careful, adding complexity is more likely to add a point of vulnerability than to successfully defend against a vulnerability. Complexity is the enemy of (dependability, security, take your pick.)
So, now we have a bunch of people who are authorized to go around replacing tamper-evident tape on secure machines during the election. I thought the point of secret balloting was that I didn't necessarily have to trust any of the people at the polling station, because none of them are empowered to change my vote. Now you've given them carte blanche to replace tamper tape any time they want to. What was the point of that tamper tape again? This is getting good. Care to continue?
We had to deal with a situation where there was no alternative to the existing Diebold machines and a primary in a few weeks. None of this was our choice.
So make it clear to the Board of Elections that these machines are not provably secure and therefore any crackpot lunatic slashdot poster who wants to rig the election has a good chance of getting the votes from a whole machine, a whole polling station, an entire precinct, or the entire state cast into dispute. You don't have to make a strong case that there is a vulnerability, you only have to say that you can't make a strong case there isn't. If you can't make a strong case there isn't, that's really all the ammo a muckraker needs to have a large set of votes thrown out. And the ability to selectively have votes thrown out is just as good as (some would say even better than) the ability to selectively add votes to the count.
Or are you going to just stand there while they string you up for allowing the election to be rigged?
At some point it's going to come down to what people are willing to accept. Make it clear that when people ask you to prove that candidate A got this many votes you want to pull this many pieces of paper out of a started-empty-then-observed-by-all box and let the slashdot lunatic explain how they got in there.
How much is it going to cost to re-run this election, anyway?
A much better solution would be to improve the locks and alarm the doors.
Would it be more helpful if I described all the ways that improving the locks benefits the attacker as much as it benefits the defender? Or would you rather I just say that there are probably a large number of attack vectors which
...put tamper tape inside the locked door as well as outside.
So we have a smart card protected by tamper tape protected by a locked access panel protected by more tamper tape. That makes it more difficult, right?
Now imagine you are the election official and I point out that the outermost tamper tape on a certain machine is broke. Clearly you take the machine off-line, but do you a) leave it off-line through the end of the election (DOS vulnerability) or b) open the access panel to inspect the inside tape?
If you open the panel (explain to me again why allowing the keys to this access door into the precinct isn't itself a vulnerability) and discover the inner tape intact, you have also a) introduced a situation where the access panel door was opened during an election (what was the point of having that locked door again if standard procedure allows it to be opened?) and b) only gained assurance that the attack vectors specifically protected against by the inner tamper tape are safe. If access to the inside of the access panel offers any new attack vectors which aren't protected by tamper tape, any one of these vectors could have allowed an election compromise.
The key to security in this style is to ensure that every unit of added complexity you (as the defender) must add to increase security requires a order-of-magnitude (or more) increase in the amount of complexity I (as the attacker) have to deal with to defeat that security. If your actions fail that test, you're probably doing something counter-productive. It's a tall order, because the attacker always has the option of ignoring the vectors you've protected yourself most strongly against and choosing a less-protected target.
Oh, and BTW, while you and half the untrained volunteer election officials were deciding what to do about that potentially compromised access panel, I walked over to the next machine in the row and scratched the tamper tape off the outer door of that one as well. "This one too..."
Wouldn't you end up with a much more secure system if you could openly and systematically apply those same efforts to reviewing the code inside that black box?
Broad (open source-style) review only catches implementation flaws. It's not designed to deal with protocol flaws, which is the root problem of all voting systems which replace the evidence of a vote with the testimony of a machine.
Great idea... cover the locks with tamper tape. So rather than rigging the election outright by going to the trouble and difficulty of changing the votes on the server, etc., criminals can do it by disqualifying voting machines by breaking the tape, disenfranchising thousands of voters at a time.
Exactly. This points-out the difference in thinking of the hacker's mind. An election official thinks adding complexity (tamper tape) to the system would raise the bar for mischief. Now, instead of just being armed with a lock pick (and the skill+opportunity to use it effectively), the assaliant must also be equipped to tamper with tamper evident tape without getting caught.
In fact they are lowering the bar. The assaliant now needs nothing more than a fingernail to cause reasonable doubt and get all the votes from that machine thrown into question.
How long does it take to train a set of disgruntled minority (in the sense of how their district usually votes) voters to break the tamper-evident seal?
where's the consistency when it comes to anybody else.. diebold, the MS halloween memos... all supposed to be internal memos that were leaked. We all cheered then, didn't we?
Those memos were immediately made public. The "wronged" parties knew that there was a vulnerability. No attempt was made to hide the fact that the information had been compromised.
if you correctly interpret the 2600 definition of hacking, the GOP folks should have disclosed the security vulnerability,
Shouldn't they have also have made a "fix this vulnerability by such-and-such a date, or I'll disclose it to the world..." statement? Ironically, that would have served to show their intentions in this case. As it is, one could infer, from the fact that they made efforts to keep the "exploit" secret and failed to follow-through on their "have you fixed this yet?" notice that their intentions we not honorable.
Didn't we make espionage an act of terrorism under PATRIOT? Or was that some earlier definition of high crimes and misdemeanors which nobody cares about anymore?
And therein lies the problem. Re-read the original post in this thread. Then read it again.
It's not a problem with what the will of the people may have been, the problem occurs because some of those people perceive themselves to have not been represented by the system. Wether they were, in fact, disenfranchised is completely beside the point. Those who complain about the indeterminate result of the 2000 election must admit (if they are to be fair) that it's entirely possible that Bush would have won anyway had there not been any sort of election problems. But they can still complain because we can't know that.
The 2000 election provided a model for anyone wishing to fix a presidential election:
Determine, to a fairly accurate point, which states will go to which candidates and how many electoral votes you will be short.
Of the states failing to vote for you, determine which ones would have voted for you if the electoral vote decision hade been made by means other than the popular vote. For example, in Florida, the electoral vote decision was made (in a legal sense) by the state legislature and (in the populist sense) by the head of the board of elections.
Of this set of states, choose the smallest one which, when toggled, will provide the necessary change. Choose one where the popular vote will be close.
In that state, use the well accepted fact that electronic voting machines can be compromised as grounds to have a certain number of votes, or entire precints, thrown into question.
When the total number of votes in question exceeds the vote spread, the decision is taken out of the hands of the voter and decided by other means, a means which you have carefully selected.
Note that this doesn't require actually compromising any votes, doesn't require hacking voting machines, doesn't involve a chance that anyone will get caught doing anything wrong because nobody is doing anything wrong. (The stoopid part, allowing votes to be cast in a way which can be called into question, will have already been accomplished.)
A careful plotter can even selectively choose which precints will be thrown into question. Consider: a short time before the election the voting machine manufacturer announces a security vulnerability in their vote machines and a patch to fix it. There isn't time to get the patched software re-certified. As the election official for your precint would you a) allow voters to vote on voting machines with a known and publiclly announced vulnerability (and take the chance that your votes would be thrown out because of it) or b) allow voters to vote on voting machines with unproven and unapproved software (and take the chance that your votes would be thrown out because of it)?
This leaves the voting decision apparently in the hands of every individual voter, while the power to select the winner is moved into the hands of:
The state legislatures, to a large extent.
The voting machine manufacturers, to a large extent.
The local election officials, to the extent they are allowed (or mandated) to deploy electronic voting machines.
The media, depending on where (and when) they choose to raise a stink about the falibility of the electronic voting machines.
When you consider recent news stories about how electronic voting machines are mandated to be deployed in a hurry-up mode, how the Legislature in Texas is scrambling to ensure redistricting in favor of Republican candidates, reports of major political endorsements of the current administration by voting machine manufacturers, deployments of massive numbers of military (and reserves) into foreign countries (where, under SERVE, their vote becomes vulnerable), etc, it makes one wonder if I'm the only one smart enough to recognise this vulnerability.
But then again, as a code monkey I guess I should just be looking for someone to open source the voting machine perl scripts so I can just verify for myself that everything in on the up-and-up. That would get many of the supposedly clued slashdotters to shut up anyway.
...encrypts their ballot using a common public key inside a message encrypted using their unique number....
I was wondering if you could explain this a little bit more clearly. I'm having a difficult time explaining to my grandmother why this "choose two three-hundred-and-eighty-four-bit prime numbers, multiply them together..." is a better system than "put an "X" into the box by your candidate's name, place it in the envelope.
Suse, we can write software to do all the dirty bits, but at that point how do we know if it's doing all the dirty bits correctly?
What if, instead of a business site, Mike Rowe created a clone site of Microsoft's content and was damaging their business?
In this case, a Capitalist might argue that his property (the Microsoft site being "property") was being damaged and, upon proving such damages, be awarded compensation. Or he might claim that his copyright and trademark properties (the copies on the clone site) were being used against his wishes, and assert the control of his properties to which the Law avails him.
I was attempting to limit the scope of the discussion to a single issue: If we grant that Microsoft can treat the term "microsoft" as their Trademark, which is to say, it is "property" they own, does this ownership extend to the term "mikerowesoft" or does that term become the "property" of Mike Rowe.? We could have opinions about this either way, but a Card-Carrying-Capitalist must object to the taking of such a property without a mutually agreed-upon compensation. It flies in the face of those who support strong property rights.
If Mike Rowe owns it, let Microsoft purchase it, or do without (their choice).
And if Mike Rowe doesn't own it (and Microsoft does), well then heaven help us all.
...the problem is that under trademark law Mike Rowe may actually be infringing. Lets just assume for a moment that he is.
Okay. We'll need this assumption anyway for a meaningful discussion.
If this is the case, then Microsoft really has no obligation to even offer him $10 - it's straight to court for him.
If we accept this assumption, then Mike never had any property to sell. But if we accept this assumption, then we're saying that when we granted Microsoft ownership of the "microsoft" trademark, we might have actually given them something a lot more valuable than we originally thought.
Consider, during the time between when Mike registered "mikerowesoft" as his property and when Microsoft noticed the (above agreed-to) infringement, would Mike have automatically owned a domain like "MichaelRoweSoftwareCompany" (under our trademark dilution agreement above). Would he be allowed to keep such a property (or would the property be taken from him without compensation) once we agreed that Microsoft owned "mikerowesoft" (but clearly not "MichaelRoweSoftwareCompany")?
Oh my brain hurts.
Now, there is a problem with this, and it's the fact that for Mike Rowe to defend himself, the costs will be exorbinant. The legal system as it is definitely favors those with the deep pockets. But that doesn't make it abuse of the system if there really is a violation, they have no other recourse. Paying Mike Rowe when he likely deserves nothing makes little sense, happy as it might make him.
So I'd summarize this as:
The legal system has a problem.
Microsoft did not create the legal system, and therefore is not responsible for the problem.
Therefore Microsoft's actions (using the legal system for redress) cannot be considered abuse.
I'd argue it becomes abuse because Microsoft is aware of the problem and is leveraging the problem to their own advantage. Consider the following:
Outlook/Internet Explorer have a problem (buffer overflow).
Joe Hacker did not create Outlook/Internet Explorer, and is therefore not responsible for the problem.
Therefore Joe Hacker's actions (worm, virus) cannot be considered abuse.
If Microsoft were "playing fair", they would either not be using an exploit of the legal system to their advantage, or not be asking Joe Hacker to ignore a similar exploit in their software.
And of course, all of this is predicated on the agreement that everything similar to "microsoft" (including, but not limited to, "mikerowesoft" etc.) is now the property of Microsoft. That is still under dispute.
What they're doing is ensuring that their trademark is not diluted.
I'd agree. I'd go even further to say that it should be up to Microsoft (Not ICANN or some other entity) to decide if mikerowesoft dilutes their trademark. If in their opinion it doesn't, then they shouldn't be trying to strongarm Mike. But if in their opinion it does, then Microsoft is already negligent in that they should have protected against the dilution even before Mike registered the domain.
Does that mean it's Microsoft's responsibility to squat on every domain they think could dilute the trademark? Yes. (It's $10/domain. I think they can afford it.) Does that mean if some Mike has already registered a domain they need to negotiate to purchase it? Yes. Should ICANN bow to the pressure of the most politically powerful and take the domain by force? No.
Would this encourage companies to take a more selective view of what they feel dilutes their trademarks? I think so.
You also have to recgonize that Microsoft owns the trademark rights to the name "Microsoft" (or things that sound like it or are spelled like it).
We agree MS owns the trademark to "Microsoft", we disagree over whether that extends to "things that sound like it or are spelled like it". If we were discussing this topic in Chineese, if might be difficult to make the argument that "Microsoft" and "Mike Rowe soft" are spelled in a similar way.
Microsoft has an obligation to their shareholders...to protect its trademark from dilution.
No disagreement on this.
Say after a lenghty lawsuit MS buys this kid's domain for $10,000. Is Mike Rowe really going to walk away happy...
A true Capitalist would be outraged at the thought that someone engaged in a transaction to sell property for money and didn't walk away happy. Capitalism is supposed to be about a willing exchange between entities for the benefit of both. Your example demonstrates that Microsoft is corrupting the capitalistic process; using the threat of a lawsuit (or the costs involved in settling one) to fulfill an "obligation to their shareholders".
how is this about Microsoft promoting their power?
Were it not about power, MS would simply negotiate to a price acceptable to all parties, figure out if they would "walk away happy" with such a deal, and act accordingly.
And since when have capitalists ever been driven by promoting capitalism itself?
I was not referring to capitalists, but rather to people who promote capitalism, who, by definition, always promote capitalism. (Just like not all people who promote Open Source software development are themselves Open Source software developers.)
The system is designed so that society is able to benefit from the profits generated by the businesses.
No. The system designed so that the shareholders are able to benefit from the profits generated by the businesses. Capitalism can be considered democratic only as long as each individual has the opportunity to choose (through becomming a shareholder, for example) which businesses represent their interests, which is to say, so long as the system remains true to capitalistic principles of willing buyers and sellers (a fair market.) When the system is corrupted (as has happened in this case) it's no longer about Capitalism, and therefore no longer democratic.
The system used to be designed as you suggest: in order for a business to get a charter to serve it's shareholder's interests, it would have to prove it was also serving the greater interests of Society. We seem to have forgotten that recently. Nowadays, a business need only prove it's actions are not illegal. For example, one of the problems we have today with spammers is that they univeserally claim to be legitimate businesses which are just protecting their shareholder(s) interest. That may be true, but I'd bet most spammers would disappear if they were forced to prove their actions benefited society as a whole in order to operate as a business. I also suspect that the few spammers who did manage to justify their actions would be tolerated (perhaps even welcomed on the Internet.
I think you're close, but giving Microsoft too much credit. Under the system of Capitalism where Microsoft has thrived, the concept of a property right is sacrosanct. Anyone really interested in promoting Capitalism would acknowledge that Mike Rowe owns the domain name, and is not under any obligation to sell it, or name a price, or even justify why such a named price is warranted. A simple "That property is not for sale." should suffice, and there should be no questions asked about motivation should Mike choose to change his mind suddenly when the price reachess a given level.
What we see here, again, is Microsoft hiding behind a policy of "We're just good little Capitalists trying to make a buck like everyone else..." while their real policy of "control everything at any price" shows through in their actions.
While I don't always agree with prople who promote Capitalism as the one true way, I do wish even they would recognise when they are being used by corporations bent more on promoting their own power than on promoting Capitalism.
Why not get some very small solid rocket engines and put them facing in all directions on this thing.
A common reaction to the realization of a vulnerability is to add complexity to address the vulnerability. This is often a bankrupt strategy.
Wouldn't you feel silly if the "next ones" incorporated exactly this suggestion, and were unusable upon landing because "a small rocket engine, included to address the possibility of a rover getting stuck, ignited on re-entry and destroyed several critical components..."
On projects like this, every gram of hardware costs pounds of fuel, every contingincy plan requires man-weeks of meetings, and every non-essential task added to the process list amounts to a lost opportunity for a once-in-a-lifetime experiment. The last thing you want is find youself facing actual mission failure because of some contingency you put in place to address a possible mission failure.
This is equivalent to saying "you don't need the source, the binary is all you'll ever need." Presumably Novell did this so that if there was something in the letter which wasn't accurately represented by a text-only rendering of the letter, they couldn't be accused of having knowingly stripped that off.
Besides, some karma-whoring AC[1] will post the text conversion by the time I get this response posted anyway.
maybe they missed the deadline cuz all the executives have fled to tropical islands without extradition treaties.
That's not how it's done anymore. These days an executive will just buy an overly large and overly expensive house in Florida, declare bankruptcy (the house is shielded), sell the house and live off the proceeds.
Nowhere in my original post did I mention preventing people from voting based on race - I only said intelligence.
The defense you're asserting; that discrimination based on intelligence should not be equated to discrimination based on some other hot-button factor (such as race) is not a powerful argument.
The point the OP made was that, history has proven, those with an agenda to push will always select a non-contraversial label (such as Intelligence, or literacy, etc.) and apply it in such a way as to effect the discrimination their agenda requires. It's a valid point.
Please remember that, in many circles, the very definition of "basic intelligence" is under dispute. At one time, people without the ability to speak (including physical disabilities) were considered to lack basic intelligence; that's where the common usage of the term "dumb" came from originally.
It's a bad idea to arbitrarily disallow members of a society from participating equally in that society. Perhaps you need to review the words of The U. S. Declaration of Indepencence:
We hold these truths to be self-evident, that all men are created equal, that they are endowed by their Creator with certain unalienable Rights, that among these are Life, Liberty and the pursuit of Happiness. --That to secure these rights, Governments are instituted among Men, deriving their just powers from the consent of the governed...
Slashdot Mirror
Jury nullification is similarly a power, not a right. No jury has the right to ignore the law and find a guilty defendent innocent. But every jury has the power to do so nonetheless.
The first Amendment does not guarantee anyone the right to pass counterfeit bills. But it does guarantee (rather explicitly, IMHO) the uninfringed right to print them.
Yes, it's pedantic. Constitutions are meant to be like that.
Only a fool would argue against a law prohibiting counterfeiting. But do we want to imbed such a law at the Constitutional level? If a law is found to be in conflict with the Constitution, the Constitution wins hands down. If two parts of the Constitution are found to be ambiguous or in conflict with each other, it may (barring resolution by the Supreme Court) require a Constitutional Amendment (Oh, so THAT's what those are...) to resolve.
Do we want to live in a country where a basic right (such as those delineated in the Rill of Rights) can be legislated away without a change to the Constitution? Clearly not. But if we allow a non-Constitutional process (such as economic pressure on manufacturers) to have the same status as Constitutionally guaranteed rights, we open the door to a situation where some future Attorney General might argue "the need to prevent counterfeiting is in conflict with the need to maintain free press. To resolve the conflict, we must declare the First Amendment unconstitutional."
I hope HP is doing this purely and completely on their own motivation. I would not want to be the one trying to convince the Supreme Court that a government mandated (or even encouraged) printing restriction was not an "infringment of the free press" under the scope of the First Amendment.
Well, there's something you know like a password, there's something you are like biometrics and something you have like a physical token, access card or key.
Any (or all) of these can be considered keys, and as such need to be managed. You are correct that every system must have keys, but it's important for the users of these systems to understand what the keys are, and understand that the keys have to be managed.
To the extent that the "standard firewall behavior" is changed, two things happen.
First, you gain a certain amount of security (albeit security by obscurity) from the fact that your firewall behavior is different from the standard model. I'd argue the gain a) has limited value, only to the extent that the person implementing the modified behavior takes steps to keep it secret, b) is non-existant against insiders (people who have been told the secret), and c) evaporates completely if the modified firewall behavior becomes the new standard.
Secondly, you introduce the possibility that your modified firewall behavior exposes new vulnerabilities not present in the standard model. We all know the consequences of allowing buffer overflows in firewall software, and we code accordingly. Have we studied at all the consequences of strapping a perl script into IP tables? I don't know what those vulnerabilities are, but as a general rule whenever complexity is added to a system, the possibility of vulnerability increases. This isn't something I'd want to bet on.
So would I. ;-) And I'm thinking a system like this won't ever get deployed widely enough to get the attention of the people who could. But systems I would previously considered "near perfect" (like SSH) have had actual weaknesses exposed after deployment, so I wouldn't rule out the possibly that a system with "patently obvious" inperfections harbors them.
In that case, the combination is the key. The owner knows the key must be kept secret and that if the key is revealed, the system is no longer secure.
That is a common mitigation; changing the protocol in this way eliminates replay vulnerabilities but introduces key management challenges, some of which you've acknowledged:
which means the initial seed value becomes a seperate secret which must be tracked, managed, and which could be compromised. It also means that if the random number generator, or the algorithm used to derive the current key from the seed is discovered (it's another secret which has to be managed) then the system is compromised.
Is that meant to be some sort of secret, too?
When designing a crypto system, you divide it into two pieces: those parts which you will treat as part of the key (and are prepared to keep secret) and those parts which you accept that sooner or later your advesary is going to know. (Purists put everything into the second class, and demand that even passwords be changed frequently) Either the correlation between the key and time-of-day is a part of the secret or it isn't. If it isn't, it adds no security. If it is, you've gained maybe 7 bits of keyspace (using your "5 minutes either side" suggestion) at a huge complexity cost.
What happens if some script kiddie pings the one of the critical ports while the knock-knock password is being entered? The choices are 1) build the system to accept a knock-knock password even if it's "misspelled", or 2) accept the fact that a script kiddie can intentionally DOS you, or (perhaps worse) force you to enter and re-enter your knock-knock password multiple times in hopes of getting through once. It's also vulnerable to man-in-the-middle attacks.
The only advantage I can see from such a system is if it were deployed a) in addition to a secure key negotiation scheme (as a safeguard against the discovery of a vulnerability in that system) and b) if it were custom engineered in each case, as opposed to widely deployed. I don't think it introduces that much of a vulnerability as long as it remains obsecure.
I heed Schneier's advice on this one: leave the design of crypto systems to those who know what they're doing.
It changes the behavior of the firewall (or whatever is acting as a firewall) from "drop and forget" to "drop, but make a note of it". The behavior is not visible to the outsider if the outsider is looking for a normal reply, but is visible if the outsider knows what's going on. It's great added security from people who don't know the secret, no added security against people who do. In short: security through obscurity.
It's as secure as using TELNET was back before everyone started sniffing for passwords.
We all (I hope) already know that anyone with a sniffer can steal your key (password) if you choose telnet. That's why clued people use ssh instead.
But once "knock to open" becomnes common, anyone with a sniffer will also be looking for sequences of probes to non-responsive ports (or whatever) and try replaying those as a form of password. The particular ports, the sequence, the timing, all of these now have to be treated as a guarded secret as well. You wouldn't write down a password, but you'd likely have to write down this information. Or worse, code it into a program.
Don't rely on something remaining secret unless you're willing to protect it as a secret. This "knock to open" is just another hoop a cracker has to jump through on the way into your machine. It will stop the clueless ones cold until they read about how the observant ones got around it, then it won't stop anybody.
But it might also lull the owner of the box into a false sense of security, and to the extent it does, it's a bad idea.
Yes, it does. And thats the point. You're still expending resources monitoring the port, and (presuming it does catch on) you're still responding. You're just not responding in the RFC-approved way.
For now, you'd be gaining some added keyspace to your theorhetical access path, while at the same time introducing a lot of complexity (thus potential compromise points).
At best, you get some added protection from the diversity. At worst, it's just another false sense of security through obscurity blanket.
I'll pass, thanks.
There are certain advantages to having cut ones teeth on the IBM mainframe.
Heads-up, people. This stuff is way cool. Think of it like a MATRIX you own.
Is it really? These machines were "completely secure" until a bunch of hackers were kind enough to explain how wrong headed that belief was. I have news for you: there's a bunch of hackers out there who haven't been heard from yet. There's always a bunch of hackers out there who haven't been heard from yet.
Let's face it. Public preception counts for a lot here. If no one questions the securrity of the vote, there is no issue. To the extent that a system allows questions it's bad. That's what we're really talking about here. With paper votes the hacker has to convince some pretty sane people how a bunch of votes for that other candidate got into the box while we were all watching it. With electronic voting he can likely convince them something is wrong even if it isn't.
I'll bet you think your PC is secure. I'll bet you think it's that way for the duration of the time between when you applied the patch for the last vulnerability and when you hear about the next one. Wanna bet there will be another one after that?
Why do people who run the vote presume the burden of proof to be on the black hats? What kind of braindead policy is that? They have no interest in proof, only results.
You're missing the point. Unless you're very careful, adding complexity is more likely to add a point of vulnerability than to successfully defend against a vulnerability. Complexity is the enemy of (dependability, security, take your pick.)
So, now we have a bunch of people who are authorized to go around replacing tamper-evident tape on secure machines during the election. I thought the point of secret balloting was that I didn't necessarily have to trust any of the people at the polling station, because none of them are empowered to change my vote. Now you've given them carte blanche to replace tamper tape any time they want to. What was the point of that tamper tape again? This is getting good. Care to continue?
So make it clear to the Board of Elections that these machines are not provably secure and therefore any crackpot lunatic slashdot poster who wants to rig the election has a good chance of getting the votes from a whole machine, a whole polling station, an entire precinct, or the entire state cast into dispute. You don't have to make a strong case that there is a vulnerability, you only have to say that you can't make a strong case there isn't. If you can't make a strong case there isn't, that's really all the ammo a muckraker needs to have a large set of votes thrown out. And the ability to selectively have votes thrown out is just as good as (some would say even better than) the ability to selectively add votes to the count.
Or are you going to just stand there while they string you up for allowing the election to be rigged?
At some point it's going to come down to what people are willing to accept. Make it clear that when people ask you to prove that candidate A got this many votes you want to pull this many pieces of paper out of a started-empty-then-observed-by-all box and let the slashdot lunatic explain how they got in there.
How much is it going to cost to re-run this election, anyway?
Would it be more helpful if I described all the ways that improving the locks benefits the attacker as much as it benefits the defender? Or would you rather I just say that there are probably a large number of attack vectors which
So we have a smart card protected by tamper tape protected by a locked access panel protected by more tamper tape. That makes it more difficult, right?
Now imagine you are the election official and I point out that the outermost tamper tape on a certain machine is broke. Clearly you take the machine off-line, but do you a) leave it off-line through the end of the election (DOS vulnerability) or b) open the access panel to inspect the inside tape?
If you open the panel (explain to me again why allowing the keys to this access door into the precinct isn't itself a vulnerability) and discover the inner tape intact, you have also a) introduced a situation where the access panel door was opened during an election (what was the point of having that locked door again if standard procedure allows it to be opened?) and b) only gained assurance that the attack vectors specifically protected against by the inner tamper tape are safe. If access to the inside of the access panel offers any new attack vectors which aren't protected by tamper tape, any one of these vectors could have allowed an election compromise.
The key to security in this style is to ensure that every unit of added complexity you (as the defender) must add to increase security requires a order-of-magnitude (or more) increase in the amount of complexity I (as the attacker) have to deal with to defeat that security. If your actions fail that test, you're probably doing something counter-productive. It's a tall order, because the attacker always has the option of ignoring the vectors you've protected yourself most strongly against and choosing a less-protected target.
Oh, and BTW, while you and half the untrained volunteer election officials were deciding what to do about that potentially compromised access panel, I walked over to the next machine in the row and scratched the tamper tape off the outer door of that one as well. "This one too..."
Ain't I a stinker?
Broad (open source-style) review only catches implementation flaws. It's not designed to deal with protocol flaws, which is the root problem of all voting systems which replace the evidence of a vote with the testimony of a machine.
Exactly. This points-out the difference in thinking of the hacker's mind. An election official thinks adding complexity (tamper tape) to the system would raise the bar for mischief. Now, instead of just being armed with a lock pick (and the skill+opportunity to use it effectively), the assaliant must also be equipped to tamper with tamper evident tape without getting caught.
In fact they are lowering the bar. The assaliant now needs nothing more than a fingernail to cause reasonable doubt and get all the votes from that machine thrown into question.
How long does it take to train a set of disgruntled minority (in the sense of how their district usually votes) voters to break the tamper-evident seal?
Those memos were immediately made public. The "wronged" parties knew that there was a vulnerability. No attempt was made to hide the fact that the information had been compromised.
Shouldn't they have also have made a "fix this vulnerability by such-and-such a date, or I'll disclose it to the world..." statement? Ironically, that would have served to show their intentions in this case. As it is, one could infer, from the fact that they made efforts to keep the "exploit" secret and failed to follow-through on their "have you fixed this yet?" notice that their intentions we not honorable.
Didn't we make espionage an act of terrorism under PATRIOT? Or was that some earlier definition of high crimes and misdemeanors which nobody cares about anymore?
And therein lies the problem. Re-read the original post in this thread. Then read it again.
It's not a problem with what the will of the people may have been, the problem occurs because some of those people perceive themselves to have not been represented by the system. Wether they were, in fact, disenfranchised is completely beside the point. Those who complain about the indeterminate result of the 2000 election must admit (if they are to be fair) that it's entirely possible that Bush would have won anyway had there not been any sort of election problems. But they can still complain because we can't know that.
The 2000 election provided a model for anyone wishing to fix a presidential election:
Note that this doesn't require actually compromising any votes, doesn't require hacking voting machines, doesn't involve a chance that anyone will get caught doing anything wrong because nobody is doing anything wrong. (The stoopid part, allowing votes to be cast in a way which can be called into question, will have already been accomplished.)
A careful plotter can even selectively choose which precints will be thrown into question. Consider: a short time before the election the voting machine manufacturer announces a security vulnerability in their vote machines and a patch to fix it. There isn't time to get the patched software re-certified. As the election official for your precint would you a) allow voters to vote on voting machines with a known and publiclly announced vulnerability (and take the chance that your votes would be thrown out because of it) or b) allow voters to vote on voting machines with unproven and unapproved software (and take the chance that your votes would be thrown out because of it)?
This leaves the voting decision apparently in the hands of every individual voter, while the power to select the winner is moved into the hands of:
When you consider recent news stories about how electronic voting machines are mandated to be deployed in a hurry-up mode, how the Legislature in Texas is scrambling to ensure redistricting in favor of Republican candidates, reports of major political endorsements of the current administration by voting machine manufacturers, deployments of massive numbers of military (and reserves) into foreign countries (where, under SERVE, their vote becomes vulnerable), etc, it makes one wonder if I'm the only one smart enough to recognise this vulnerability.
But then again, as a code monkey I guess I should just be looking for someone to open source the voting machine perl scripts so I can just verify for myself that everything in on the up-and-up. That would get many of the supposedly clued slashdotters to shut up anyway.
I was wondering if you could explain this a little bit more clearly. I'm having a difficult time explaining to my grandmother why this "choose two three-hundred-and-eighty-four-bit prime numbers, multiply them together..." is a better system than "put an "X" into the box by your candidate's name, place it in the envelope.
Suse, we can write software to do all the dirty bits, but at that point how do we know if it's doing all the dirty bits correctly?
What would you think of someone named Armand Hammer?
Now, google it. Or, just get the straight dope from: http://www.straightdope.com/classics/a1_198.html
In this case, a Capitalist might argue that his property (the Microsoft site being "property") was being damaged and, upon proving such damages, be awarded compensation. Or he might claim that his copyright and trademark properties (the copies on the clone site) were being used against his wishes, and assert the control of his properties to which the Law avails him.
I was attempting to limit the scope of the discussion to a single issue: If we grant that Microsoft can treat the term "microsoft" as their Trademark, which is to say, it is "property" they own, does this ownership extend to the term "mikerowesoft" or does that term become the "property" of Mike Rowe.? We could have opinions about this either way, but a Card-Carrying-Capitalist must object to the taking of such a property without a mutually agreed-upon compensation. It flies in the face of those who support strong property rights.
If Mike Rowe owns it, let Microsoft purchase it, or do without (their choice).
And if Mike Rowe doesn't own it (and Microsoft does), well then heaven help us all.
Okay. We'll need this assumption anyway for a meaningful discussion.
If we accept this assumption, then Mike never had any property to sell. But if we accept this assumption, then we're saying that when we granted Microsoft ownership of the "microsoft" trademark, we might have actually given them something a lot more valuable than we originally thought.
Consider, during the time between when Mike registered "mikerowesoft" as his property and when Microsoft noticed the (above agreed-to) infringement, would Mike have automatically owned a domain like "MichaelRoweSoftwareCompany" (under our trademark dilution agreement above). Would he be allowed to keep such a property (or would the property be taken from him without compensation) once we agreed that Microsoft owned "mikerowesoft" (but clearly not "MichaelRoweSoftwareCompany")?
Oh my brain hurts.
So I'd summarize this as:
- The legal system has a problem.
- Microsoft did not create the legal system, and therefore is not responsible for the problem.
- Therefore Microsoft's actions (using the legal system for redress) cannot be considered abuse.
I'd argue it becomes abuse because Microsoft is aware of the problem and is leveraging the problem to their own advantage. Consider the following:If Microsoft were "playing fair", they would either not be using an exploit of the legal system to their advantage, or not be asking Joe Hacker to ignore a similar exploit in their software.
And of course, all of this is predicated on the agreement that everything similar to "microsoft" (including, but not limited to, "mikerowesoft" etc.) is now the property of Microsoft. That is still under dispute.
I'd agree. I'd go even further to say that it should be up to Microsoft (Not ICANN or some other entity) to decide if mikerowesoft dilutes their trademark. If in their opinion it doesn't, then they shouldn't be trying to strongarm Mike. But if in their opinion it does, then Microsoft is already negligent in that they should have protected against the dilution even before Mike registered the domain.
Does that mean it's Microsoft's responsibility to squat on every domain they think could dilute the trademark? Yes. (It's $10/domain. I think they can afford it.) Does that mean if some Mike has already registered a domain they need to negotiate to purchase it? Yes. Should ICANN bow to the pressure of the most politically powerful and take the domain by force? No.
Would this encourage companies to take a more selective view of what they feel dilutes their trademarks? I think so.
We agree MS owns the trademark to "Microsoft", we disagree over whether that extends to "things that sound like it or are spelled like it". If we were discussing this topic in Chineese, if might be difficult to make the argument that "Microsoft" and "Mike Rowe soft" are spelled in a similar way.
No disagreement on this.
A true Capitalist would be outraged at the thought that someone engaged in a transaction to sell property for money and didn't walk away happy. Capitalism is supposed to be about a willing exchange between entities for the benefit of both. Your example demonstrates that Microsoft is corrupting the capitalistic process; using the threat of a lawsuit (or the costs involved in settling one) to fulfill an "obligation to their shareholders".
Were it not about power, MS would simply negotiate to a price acceptable to all parties, figure out if they would "walk away happy" with such a deal, and act accordingly.
I was not referring to capitalists, but rather to people who promote capitalism, who, by definition, always promote capitalism. (Just like not all people who promote Open Source software development are themselves Open Source software developers.)
No. The system designed so that the shareholders are able to benefit from the profits generated by the businesses. Capitalism can be considered democratic only as long as each individual has the opportunity to choose (through becomming a shareholder, for example) which businesses represent their interests, which is to say, so long as the system remains true to capitalistic principles of willing buyers and sellers (a fair market.) When the system is corrupted (as has happened in this case) it's no longer about Capitalism, and therefore no longer democratic.
The system used to be designed as you suggest: in order for a business to get a charter to serve it's shareholder's interests, it would have to prove it was also serving the greater interests of Society. We seem to have forgotten that recently. Nowadays, a business need only prove it's actions are not illegal. For example, one of the problems we have today with spammers is that they univeserally claim to be legitimate businesses which are just protecting their shareholder(s) interest. That may be true, but I'd bet most spammers would disappear if they were forced to prove their actions benefited society as a whole in order to operate as a business. I also suspect that the few spammers who did manage to justify their actions would be tolerated (perhaps even welcomed on the Internet.
I think you're close, but giving Microsoft too much credit. Under the system of Capitalism where Microsoft has thrived, the concept of a property right is sacrosanct. Anyone really interested in promoting Capitalism would acknowledge that Mike Rowe owns the domain name, and is not under any obligation to sell it, or name a price, or even justify why such a named price is warranted. A simple "That property is not for sale." should suffice, and there should be no questions asked about motivation should Mike choose to change his mind suddenly when the price reachess a given level.
What we see here, again, is Microsoft hiding behind a policy of "We're just good little Capitalists trying to make a buck like everyone else..." while their real policy of "control everything at any price" shows through in their actions.
While I don't always agree with prople who promote Capitalism as the one true way, I do wish even they would recognise when they are being used by corporations bent more on promoting their own power than on promoting Capitalism.
A common reaction to the realization of a vulnerability is to add complexity to address the vulnerability. This is often a bankrupt strategy.
Wouldn't you feel silly if the "next ones" incorporated exactly this suggestion, and were unusable upon landing because "a small rocket engine, included to address the possibility of a rover getting stuck, ignited on re-entry and destroyed several critical components..."
On projects like this, every gram of hardware costs pounds of fuel, every contingincy plan requires man-weeks of meetings, and every non-essential task added to the process list amounts to a lost opportunity for a once-in-a-lifetime experiment. The last thing you want is find youself facing actual mission failure because of some contingency you put in place to address a possible mission failure.
This is equivalent to saying "you don't need the source, the binary is all you'll ever need." Presumably Novell did this so that if there was something in the letter which wasn't accurately represented by a text-only rendering of the letter, they couldn't be accused of having knowingly stripped that off.
Besides, some karma-whoring AC[1] will post the text conversion by the time I get this response posted anyway.
[1] I know, no such beast.
That's not how it's done anymore. These days an executive will just buy an overly large and overly expensive house in Florida, declare bankruptcy (the house is shielded), sell the house and live off the proceeds.
Don't you just hate it when other people have opinions which are both different than yous and better than yours?
It makes you just want to crawl away and be someone else, eh?
The defense you're asserting; that discrimination based on intelligence should not be equated to discrimination based on some other hot-button factor (such as race) is not a powerful argument.
The point the OP made was that, history has proven, those with an agenda to push will always select a non-contraversial label (such as Intelligence, or literacy, etc.) and apply it in such a way as to effect the discrimination their agenda requires. It's a valid point.
Please remember that, in many circles, the very definition of "basic intelligence" is under dispute. At one time, people without the ability to speak (including physical disabilities) were considered to lack basic intelligence; that's where the common usage of the term "dumb" came from originally.
It's a bad idea to arbitrarily disallow members of a society from participating equally in that society. Perhaps you need to review the words of The U. S. Declaration of Indepencence: