Still a kludge. I'll be waiting for a technology that doesn't wear out at all - or at least not within a human lifetime. Flash memory is still half-baked IMHO.
There will never be one.
Hard drives and SSDs both push the limits of what can be manufactured at the time, both operate on fairly narrow margins. It'd be possible to make a modern 100GB drive using the modern tech intended for 2TB and have a drive that's really, really reliable.
But who'd buy it? It would lose badly on performance and capacity parameters, which is all people look at when buying.
Remember perpendicular recording? What we got thanks to that is getting data packed more tightly, not more redundancy.
If people did exactly what you're claiming Missionaries are saying, then AIDS would disappear in a generation or two.
I repeat: solutions must be reality based.
Yes, if they did, it would work. But people don't, which has been proven over and over. So a realistic solution must start from accepting that fact and finding a solution that allows for promiscuity.
And in the case of Africa, where culturally it is quite permissible to gang rape women repeatedly, the "don't have sex outside of marriage" message is actually better than leaving the status quo, don't you think?
What, you seriously think that if somebody who would commit rape hears the "no sex outside marriage" message they're going to obey it?
People who decide to rape already are going against mountains of morals and laws, adding an extra one isn't going to make much of a difference. They already have found some way to justify their actions, they'll find one to justify adultery just fine.
Here the problem runs much deeper and isn't going to be solved that easily. A solution has to include education, law enforcement and cultural changes.
What I find completely interesting, is that people like yourself have continue to promote women as sex objects, under the guise of "woman's rights".
Maintaining a count of how many times any given cell has been written would take a lot more memory (not to mention processing power) than these devices contain.
Bullshit.
SSDs erase in extremely large blocks, like 256K. Having a counter per block is not a problem. It works out to 16K of memory per GB for a 32 bit counter per block.
It probably doesn't even take an extra space, since a block probably already contains metadata and ECC, so a simple counter probably fits in there nicely, It won't even cause any extra wear because the only time you want to change the counter is when the block is being rewritten anyway.
No, the religion isn't the problem. The problem is people only listening to part of what the religious people are saying. Most (all?) of the religions that forbid condoms also preach sex for procreative purposes in marriage only.
Yes it is. Problem with that, people have been demonstrated not to care that much about the "sex for procreative purposes in marriage only" part. However, the condoms part seems to work a lot better.
Why is that? Probably because controlling behavior, especially what people do in private is very difficult. Controlling what gets sold or produced is a lot easier.
Hence with religion you get lack of condoms, as well as people ignoring the "no sex outside of marriage" part. Condoms and sex outside of marriage would work a lot better, and in fact does as can be seen from the difference between first and third world countries: in first world countries population and STDs are well controlled, while in the third world it's an epidemic and people breed like rabbits.
Like I said, a solution to the problem must be realistic. Solutions that involve convicing the population to behave in a way that they're repeated shown they are not going to are invalid.
Now, maybe if everyone used condoms all the time, STD rates would (collectively) drop, but any scientist, who is being honest, would tell you that if people had as much unprotected sex as they wanted, but with only one person, STDs would vanish in about a single generation.
Yes, and if everybody agreed not to kill people we'd save a bunch on law enforcement, but that's not going to happen either. It's pointless to think about that, people aren't going to behave in some idealized way. We need to make solutions for how they actually do.
I should also add that humans cannot use condoms 100% of the time, as it would mean devastate our population. Japan is a pretty good example: their birth rate is currently significantly lower than their death rate (~40% lower, and that is only likely to become worse as their population ages).
So? When people want to have children they generally do it inside marriage. Condoms don't prevernt people from having children, they can easily choose not to use one when they want to.
But in a modern society such as Japan, children are expensive, people marry late and care about their carreers and education and so on. People in Japan don't have children because for whatever reason they figure it'd be a bad idea, not because they're incapable of deciding not to use a condom somehow.
For instance, most people think they should have their own home before having children. Housing being so expensive doesn't help.
So? HDDs also die. They're guaranteed to in fact, since they have plenty moving parts that will wear out eventually. I've had quite a few drives die on me.
SDDs at least in theory wear out in a predictable manner and can deal with the effects without data loss. Since flash fails on write, a SDD conceivably could (I don't know if any do that) reach a point where it says "that's it, no more redundancy left, read only access from now", which is a whole lot better than a head crash.
Everybody should have a backup plan, regardless of storage tech.
The religious argument is "Listen, we think you should only have sex with the person you're married with, and you should also procreate." You can agree with this or not (I don't, for the record), but you can't twist it.
No, this is wrong. It implies that contraception in marriage is okay. Maybe if you have children at some point, as your sentence isn't very clear on that.
The religious argument is:
1. Sex only in a marriage 2. Each sex act must be unitive and procreative. You're not allowed to artificially interfer with the procreative part.
Natual infertility or menopause is fine, not having sex is fine. Condoms, pills, IUDs or anything else of the sort is not. In my understanding, any time you have sex there must exist a possibility of pregnancy.
Problem is, this doesn't work. Solutions to AIDS must be based on how people actually behave, not how some church a lot of people don't adhere to anyway thinks they should be behaving. Like Feynman said, "For a successful technology, reality must take precedence over public relations, for Nature cannot be fooled."
Problem is there is this nasty thing called "religion" whose adherents keep on insisting that condoms are somehow wrong, and that sex is for procreation only.
A big part of the problem is all those religious jerks that are coming to those third world countries to insist on that. Fortunately they're not getting all that much traction in civilized places, but in third world countries it's devastating.
Add to that ridiculous notions held by people in some of those countries, like that sex with a virgin will cure you, and you have one horrible mess as a result.
Kicking out all those missionaries and bringing in some proper education would do wonders.
I thought that shielding was well understood and in fact a good reason of the part why microwave ovens are a common household item.
Could anybody with experience in these matters explain where the leak is coming from, and why do they still exist? Is it impractical or physically impossible to have perfect shielding for some reason?
A typical engineer's attitude towards art. Let me guess - you don't make money by writing the book, you get it by doing readings or something right? You don't make money by painting the painting, but by charging for t-shirts of the painting.
Generally, no, you write the book or paint the picture as a commission. The engineer's version of art is everybody setting up a shop on DeviantArt, more or less. Doesn't matter much if it gets copied if what you do is custom.
You know what bud, there is absolutely nothing in this world that you can't do that can't be done more cheaply by a team somewhere in Eastern Europe, Asia or India. No skill you have, no knowledge you hold, no talent (because you certainly don't believe that talent is worth rewarding given your attitude towards artists) that can't be replicated by a few hundred thousand less well compensated people around the globe.
Yes, your point being? It's not new in IT, I knew about it when I was getting started. Yet I still manage to make money from it, go figure.
Think about this in 20 years when you attacked the foundation of the artists income. There will be poetic justice (not that you believe in the merits of poetry or literature because that doesn't fit nicely into your worker drone paradigm). Because your job is on pretty fucking shaky ground as well - because if a company can get the same level of drivel (and your post indicates that your intellectual skills aren't anything exceptional) out of someone much cheaper - they'll turf you like a used tampon.
There will be no poetic justice because lots of people already live in this nightmare world you're imagining and doing pretty well actually.
Look at the Shapeways videos. There's quite a lot of human labor required, and it misses on economies of scale.
I think for a long time it'll be like with printers. Anybody can print an entire book at home if they want to, but getting it to the point where it really looks like a book is difficult and much more expensive than just buying it. Things will only change radically if the cost falls down so much that it's only a small percentage over mass production.
Probably the first change will be towards more customization. You'll still buy say, a computer mouse, but if you want to be really cool you'll print a custom casing for it.
There's no point in reading a disk byte by byte, as the disk is read by sectors, and the read errors you're getting are from the CRC mismatch in the sector you've read. Floppy sectors are usually 512 bytes, but could be something else for weird formats like 2M (why do I still remember this stuff?)
Sometimes it helps to intercalate reads of sectors other than the one you're trying to read, in order to make the head move. That can help with reading bad sectors as disk heads have some positioning imprecision, so starting from different points may help get the head into a position that works better.
Yes, but unlike Martin Luther King and civil rights, I'm in favor of software not always being something which needs to be open.
Whether you agree or not with his position doesn't have anything to do with what I'm saying.
My point is that during MLK's time there were plenty people around who didn't agree with him. But if he just had shut up and decided to compromise he wouldn't have got anywhere.
The same way, it makes no sense for Stallman to shut up, because then he wouldn't be saying anything at all. Your agreement or disagreement is entirely irrelevant, if Stallman really wants to get something done, he's got to keep saying what he does, whether you like it or not.
If he holds a rigid "either/or" position on if, for example, software that I write needs to be open or not... well, he can go to hell because he doesn't get a vote on what it I do with code I write.
Sure he does. He for instance can choose not to buy proprietary software if he wishes, and that's effectively a vote because there's no point in writing any if nobody buys it. If he manages to convince enough people that he's got a point that's your vote right there.
You do the same thing every time you decide to buy or not to buy a music CD, that sort of thing is effectively a vote on whether the next album get made.
If all you're doing is trying to tell me that I'm committing some form of sin because I write proprietary software, you're a rabid zealot, and I will treat you as such.
I'm not saying anything about my own opinion on the matter actually. And I don't really care if you think I'm a zealot or not, that's your own business.
There's no point in being flexible in the position.
Imagine say, Martin Luther King being flexible in his position. "I have a dream that my four little children will one day live in a nation where they will not be judged by the color of their skin but by the content of their character... when the authorities feel like it".
There's just no point to that, because it changes nothing. If Stallman wasn't inflexible he wouldn't be effectively saying anything, and you wouldn't have heard of him (and probably what resulted from his efforts) in the first place.
Nobody seriously dedicated to something is flexible in their dedication. All the people who got something big done were uncompromising about it.
Problem is most people don't think enough about things, and by the time they start caring too late.
Like people who think you're a nut for not liking region locks on media, right until the point where they move to another country, and find that their collection doesn't work on local players, and they can't play movies they buy from their home country.
It's sad you got a Troll mod for pointing out that not everyone cares what RMS has to say. Because, an awful lot of us tuned him out years ago. Sure, he's a smart guy who has been an advocate for free software... but his completely inflexible view that all software must live up to his notion, well, I just can't agree with him.
Disagreement is fine, calling people "rabid Stallmanites" is insulting and gets a troll mod from me automatically. If you seriously want to make that point you can make it a bit more politely.
Remove the Chinese CA? That idea is "trust agility". You're suggesting you have some ability to change who you trust with modifying browser CA lists. It's quite minimal, really:
I didn't say it was perfect, my point here is that in a worst case situation, a CA system still can work acceptably, even if not in an user friendly manner or using the default settings.
Did you remove the Diginotar cert?
Yes, all of them
And what if the CA is someone like Verisign? Do you remove Verisign? And make a quarter of HTTPS connections show up as invalid? Too big to fail is another failure of trust agility.
That's why I'm advocating for multiple signatures
And did you know that Diginotar's website had been hacked as far back as 2 years ago? And they never noticed or fixed it until now. Could their CA cert have been compromised then? 2 years of exposure, without a hint so we couldn't have removed the certs even if we knew which ones were relevant.
I see the same problem existing with notaries, except worse, because notaries will be much less monitored.
I assume "it" refers to notary access. I pointed out earlier that firewalling by protocol or port would be problematic because Convergence notaries use HTTPS.
You don't understand firewalls. Firewalls act on IP addresses and ports. They do their work before a SSL negotiation can begin, making SSL entirely irrelevant.
I assume you're thinking about filtering proxies.
And if they managed somehow to block all notaries by identifying some quality of the requests, you might still be able to access them via web proxy or SSH.
Sure, but now checking your mail involves finding and using a proxy, or caching certs in advance. Convenience is an important part of security. Nobody will bother with it if it requires arcane incantations every time.
The system is in the process of being built. Think about how it might work. The fundamentals look good. Apply your imagination to the particulars.
I am thinking about it, which is exactly why I'm having this argument.
Would the EFF run a notary? Perhaps they'd even run a network of notaries? Would any of a number of freedom-promoting organizations run notaries? Why not individual system administrators?
How do you know it's the EFF notary? Again, you need to bootstrap your system. How does that work?
How many people run authoritative DNS servers? How many people run Tor systems? (How many people run SETI?) I doubt that "very very few" people would run notaries.
Bad examples. DNS is inherently insecure, and SSL specifically tries to ensure that DNS issues get noticed. Tor has an entirely different security model. SETI doesn't have anything to do with anything and is not externally accessible, and any uptime for it is completely optional.
As a security critical service, a notary has requirements that none of those have.
I could certainly add your notary to my list. You'd have to know who else I had in my list if you wanted to collude with them to get a necessary percentage for any one attack. It would be infeasible. If your notary started returning bogus values (not agreeing with the other notaries), it would reveal itself as corrupt.
I'm not sure this works long term. It seems too maintenance intensive. If you leave that to the end users, it will end up going very wrong sooner or later, I think.
When the Convergence protocol fails, it does not generate false positives. When the current CA system fails, it generates false positives. That is unacceptable. A notaries-based system may or may not pan out. That remains to be seen. But it is clear that the current CA
Wikipedia isn't limited by space and volunteer driven. If somebody currently wants to write about Pokemon, then they will try to write about Pokemon. If you insist on interferring with that attempt, then you're likely to seriously cause a bad impression to somebody who's trying to make a honest, if not very important contribution.
As a result, they get fed up and leave, maybe for Bulbapedia, instead of sticking around, and maybe writing on something a bit more important next time. After all, Wikipedia isn't a job, and you can't command people like that there.
The mentality of that some not very important articles are too long is IMO a big problem. Because there has to be something silly and harmless to get a new contributor started. Pokemon is probably one of the best first starting subjects, because it's easy to contribute on it: there's lots of info that can be contributed, and it's well documented outside on WP.
In comparison starting from trying to contribute on the page of Pasteur will be like walking into a battlefield. You'll quickly need to start discussing medical literature, and that's not really easy for most people. Somebody with a real interest might get into that, but most likely only after getting practice on something else, just like coders don't get started by contributing to the Linux kernel.
IMO that's why Wikipedia is losing contributors. If you actively reject attempts to contribute in the easiest places, then smack people in the face with huge amounts of WP: regulation in other places, then very few people are going to be willing to stick around.
And, anyway, this scenario assumes you can block the notaries. Anyone can run a notary. Not everyone has to publicize their notary.
Imagine I travel to an untrustworthy country. Let's say I go to China, and try to check my mail from there. Now, the government wants to know for whatever reason what I'm up to.
With the CA system, if they block OCSP that's not very significant for reasons I outlined before. They can block gmail.com, but then I can't get to my mail and never even send the password, so they don't get anything. The worst thing they can do is to use their CA to emit a valid cert for gmail.com and spy on me that way. That is a big problem, but I can remove the chinese CA from my system. Certainly this isn't perfect at all, but workable to some extent.
Now Convergence: if Convergence is blocked I can still connect to gmail. And if they firewall it off country-wide I have no way to reach it at all. One needs to be really dedicated to security not to say "ah, screw it" and resist checking the mail over a possibly insecure connection. With CAs I can try to find a secure site that the government isn't intercepting. With Convergence being disabled it's all equally unclear.
There is a public notary list. But it is not the only list and it's not comprehensive. Anyone can run a notary. The larger and more diverse the ecosystem of notaries is, the healthier the scheme.
Which is cool and all but not very helpful. First, if the notaries aren't published anywhere, how do people find about them? Very very few people are going to run their own notary. Few people understand all this stuff, and even fewer have the means to run a notary that has a different perspective than their own.
Second, I can go set up a notary right now. Will you trust it? Why? If not, then how do you determine when to trust a notary? If you use custom notaries how do you bootstrap the system? That is, how do you, before the system that checks certificates is ready, check the certificate for the notaries that compose it, so that you know you're talking to the notary you wanted to talk to?
Third, picture the system 10 years in the future. We have 10 competing services in the style of Convergence, at 10000 notaries run by various people. How do you decide which are trustworthy and secure? How do you deal with the possibility of somebody setting up lots of notaries with an extra feature to let MITM go undetected sometimes, or lots of notaries becoming unmaintaned and insecure? Somebody has to police this stuff, but who?
How many people run their own DNS or NTP servers? How will you block all possible notaries?
They mostly run them on their own network, which is pointless for this application. Your notary would see the same perspective you do, contributing nothing useful.
I strongly suspect the nature of notaries is not being understood.
I strongly suspect the same on your part, or more precisely that you're not thinking enough of issues like how does one determine what is a good notary to use, and how to bootstrap the system.
You're basically setting up your own trusted CA list. Suppose you clear your browser's CA list and start from scratch. How do you decide whether to trust Verisign, and how do you make sure it's really Verisign without a working authentication system?
Alternatively, you're trusting somebody else to provide you with a list of notaries, but that's easily blockable.
Another thing: why do you trust Convergence? Is making a good presentation all it really takes to convince you to install a plugin that overrides how your browser does security?
It will do no such thing!
That's pretty far from how notaries work.
Sure it will. Nothing in the video contradicts it.
If I have gma1l.com, make a cert with CN: gma1l.com and "Google Inc" in the organization field, both
CA SSL requires "third party" net access for certificate revocation checks (OCSP).
That's a lot harder to abuse, though. Revocations are rare. A site that keeps using a revoked cert for very long is even rarer.
That CA SSL cert revocation using third parties is (as it's handled in most situations) susceptible to replay attack.
But to exploit that, you need to find a site that has something valuable, that's still using a compromised cert, to have the private key to that cert, and to replay OCSP. That's pretty tough. That needs to be a specific, targeted attack.
In comparison, an open wifi network that blocks Convergence can be set up once and just left there until somebody falls for it.
Blocking a potential victim's access to n out of m notaries (where n equals something of the user's choice and m equals a potentially huge number of systems) is an unlikely attack.
The user may decide to change their current list of notaries to circumvent a block. ("trust agility")
Extremely easy, actually. Just run a wireless AP. The notary list is public. You can block every notary automatically with a shell script, or blocking by port.
Convergence notaries appear to use HTTPS, so blocking becomes yet more challenging.
Not in the slightest, you fetch the public notary list and firewall off everything in there. SSL doesn't help.
Now with the current CA system that doesn't do you any good. You can block access to OCSP, but as I said above you need a number of other things for that to allow you to compromise something. Or you can block the server the user is trying to connect to, but that's pointless.
Convergence caches good certs, so the block has to occur at the right time.
It's still a lot easier though. Run an AP in a public place and you'll catch somebody sooner or later.
I don't mind the idea of it in general, I think it can be an useful tool for somebody who knows what's going on, and what the results those systems produce mean.
But I don't think they Covergence or Perspectives should replace the CA system. They can augment it, but they lack too many of the functions of a CA to be a good replacement.
The main benefit from this system is "trust agility". If someone hacks and obtains a root cert from Verisign, what are you (or the browser vendor) going to do? Keep the cert on the browser and risk being MITMed, or removing it and break half of encrypted websites? Diginotar was just a small CA, but what if a big one is hacked?
I suggested an alternative in an earlier article: Change to a system of having multiple CA signatures on a cert, so that a CA can revoke without invalidating a certificate. Eg, min 3 signatures required, you get 5, so two can be revoked with no harm.
Convergence/Perspectives lets you have more than one notary verifying each cert, which means you won't break anything if you need to remove trust on one of them. By itself this makes it much better than the CA system, in my opinion.
Yes, but the notaries are much less safe. A CA at least verifies that you control the domain/email address the cert is for, notaries don't even do that, let alone checking that the metadata is correct.
Notaries are also necessarily accessible directly, so they're more vulnerable to attack, and notaries of the same system all work in the same way.
Also, being able to untrust a notary is nice, but how do you know when you need to? It's a run your own if you want deal. I can imagine what will happen: enthusiastic people will set up their notary, forget about it 3 months later, and soon enough there will be lots of unmaintained ones. Your list of notaries will eventually include those running on a forgotten 486 in a closet, insecure multiuser systems, unreliable connections, and so on. Some of that can be policed intentionally, but security can't.
Slashdot Mirror
Nope, I don't see it.
There will never be one.
Hard drives and SSDs both push the limits of what can be manufactured at the time, both operate on fairly narrow margins. It'd be possible to make a modern 100GB drive using the modern tech intended for 2TB and have a drive that's really, really reliable.
But who'd buy it? It would lose badly on performance and capacity parameters, which is all people look at when buying.
Remember perpendicular recording? What we got thanks to that is getting data packed more tightly, not more redundancy.
I have, but I've got no clue what your point is. Explain?
Different kind of failure. You're linking to firmware bugs. HDDs have those as well
In this thread we're discussing wear induced failure.
I repeat: solutions must be reality based.
Yes, if they did, it would work. But people don't, which has been proven over and over. So a realistic solution must start from accepting that fact and finding a solution that allows for promiscuity.
What, you seriously think that if somebody who would commit rape hears the "no sex outside marriage" message they're going to obey it?
People who decide to rape already are going against mountains of morals and laws, adding an extra one isn't going to make much of a difference. They already have found some way to justify their actions, they'll find one to justify adultery just fine.
Here the problem runs much deeper and isn't going to be solved that easily. A solution has to include education, law enforcement and cultural changes.
I'm intrigued, explain how does that work?
Precisely, part 1 is the thing. People are going to have sex whether you tell them they shouldn't or not.
They have plenty religious types telling them they shouldn't be having sex outside of marriage yet nobody pays attention to it.
That people will have sex is a given, all that can be done is giving them a way to do it without getting infected.
Bullshit.
SSDs erase in extremely large blocks, like 256K. Having a counter per block is not a problem. It works out to 16K of memory per GB for a 32 bit counter per block.
It probably doesn't even take an extra space, since a block probably already contains metadata and ECC, so a simple counter probably fits in there nicely, It won't even cause any extra wear because the only time you want to change the counter is when the block is being rewritten anyway.
Yes it is. Problem with that, people have been demonstrated not to care that much about the "sex for procreative purposes in marriage only" part. However, the condoms part seems to work a lot better.
Why is that? Probably because controlling behavior, especially what people do in private is very difficult. Controlling what gets sold or produced is a lot easier.
Hence with religion you get lack of condoms, as well as people ignoring the "no sex outside of marriage" part. Condoms and sex outside of marriage would work a lot better, and in fact does as can be seen from the difference between first and third world countries: in first world countries population and STDs are well controlled, while in the third world it's an epidemic and people breed like rabbits.
Like I said, a solution to the problem must be realistic. Solutions that involve convicing the population to behave in a way that they're repeated shown they are not going to are invalid.
Yes, and if everybody agreed not to kill people we'd save a bunch on law enforcement, but that's not going to happen either. It's pointless to think about that, people aren't going to behave in some idealized way. We need to make solutions for how they actually do.
So? When people want to have children they generally do it inside marriage. Condoms don't prevernt people from having children, they can easily choose not to use one when they want to.
But in a modern society such as Japan, children are expensive, people marry late and care about their carreers and education and so on. People in Japan don't have children because for whatever reason they figure it'd be a bad idea, not because they're incapable of deciding not to use a condom somehow.
For instance, most people think they should have their own home before having children. Housing being so expensive doesn't help.
So? HDDs also die. They're guaranteed to in fact, since they have plenty moving parts that will wear out eventually. I've had quite a few drives die on me.
SDDs at least in theory wear out in a predictable manner and can deal with the effects without data loss. Since flash fails on write, a SDD conceivably could (I don't know if any do that) reach a point where it says "that's it, no more redundancy left, read only access from now", which is a whole lot better than a head crash.
Everybody should have a backup plan, regardless of storage tech.
Point, I should have said "Catholicism"
Allowing contraception is of course better, but it's still full of ridiculous rules like no sex outside of marriage.
No, this is wrong. It implies that contraception in marriage is okay. Maybe if you have children at some point, as your sentence isn't very clear on that.
The religious argument is:
1. Sex only in a marriage
2. Each sex act must be unitive and procreative. You're not allowed to artificially interfer with the procreative part.
Natual infertility or menopause is fine, not having sex is fine. Condoms, pills, IUDs or anything else of the sort is not. In my understanding, any time you have sex there must exist a possibility of pregnancy.
Problem is, this doesn't work. Solutions to AIDS must be based on how people actually behave, not how some church a lot of people don't adhere to anyway thinks they should be behaving. Like Feynman said, "For a successful technology, reality must take precedence over public relations, for Nature cannot be fooled."
Problem is there is this nasty thing called "religion" whose adherents keep on insisting that condoms are somehow wrong, and that sex is for procreation only.
A big part of the problem is all those religious jerks that are coming to those third world countries to insist on that. Fortunately they're not getting all that much traction in civilized places, but in third world countries it's devastating.
Add to that ridiculous notions held by people in some of those countries, like that sex with a virgin will cure you, and you have one horrible mess as a result.
Kicking out all those missionaries and bringing in some proper education would do wonders.
I thought that shielding was well understood and in fact a good reason of the part why microwave ovens are a common household item.
Could anybody with experience in these matters explain where the leak is coming from, and why do they still exist? Is it impractical or physically impossible to have perfect shielding for some reason?
Generally, no, you write the book or paint the picture as a commission. The engineer's version of art is everybody setting up a shop on DeviantArt, more or less. Doesn't matter much if it gets copied if what you do is custom.
Yes, your point being? It's not new in IT, I knew about it when I was getting started. Yet I still manage to make money from it, go figure.
There will be no poetic justice because lots of people already live in this nightmare world you're imagining and doing pretty well actually.
It will be hard to get there.
Look at the Shapeways videos. There's quite a lot of human labor required, and it misses on economies of scale.
I think for a long time it'll be like with printers. Anybody can print an entire book at home if they want to, but getting it to the point where it really looks like a book is difficult and much more expensive than just buying it. Things will only change radically if the cost falls down so much that it's only a small percentage over mass production.
Probably the first change will be towards more customization. You'll still buy say, a computer mouse, but if you want to be really cool you'll print a custom casing for it.
There's no point in reading a disk byte by byte, as the disk is read by sectors, and the read errors you're getting are from the CRC mismatch in the sector you've read. Floppy sectors are usually 512 bytes, but could be something else for weird formats like 2M (why do I still remember this stuff?)
Sometimes it helps to intercalate reads of sectors other than the one you're trying to read, in order to make the head move. That can help with reading bad sectors as disk heads have some positioning imprecision, so starting from different points may help get the head into a position that works better.
I don't get what you're getting at.
Whether you agree or not with his position doesn't have anything to do with what I'm saying.
My point is that during MLK's time there were plenty people around who didn't agree with him. But if he just had shut up and decided to compromise he wouldn't have got anywhere.
The same way, it makes no sense for Stallman to shut up, because then he wouldn't be saying anything at all. Your agreement or disagreement is entirely irrelevant, if Stallman really wants to get something done, he's got to keep saying what he does, whether you like it or not.
Sure he does. He for instance can choose not to buy proprietary software if he wishes, and that's effectively a vote because there's no point in writing any if nobody buys it. If he manages to convince enough people that he's got a point that's your vote right there.
You do the same thing every time you decide to buy or not to buy a music CD, that sort of thing is effectively a vote on whether the next album get made.
I'm not saying anything about my own opinion on the matter actually. And I don't really care if you think I'm a zealot or not, that's your own business.
There's no point in being flexible in the position.
Imagine say, Martin Luther King being flexible in his position. "I have a dream that my four little children will one day live in a nation where they will not be judged by the color of their skin but by the content of their character... when the authorities feel like it".
There's just no point to that, because it changes nothing. If Stallman wasn't inflexible he wouldn't be effectively saying anything, and you wouldn't have heard of him (and probably what resulted from his efforts) in the first place.
Nobody seriously dedicated to something is flexible in their dedication. All the people who got something big done were uncompromising about it.
Problem is most people don't think enough about things, and by the time they start caring too late.
Like people who think you're a nut for not liking region locks on media, right until the point where they move to another country, and find that their collection doesn't work on local players, and they can't play movies they buy from their home country.
Disagreement is fine, calling people "rabid Stallmanites" is insulting and gets a troll mod from me automatically. If you seriously want to make that point you can make it a bit more politely.
I didn't say it was perfect, my point here is that in a worst case situation, a CA system still can work acceptably, even if not in an user friendly manner or using the default settings.
Yes, all of them
That's why I'm advocating for multiple signatures
I see the same problem existing with notaries, except worse, because notaries will be much less monitored.
You don't understand firewalls. Firewalls act on IP addresses and ports. They do their work before a SSL negotiation can begin, making SSL entirely irrelevant.
I assume you're thinking about filtering proxies.
Sure, but now checking your mail involves finding and using a proxy, or caching certs in advance. Convenience is an important part of security. Nobody will bother with it if it requires arcane incantations every time.
I am thinking about it, which is exactly why I'm having this argument.
How do you know it's the EFF notary? Again, you need to bootstrap your system. How does that work?
Bad examples. DNS is inherently insecure, and SSL specifically tries to ensure that DNS issues get noticed. Tor has an entirely different security model. SETI doesn't have anything to do with anything and is not externally accessible, and any uptime for it is completely optional.
As a security critical service, a notary has requirements that none of those have.
I'm not sure this works long term. It seems too maintenance intensive. If you leave that to the end users, it will end up going very wrong sooner or later, I think.
Which isn't really a problem, in my opinion.
Wikipedia isn't limited by space and volunteer driven. If somebody currently wants to write about Pokemon, then they will try to write about Pokemon. If you insist on interferring with that attempt, then you're likely to seriously cause a bad impression to somebody who's trying to make a honest, if not very important contribution.
As a result, they get fed up and leave, maybe for Bulbapedia, instead of sticking around, and maybe writing on something a bit more important next time. After all, Wikipedia isn't a job, and you can't command people like that there.
The mentality of that some not very important articles are too long is IMO a big problem. Because there has to be something silly and harmless to get a new contributor started. Pokemon is probably one of the best first starting subjects, because it's easy to contribute on it: there's lots of info that can be contributed, and it's well documented outside on WP.
In comparison starting from trying to contribute on the page of Pasteur will be like walking into a battlefield. You'll quickly need to start discussing medical literature, and that's not really easy for most people. Somebody with a real interest might get into that, but most likely only after getting practice on something else, just like coders don't get started by contributing to the Linux kernel.
IMO that's why Wikipedia is losing contributors. If you actively reject attempts to contribute in the easiest places, then smack people in the face with huge amounts of WP: regulation in other places, then very few people are going to be willing to stick around.
Imagine I travel to an untrustworthy country. Let's say I go to China, and try to check my mail from there. Now, the government wants to know for whatever reason what I'm up to.
With the CA system, if they block OCSP that's not very significant for reasons I outlined before. They can block gmail.com, but then I can't get to my mail and never even send the password, so they don't get anything. The worst thing they can do is to use their CA to emit a valid cert for gmail.com and spy on me that way. That is a big problem, but I can remove the chinese CA from my system. Certainly this isn't perfect at all, but workable to some extent.
Now Convergence: if Convergence is blocked I can still connect to gmail. And if they firewall it off country-wide I have no way to reach it at all. One needs to be really dedicated to security not to say "ah, screw it" and resist checking the mail over a possibly insecure connection. With CAs I can try to find a secure site that the government isn't intercepting. With Convergence being disabled it's all equally unclear.
Which is cool and all but not very helpful. First, if the notaries aren't published anywhere, how do people find about them? Very very few people are going to run their own notary. Few people understand all this stuff, and even fewer have the means to run a notary that has a different perspective than their own.
Second, I can go set up a notary right now. Will you trust it? Why? If not, then how do you determine when to trust a notary? If you use custom notaries how do you bootstrap the system? That is, how do you, before the system that checks certificates is ready, check the certificate for the notaries that compose it, so that you know you're talking to the notary you wanted to talk to?
Third, picture the system 10 years in the future. We have 10 competing services in the style of Convergence, at 10000 notaries run by various people. How do you decide which are trustworthy and secure? How do you deal with the possibility of somebody setting up lots of notaries with an extra feature to let MITM go undetected sometimes, or lots of notaries becoming unmaintaned and insecure? Somebody has to police this stuff, but who?
They mostly run them on their own network, which is pointless for this application. Your notary would see the same perspective you do, contributing nothing useful.
I strongly suspect the same on your part, or more precisely that you're not thinking enough of issues like how does one determine what is a good notary to use, and how to bootstrap the system.
You're basically setting up your own trusted CA list. Suppose you clear your browser's CA list and start from scratch. How do you decide whether to trust Verisign, and how do you make sure it's really Verisign without a working authentication system?
Alternatively, you're trusting somebody else to provide you with a list of notaries, but that's easily blockable.
Another thing: why do you trust Convergence? Is making a good presentation all it really takes to convince you to install a plugin that overrides how your browser does security?
Sure it will. Nothing in the video contradicts it.
If I have gma1l.com, make a cert with CN: gma1l.com and "Google Inc" in the organization field, both
That's a lot harder to abuse, though. Revocations are rare. A site that keeps using a revoked cert for very long is even rarer.
But to exploit that, you need to find a site that has something valuable, that's still using a compromised cert, to have the private key to that cert, and to replay OCSP. That's pretty tough. That needs to be a specific, targeted attack.
In comparison, an open wifi network that blocks Convergence can be set up once and just left there until somebody falls for it.
Extremely easy, actually. Just run a wireless AP. The notary list is public. You can block every notary automatically with a shell script, or blocking by port.
Not in the slightest, you fetch the public notary list and firewall off everything in there. SSL doesn't help.
Now with the current CA system that doesn't do you any good. You can block access to OCSP, but as I said above you need a number of other things for that to allow you to compromise something. Or you can block the server the user is trying to connect to, but that's pointless.
It's still a lot easier though. Run an AP in a public place and you'll catch somebody sooner or later.
I don't mind the idea of it in general, I think it can be an useful tool for somebody who knows what's going on, and what the results those systems produce mean.
But I don't think they Covergence or Perspectives should replace the CA system. They can augment it, but they lack too many of the functions of a CA to be a good replacement.
I suggested an alternative in an earlier article: Change to a system of having multiple CA signatures on a cert, so that a CA can revoke without invalidating a certificate. Eg, min 3 signatures required, you get 5, so two can be revoked with no harm.
Yes, but the notaries are much less safe. A CA at least verifies that you control the domain/email address the cert is for, notaries don't even do that, let alone checking that the metadata is correct.
Notaries are also necessarily accessible directly, so they're more vulnerable to attack, and notaries of the same system all work in the same way.
Also, being able to untrust a notary is nice, but how do you know when you need to? It's a run your own if you want deal. I can imagine what will happen: enthusiastic people will set up their notary, forget about it 3 months later, and soon enough there will be lots of unmaintained ones. Your list of notaries will eventually include those running on a forgotten 486 in a closet, insecure multiuser systems, unreliable connections, and so on. Some of that can be policed intentionally, but security can't.