Unlike you, some people acknoledge the fact that Microsoft does in fact have occasional good ideas.
I absolutely think that Microsoft has good ideas, and more than occasionally at that. I don't, however, agree that their UI design senisibility (to date) has been one of them - and neither do they! Check out the Windows XP screenshots... clearly they thought it was time for a change too.
I'm not so much anti-Microsoft as I am anti-ugly, and I stand by my original assement of Outlook (and thus Evolution) as ugly.
Right.. Why make a free alternative to the most popular MUA available? We need yet another text-based email client!
No... we don't need another text based email client - we've had mutt and pine for years, and they're still quite serviceable. As for a free alternative to "the most popular MUA available", well, that's a fine idea, which I wholly support, but I don't suspect Outlook is popular because of it's elegant design, so I stand by my suggestion that there is a better UI design out there which should be pursued.
GUI mail clients can be great, but it must be aknowledged that part of the function of a GUI in the modern world is prettiness, and on that count Outlook, et. al. fail terribly - in my opinion. If you disagree, and feel that their design is elegant, then just say so outright, rather than arguing with me about points I'm simply not making.
I have no idea of the actual functional quality of Evolution, or any other Ximian product, but that doesn't matter because I'm annoyed about something else... Why is it that they feel the need to make it look just like Microsoft software? Personally, I _hate_ the way Outlook looks, it's blocky, inelegant, and screams Microsoft. So why does Ximian adopt it? Trying to convert all the Outlook users? I suppose that might work, but it has the annoying side effect of a) still being ugly as sin, and b) reinforcing the (broken) idea that Microsoft has the right idea. I'm all for new MUAs, etc. but it would be nice if their look was at least a little bit more inventive (and elegant!).
That said, I'm still happy with mutt. It does exactly what I need it to, including allowing image and html viewing, and I can read my mail over an ssh connection from anywhere. Until someone can give me that functionality (even with a lightweight interface for sshing and a heavier one for when I'm in my chair) I doubt I'll be terribly interested in stuff like evolution. Especially since it's so bloody ugly...
Consider this, though: Supposing I know rules of chess, and am a decent player by the "livingroom" standard, but not really someone who could compete at much of any level. But I do understand the (finite) rules well, and I do have some concept of what it means to win or lose, and the relative value of the pieces. Since a computer is (inherently) a state machine, and a fast one at that, I could simply program it with the ability to consider many, many possible lines of play, to some arbitrary depth, and then compare the results of those hypothetical situations. What you'd end up with is a tree of possibilities, some branches of which would contain more "good" than "bad" situations. The program would be intstucted to select the branch with the most favourable overall evaluation, and in all likelyhood it could kick my butt every time (the "deeper" it considers, the more my butt gets kicked...). While this could certainly be computationally intensive, I don't think it's much that the average PC couldn't handle at a relatively shallow "lookahead" depth, and a big multiprocessor machine could certainly take the concept much furthur.
As it is, I think that what I have described is, roughly, how home PC chess programs work. Of course there has been some tweaking and refining, and probably a hell of a lot of precalculation of common scenarios on the home PC products - so that it's nice and fast and doesn't need a Cray. I'm not sure how Deep Fritz works, but I'm fairly certain it does something similar on some level (Hence the name?).
The advantage that computers tend to have over people in this kind of thing should be pretty obvious: most people can't accuratly remember that much stuff! Naturally, human creativity makes a big difference, as does talent and experience, but the computer being able to consider so many options so quickly and accurately makes up for a lot, and should allow it to surpass it's creators fairly easily (unless it's creators are Grand Masters!).
As far as I can tell there are a few fundamental flaws with Mr. Carr's arguments. He forgets the nature of the internet right off the bat: global and distributed. That fact alone makes much of what he's suggesting utterly infeasable without a level of international cooperation which would be, quite frankely, utterly unprecedented - to say nothing of the terrifyingly difficult technology problems. Mr. Carr furthur assumes that government is "on our side"... while this is ostensibly true in most countries, the reality is usually pretty far from that ideal. And let's not forget that there are still quite a few countries that are only "on our side" (as a population) if we are on theirs. And then there's the big assumption which is, to my mind, completely flawed: Mr. Carr seems to believe that individuals can not and should not retain personal responsibility for their own intellectual safty. He goes as far as suggesting that the US should "suspend" the First Ammendment in the case of the interenet because people have too much access to "dangerous" information. I'm going to sidestep the whole "what qualifies as dangerous" issue for a moment (though I think we all know it's a big one) and focus rather on the issue of personal responsibility. While I can appreciate the desire to have speech of certain types (ie. corporate advertising) regulated in certain ways (ie. you can't say Goop X will make you fly unless it really will) the laws which exist to protect consumers from deceitful corporations are not media dependent, and still apply to internet adverstising. So the corporate argument is handled. As for individuals lying on the net, well, let 'em. They can lie in print, they can lie on TV, they can lie on the radio, and they can lie in person. Somehow society has gone on.
Up until now I have been personally responsibly for determining the veracity of information I receive, and I like it that way. It means that I can choose to disbelieve whatever I like, and cling to beliefs that everyone be me thinks are so stupidly ill-concieved it causes them physical pain... exactly the sort of mentality that one tends to adopt when making great intellectual advances. Being able to promote, publish, and discuss my fringe ideas is at the heart of intellectual advancement, and shouldn't ever be regulated - you lose too much when you do.
There are a great many other issues I could raise about the article: use of inflamatory language in exactly the manner he claims needs regulating, shameless use of a controversial op-ed piece to promote his book (and he was so down on corporations for being money-grubbing!), etc. But I think that the basic issues are nothing new, so I've decided to focus on them. Mr. Carr has made the classic mistake of assuming that the internet is more than it is... it's just an information medium, nothing more. Sure people can be stupid, believe things that they shouldn't and make poor choices, but tha't certainly not a new problem and we've managed to get by somehow. --
For example, while MS didn't improve LanMan until l0pht released l0phtcrack, neither was anybody cracking it!
Um.... no one was cracking it that you know of. And, let's see now, if l0pht did it then it's fairly likely that a) someone else would and b) relatively soon. Would it not have been much better for Microsoft to have taken care of this problem before someone wrote a crack? After all, you're only guessing that l0phtcrack was the first... a truly malicious cracker wouldn't advertise their methods, as that leads to people doing something about them.
Keep in mind that your enemies are the skript kiddiez, NOT the corporations or end users. For some reason it is easy to lose sight of that fact in the world of infosec, where everybody believes they are unusually smart and the companies they correspond with unusually stubborn. I know - I work in that field and ego is a dangerous thing.
Actually, your enemies are anyone an everyone who threaten the integrity of the data or systems you protect. Certainly, many of these threats seem to come from scrip kiddies, but, to be quite frank, the more serious threats come from the people who are actually capable of creating the scripts (they do have to come from somewhere, you know). Knowledgable, effective crackers do exist, and are a real, if somewhat less prevalent, threat. Even so, don't rule out corporations. The figures for industrial espionage are on the rise, the presumption being that the internet, etc. are providing corporations with another unregulated playground which they can try to abuse in relative safety. Don't make the mistake of focusing tunnel-vision on the script-kiddies... there's more to the world of threats than that.
As for ego, well, I do agree that it's a problem in our field (in most fields, in fact), but don't forget to include yourself in that bunch. Do I have ego issues? Yes! Hopefully by recognizing that tendency I can prevent it from being a problem, but it takes aknowledging that ego inflation seems to be a natural tendency to which I am not immune. I think you would do well to remember this, as one of the fatal flaws of any security officer lies in the assumption that they are in possesion of the sole correct methodology - an impression I get strongly from your post.
--
A well designed proxy setup eliminates the need to snoop the network. Just have the proxy record what gets sent (which, in case you're wondering, is fairly trivial). The real bear with this sort of thing is finding the specific thing you want amongst all the crap.
But I'm sure it's not a problem that a bored Perl programmer couldn't help out with;) --
Just use decent encryption and utilities like PGP, and you'll be fine.
Actually, this isn't always true. If you're encrypting a file to a key that you own (and only a key that you own!) then you are correct, but if you send me an email message which is encrypted to my key then you have no control over what I do with the content once I receive it. Additionally, it is still quite legally possible to supeona your key to decrypt the messages. Sure you can "lose" or "delete" your key, but there are pentalties for defying a supeona.
This judge really sounds paranoid. What he needs is a secure delete program, an operating system which doesn't store remnants of temp files everywhere, and an sledgehammer to "obfuscate" his disk when he gets a new PC.
Once again, this is limited to files which are stored locally. Email, almost by definition, has recipients, which means that you lose control of the content as soon as you send it. That makes a technology solution much more complicated (and perhaps utterly infeasable).
Of course legal remedies have their problems as well... --
Ten years from now we'll be seeing headlines about the rampaging packs of robotic dogs which have finally turned on their human opressors after years of planning via freakish, Furby-esq communication.
*sigh*
Has no-one seen Electric Dreams? This sort of thing just ends badly! --
Reading the site seems to indicate a functional but unpolished grasp of English. Their claim that the project is "pretentious" smacks of a trasnlation problem.
Here's definition number one of pretentious from dictionary.com: "Claiming or demanding a position of distinction or merit, especially when unjustified."
So I can easily see how this might be mistaken for "difficult" or "involved" by a non native speaker. Especially given the, ahem, high quality of cross-language dictionaries in the world.;) --
No moving parts... no truly "magic" box
on
3D Printers
·
· Score: 5
Or perhaps I should say "very few moving parts". Contrary to the implication of the article, even simple machines are mostly beyond the scope of this technology. It's main application is creating solid plastic, single piece objects. While there isn't, strictly speaking, a reason that this object could construct certain varieties of joints, etc. they would have to be reasonably loose (to avoid fusing them into one object) and unlubricated. More likely, componants of simple manchines could be fabricated for later assembly.
This technology has actually been around for some time, and, don't get me wrong, it's very cool, but this is a huge cry from arbitrary fabrication of objects.
So we aren't quite at Star Trek Replicator level yet. --
Because of this sort of policy (not allowing rebroadcast/webcast/etc.) those of us who wish to follow lesser covered sports like fencing are pretty much SOL. There is no major network coverage of these sports available in the US, and since no-one can put up a web site I have to wait for the video tape from the hand-cam of my fencing instructor to arrive back in the states. It's extremely frustrating, and the IOC has left no recourse for enterprising individuals (short or exhorbitant shipping fees, I suppose) wishing to see lesser covered sports, or full coverage of a given event (NBS edits like you wouldn't belive!).
No... Athletes are not being told that they may not freely express themselves, they are being told that they may not freely express themselves and participate in the games. It's a condition of competition, just like the no-drug requirement (which exists despite the fact that certain steroids, etc. might be legal in an Athlete's country of origin). It's not so much a law as a rule of the game. --
Admittedly I have always tried very hard (and reasonably sucessfully) to avoid getting to involved in this side of the business, so I may be way off base here, but it doesn't seem to me that this sort of use of contracts is at all new. In fact, this is the only use of contracts I've really been exposed to over the last five years.
From what I have seen the contracts have never really been about protection from legal action, but rather as a specific assingment of duties which enable legal (or other, prenegotiated) remedies when the customer stops buying the service/product/scam in question. I just assumed this was an old, standard way of doing things (dirty pool though it may be).
What other uses has anyone seen for contracts? I'm interested, as I've aparently completely missed them. --
Ok, two points - First, I think you are misunderstanding what I mean when I say that employees must be trusted. What I mean is that in order to perform job X and employee must have access to sensitive data Y. In such a case a defacto trust relationship is established. Yes, of course, you want to limit the employee's ability to violate that trust as much as possible, but it still must exist for them to do their job.
Secondly, a company shouldn't need to create a "extra step" to protect itself (a specific filter, etc, as you suggest) in order to strengthen it's case in court if it has taken the proper precautions in enumerating the sensitivity of the data, as well as having employees read and sign (in the presence of a witness, who also signs) confidentiality agreements, sensitive data handling procedures, etc. In the end, these documents will be far more valuable to a legal team than an error-prone, scattershot, scanning tool (which might even be used by the defence to draw focus from the actual data theft to privacy issues, etc.). If such a scanning system had any chance of helping against an actual theft, I would not be so down on them. However, anyone actually trying to steal anything for malicious purposes is likely to either a) disguise that data as something else or b) just carry it out of the building on media. Let's not forget that theft was going on long before the internet. --
Ultimately there is no good solution to this sort of problem. Various technologies have been developed (usually in concert with a government) which allow data to be labled, etc. While there are some rudimentary barriers to moving around labled data, it's nothing your average school kid couldn't circumvent.
The truth of the matter is this: you have chosen to trust your employees (at various levels). They must be trusted in order to do their jobs properly. If they choose to violate that trust, you will be unable to stop them.
Now, it is possible to make that sort of thing much more difficult, but the methods are not terribly reasonable, and usually incompatible with business practices.
In terms of monitoring outbound traffic for sensitive data, well, forget it. Heck, even compression will ruin pattern matches. Better to simply spend more time evaluating how trustworth potential employees are before hiring them into sensitive, high access positions. Get background checks and be a good judge of character.
I can't say enough good things about Planescape Torment. It has a very directed story line, so if you don't like that sort of thing than stay away, but the story it has kicks ass. I highly recommend it to anyone looking for a good RPG.
The main problem with government security is that it must be enacted by government employees. Now, I'm not saying that government employees are inherently stupid, or anything like that. But I have run into a lot of security guys who are ex-gov't or ex-military, and the general consensus from them seems to be this: most of the good, talented technology people (security, programming, etc.) bail of military/gov't service because of the lousey pay (as compared to the commercial world), poor working conditions, and mis-management. As near as I can tell from talking to these people, the gov't wants security and quality without spending the needed amounts of money and (perhaps more importantly) energy on it.
That pretty much leaves the security in the hands of folks whith little or no experience. Based on that the report isn't surprising at all.
Of course, this is all second hand information. Perhaps some military/gov't (or ex) security folks here on/. (c'mon, we know you're here) could pipe up and correct me if I'm way off base? --
There is actually a book on this subject (one of many I'm sure) called Techgnosis by Erik Davis. It's a bit old (1998), but it looks into the correclations between technology folks and "mystical" or alternative religeous traditions. Admittedly it does take something of a touchy-feely approach to the topic, but interwoven with that is a fairly cogent media analysis. I don't know how much I agree with what Mr. Davis has to say, but his arguments are fairly well crafted, and the book makes an interesting read.
Here's the Amazon.com book review (and summary):
The gap between the technological mentality and the mystical outlook may not be as great as it seems. Erik Davis looks at modern information technology--and much previous technology--to reveal how much of it has roots in spiritual attitudes. Furthermore, he explores how those who embrace each new technological advance often do so with designs and expectations stemming from religious sensibilities. In doing so, Davis both compares and contrasts the scientific attitude that we can know reality technologically and the Gnostic idea of developing ultimate understanding. Although organized into reasonable chapters, there's a strong stream-of-consciousness component to Davis's writing. His expositions may run, for example, from information theory to the nebulous nature of Gnosticism to the philosophical problem of evil-all in just a few pages. It's as if there are so many connections to make that Davis's prose has to run back and forth across time and space drawing the lines. But the result, rather than being chaotic, is a lively interplay of wide-ranging ideas. His style is equally lively and generally engaging--if sometimes straying into the hip. In the end, he succeeds in showing the spiritual side of what some may see as cold, technological thought.
--Elizabeth Lewis
That's a pretty fair summary of the work. It's a decent read for people interested in this topic, and now it's out in paperback so you don't have to shell out to much cash to get it. --
"What I don't want to see is a road map of the source code that could give the bad guys the ability to thwart this," he says. "If evaluators say there are security deficiencies that need to be addressed, that's precisely what we want them to address."
This is ridiculous. Everyone already knows how to "thwart" Carnivore: Encryption! What the FBI I probably really afraid of is someone hacking the server and using it to steal passwords. Gee, wouldn't that be embarassing. Of course, we all know how well simply not mentioning vulnerabilities helps in stopping them....
--
On the one hand this makes a lot of sense... Taxation (however much I may hate it) really is a vital form of revenue for both the State and Federal governments. And the independant booksellers do have a point about tax free interstate book sales undercutting them - I mean, the book business (and many others) is hard enough already without the addition of what ammounts to state sanctioned incentives to buy from out of state. Those sorts of incentives also lead to a greater outflow of money from the state economy (of course the lucky recipient states have a nice influx...). So it's not like Internet taxation is a completely nonsensical, greed based endeavour... there is a least some sense to it.
On the other hand, it's complete BS. As I believe another poster already mentioned, interstate commerce can only be regulated by the Federal government, not by the states. Now I'm not exactly sure where in the scheme of "regulation" taxation falls, but I'm betting it's not the most clear cut issue in the world.
Likewise, the actual implementation of Internet taxation seems prone to overcomplication and beaurocratic bloat. When interstate commerce occours which state's taxes are applied? The state where the merchant is located? Or the state where the purchaser is located? Perhaps both (because it starts out one way and then the other state feels screwed over... I mean, if a large percentage of online stores are in, say, Texas, they would love to get their hands on all that tax money, at their local sales tax rate. But if most of those purchases are happening in California then I'm sure that California will want to get in on the action.
Perhaps someone more conversant in interstate commerce than I can enlighten us as to how this works with mailorder catalogs right now? That would seem to be the closest guidline that I can think of.
As for taxation on the internet, my bet for a final tax scheme is this: some sort of federal tax, with the same rate everywhere, on all purchases made from domestic merchants. Maybe, if they are lucky, the states will get cuts of this, but I doubt it.
But that's just my guess... --
The Treatment for ADD is Self Disciplin?
on
Video Games and ADD
·
· Score: 2
Ok, I'm not a doctor, and I have very little understanding of ADD, but this seems odd to me. As far as I can tell the article pretty much says that ADD can be effectively treated by prolonged concentration. It sounds like the viedeo games (and associated feedback) are just a means to encourage that concentration, and are fairly arbitrarily chosen. That makes me really wonder about the true nature of ADD. If it were a serious phsiological problem I wouldn't think that it could be treated quite so well with exercises in disciplined thinking.
If there's a Slashdotter who could throw some light on the nature of ADD and it's other forms of treatment it would be much appreciated. I did a little bit of reading over at www.add.org but it looks like there's a lot of data to sift through before anything even starts to become clear. --
Hypothetical though it all is, this does bring up something of an interesting question: How the heck do you find anything in over a petabyte of storage? Heck, I lose files on my 9 Gig drive already...
find / -name "lost.data" -ls
yeah, right.
I know that there are companies out there that are dealing with this sort of problem already (Zantaz archives email for a living... a lot of email) but I have no idea how much processing power it would take to find something is a reasonable time frame, or how it might be indexed.
Are these legitimate concerns or is this just another version of the "indexing the internet" problem?
--
OpenBSD does an amazing job of presenting an extremely secure distribution, I will stipulate that right at the get go. I think it's a bit premeture to say that it's the Most Secure OS though. There are a number of implimentation of the DoD B1 security standard (as applies to operating systems, specifically) in the world - these include Trusted Solaris from Sun and PitBull from Argus Systems Group.
Granted, these operating systems take a quite different approach to security (rather than requiring strict application audits as in OpenBSD they instead try to eliminate the need for such audits through strict kernel control manifested in a number of sneaky ways). These systems have been, and are currently widely used by military, intelligence, financial, and, increasingly, high end e-commerce systems. In an attempt to increase public awareness and popularity of PitBull Argus Systems Group has begun giving it away for non-commercial use. Anyone interested in high security servers is highly recommended to check it out. It's no holy grail, and by no means the right solution for every problem, but it is a very interesting take on the problem, and quite a different way of looking at system architecture and administration than most of us get exposed to on a regular basis.
None of this is intended to steal OpenBSD's thunder - it's a great accomplishment, and far closer to existing operating environments than it's B1 counterparts (which makes it more accessable, and more flexable). Often, a B1 system will be severe overkill (or just too much of a pain to configure and manage), where OpenBSD will just work. So I'm not saying that OpenBSD is no good, I'm just saying that choosing the "Most Secure OS" isn't quite so clear cut...
Oh, BTW, there is a Trusted BSD project, but it's fairly young and as I understand it building a trusted OS is quite time consuming. When it's ready I think it will likely kick ass, but it may yet be a long way off. --
Re:But are you ducking the question?
on
Is UNIX An OS?
·
· Score: 1
But anyone reading this - don't just think: oh, he's right - the article is fluff, I can ignore it. Whatever the motivation, the article raises a serious question.
Abosolutely right. I actually didn't intend to completely dismiss the article - chalk that up to clumsy writing on my part. The fact that the article was written to make a marketing point does not make it inherently valueless, and in fact I think that the sentiment is a good one. I suppose what I take issue with is the nature of the proposed debate. Where the author makes points about what does or does not constitute an OS, I would rather he make points regarding what is required for an effective system.
This seems to be largely a semantic distinction (and that would be ok by me, I like precise terms), but I think there is an actual reason to make it. I do not think that it is possible to make an accurate comparative judgement of an OS using the criteria presented by the author. The factors he seems to be assesing have as much to do with OS popularity as "completeness" Applications get produced for Operating Systems that people use (without a *nix with the pop culture appeal and popularity of Linux the state of consumer level *nix software would be, I think, significantly different. Before Linux there was simply not the public demand for a Word work alike, for instance. This has little or nothing to do with the quality of Linux as a kernel or OS, and everything to do with popularity, I believe).
As far as I can tell the author is attempting to make (useful) points regarding usability, productivity, and application availability - I just think his methodology is clumsy, misdirected, and somewhat manipulative. Even so, his points are still valid, and interesting. --
Definitions and Motivations
on
Is UNIX An OS?
·
· Score: 5
Unix is no longer an operating system. An operating system is the software that comes with a computer (or OS distribution) that programmers and users need to make themselves productive.
This is a very interesting way to define operating system. I have always thought of an operating system as the fundamental set of software componants which mediate, support and enable the applications running on a system. I suppose one could make the football (soccer, for Americans) analogy: I would call the Field, Rules, and Officials the OS of football. By the definition used in the article, Windows would not be an operating system (for me, at least) without rendering software installed... otherwise I cannot be productive with it. That doesn't feel quite right, as definitions go.
Of course, reading through the rest of the article makes it clear why the whole question of what precisely constitutes an operating system becomes clear: Marketing OSX. (Yes, I know I should have guessed that just from the link, but hey, I'm an optimist).
All these added-value-services will make Mac OS X much more than just Unix, and also make OS X an operating system, and not just the foundation of one.
The message there is about as clear as they come. Now, I'm not saying that the sentiment is actually wrong -- it may very well be that OS X is the greatest thing since gcc -- but I'm not really sure that I appreciate the way the point is being made. It almost seems to prey on the ignorance of consumers. There is bound to be a long and involved argument here on/. regarding what exactly an OS is, and I'm willing to bet that the average Mac & PC users in the world wouldn't even be able to follow most of it. So, essectialy, the author is using buzzwords (UNIX is becoming one even in the mainstream) and creative premises to make an almost unrelated point.
Slashdot Mirror
I absolutely think that Microsoft has good ideas, and more than occasionally at that. I don't, however, agree that their UI design senisibility (to date) has been one of them - and neither do they! Check out the Windows XP screenshots... clearly they thought it was time for a change too.
I'm not so much anti-Microsoft as I am anti-ugly, and I stand by my original assement of Outlook (and thus Evolution) as ugly.
No... we don't need another text based email client - we've had mutt and pine for years, and they're still quite serviceable. As for a free alternative to "the most popular MUA available", well, that's a fine idea, which I wholly support, but I don't suspect Outlook is popular because of it's elegant design, so I stand by my suggestion that there is a better UI design out there which should be pursued.
GUI mail clients can be great, but it must be aknowledged that part of the function of a GUI in the modern world is prettiness, and on that count Outlook, et. al. fail terribly - in my opinion. If you disagree, and feel that their design is elegant, then just say so outright, rather than arguing with me about points I'm simply not making.
I have no idea of the actual functional quality of Evolution, or any other Ximian product, but that doesn't matter because I'm annoyed about something else... Why is it that they feel the need to make it look just like Microsoft software? Personally, I _hate_ the way Outlook looks, it's blocky, inelegant, and screams Microsoft. So why does Ximian adopt it? Trying to convert all the Outlook users? I suppose that might work, but it has the annoying side effect of a) still being ugly as sin, and b) reinforcing the (broken) idea that Microsoft has the right idea. I'm all for new MUAs, etc. but it would be nice if their look was at least a little bit more inventive (and elegant!).
That said, I'm still happy with mutt. It does exactly what I need it to, including allowing image and html viewing, and I can read my mail over an ssh connection from anywhere. Until someone can give me that functionality (even with a lightweight interface for sshing and a heavier one for when I'm in my chair) I doubt I'll be terribly interested in stuff like evolution. Especially since it's so bloody ugly...
Consider this, though: Supposing I know rules of chess, and am a decent player by the "livingroom" standard, but not really someone who could compete at much of any level. But I do understand the (finite) rules well, and I do have some concept of what it means to win or lose, and the relative value of the pieces. Since a computer is (inherently) a state machine, and a fast one at that, I could simply program it with the ability to consider many, many possible lines of play, to some arbitrary depth, and then compare the results of those hypothetical situations. What you'd end up with is a tree of possibilities, some branches of which would contain more "good" than "bad" situations. The program would be intstucted to select the branch with the most favourable overall evaluation, and in all likelyhood it could kick my butt every time (the "deeper" it considers, the more my butt gets kicked...). While this could certainly be computationally intensive, I don't think it's much that the average PC couldn't handle at a relatively shallow "lookahead" depth, and a big multiprocessor machine could certainly take the concept much furthur.
As it is, I think that what I have described is, roughly, how home PC chess programs work. Of course there has been some tweaking and refining, and probably a hell of a lot of precalculation of common scenarios on the home PC products - so that it's nice and fast and doesn't need a Cray. I'm not sure how Deep Fritz works, but I'm fairly certain it does something similar on some level (Hence the name?).
The advantage that computers tend to have over people in this kind of thing should be pretty obvious: most people can't accuratly remember that much stuff! Naturally, human creativity makes a big difference, as does talent and experience, but the computer being able to consider so many options so quickly and accurately makes up for a lot, and should allow it to surpass it's creators fairly easily (unless it's creators are Grand Masters!).
Up until now I have been personally responsibly for determining the veracity of information I receive, and I like it that way. It means that I can choose to disbelieve whatever I like, and cling to beliefs that everyone be me thinks are so stupidly ill-concieved it causes them physical pain... exactly the sort of mentality that one tends to adopt when making great intellectual advances. Being able to promote, publish, and discuss my fringe ideas is at the heart of intellectual advancement, and shouldn't ever be regulated - you lose too much when you do.
There are a great many other issues I could raise about the article: use of inflamatory language in exactly the manner he claims needs regulating, shameless use of a controversial op-ed piece to promote his book (and he was so down on corporations for being money-grubbing!), etc. But I think that the basic issues are nothing new, so I've decided to focus on them. Mr. Carr has made the classic mistake of assuming that the internet is more than it is... it's just an information medium, nothing more. Sure people can be stupid, believe things that they shouldn't and make poor choices, but tha't certainly not a new problem and we've managed to get by somehow.
--
Um.... no one was cracking it that you know of. And, let's see now, if l0pht did it then it's fairly likely that a) someone else would and b) relatively soon. Would it not have been much better for Microsoft to have taken care of this problem before someone wrote a crack? After all, you're only guessing that l0phtcrack was the first... a truly malicious cracker wouldn't advertise their methods, as that leads to people doing something about them.
Actually, your enemies are anyone an everyone who threaten the integrity of the data or systems you protect. Certainly, many of these threats seem to come from scrip kiddies, but, to be quite frank, the more serious threats come from the people who are actually capable of creating the scripts (they do have to come from somewhere, you know). Knowledgable, effective crackers do exist, and are a real, if somewhat less prevalent, threat. Even so, don't rule out corporations. The figures for industrial espionage are on the rise, the presumption being that the internet, etc. are providing corporations with another unregulated playground which they can try to abuse in relative safety. Don't make the mistake of focusing tunnel-vision on the script-kiddies... there's more to the world of threats than that.As for ego, well, I do agree that it's a problem in our field (in most fields, in fact), but don't forget to include yourself in that bunch. Do I have ego issues? Yes! Hopefully by recognizing that tendency I can prevent it from being a problem, but it takes aknowledging that ego inflation seems to be a natural tendency to which I am not immune. I think you would do well to remember this, as one of the fatal flaws of any security officer lies in the assumption that they are in possesion of the sole correct methodology - an impression I get strongly from your post.
--
A well designed proxy setup eliminates the need to snoop the network. Just have the proxy record what gets sent (which, in case you're wondering, is fairly trivial). The real bear with this sort of thing is finding the specific thing you want amongst all the crap.
;)
But I'm sure it's not a problem that a bored Perl programmer couldn't help out with
--
Actually, this isn't always true. If you're encrypting a file to a key that you own (and only a key that you own!) then you are correct, but if you send me an email message which is encrypted to my key then you have no control over what I do with the content once I receive it. Additionally, it is still quite legally possible to supeona your key to decrypt the messages. Sure you can "lose" or "delete" your key, but there are pentalties for defying a supeona.
Once again, this is limited to files which are stored locally. Email, almost by definition, has recipients, which means that you lose control of the content as soon as you send it. That makes a technology solution much more complicated (and perhaps utterly infeasable).
Of course legal remedies have their problems as well...
--
Ten years from now we'll be seeing headlines about the rampaging packs of robotic dogs which have finally turned on their human opressors after years of planning via freakish, Furby-esq communication.
*sigh*
Has no-one seen Electric Dreams? This sort of thing just ends badly!
--
Reading the site seems to indicate a functional but unpolished grasp of English. Their claim that the project is "pretentious" smacks of a trasnlation problem.
;)
Here's definition number one of pretentious from dictionary.com: "Claiming or demanding a position of distinction or merit, especially when unjustified."
So I can easily see how this might be mistaken for "difficult" or "involved" by a non native speaker. Especially given the, ahem, high quality of cross-language dictionaries in the world.
--
Or perhaps I should say "very few moving parts". Contrary to the implication of the article, even simple machines are mostly beyond the scope of this technology. It's main application is creating solid plastic, single piece objects. While there isn't, strictly speaking, a reason that this object could construct certain varieties of joints, etc. they would have to be reasonably loose (to avoid fusing them into one object) and unlubricated. More likely, componants of simple manchines could be fabricated for later assembly.
This technology has actually been around for some time, and, don't get me wrong, it's very cool, but this is a huge cry from arbitrary fabrication of objects.
So we aren't quite at Star Trek Replicator level yet.
--
Because of this sort of policy (not allowing rebroadcast/webcast/etc.) those of us who wish to follow lesser covered sports like fencing are pretty much SOL. There is no major network coverage of these sports available in the US, and since no-one can put up a web site I have to wait for the video tape from the hand-cam of my fencing instructor to arrive back in the states. It's extremely frustrating, and the IOC has left no recourse for enterprising individuals (short or exhorbitant shipping fees, I suppose) wishing to see lesser covered sports, or full coverage of a given event (NBS edits like you wouldn't belive!).
Grrrr.
--
No... Athletes are not being told that they may not freely express themselves, they are being told that they may not freely express themselves and participate in the games. It's a condition of competition, just like the no-drug requirement (which exists despite the fact that certain steroids, etc. might be legal in an Athlete's country of origin). It's not so much a law as a rule of the game.
--
Admittedly I have always tried very hard (and reasonably sucessfully) to avoid getting to involved in this side of the business, so I may be way off base here, but it doesn't seem to me that this sort of use of contracts is at all new. In fact, this is the only use of contracts I've really been exposed to over the last five years.
From what I have seen the contracts have never really been about protection from legal action, but rather as a specific assingment of duties which enable legal (or other, prenegotiated) remedies when the customer stops buying the service/product/scam in question. I just assumed this was an old, standard way of doing things (dirty pool though it may be).
What other uses has anyone seen for contracts? I'm interested, as I've aparently completely missed them.
--
Ok, two points - First, I think you are misunderstanding what I mean when I say that employees must be trusted. What I mean is that in order to perform job X and employee must have access to sensitive data Y. In such a case a defacto trust relationship is established. Yes, of course, you want to limit the employee's ability to violate that trust as much as possible, but it still must exist for them to do their job.
Secondly, a company shouldn't need to create a "extra step" to protect itself (a specific filter, etc, as you suggest) in order to strengthen it's case in court if it has taken the proper precautions in enumerating the sensitivity of the data, as well as having employees read and sign (in the presence of a witness, who also signs) confidentiality agreements, sensitive data handling procedures, etc. In the end, these documents will be far more valuable to a legal team than an error-prone, scattershot, scanning tool (which might even be used by the defence to draw focus from the actual data theft to privacy issues, etc.). If such a scanning system had any chance of helping against an actual theft, I would not be so down on them. However, anyone actually trying to steal anything for malicious purposes is likely to either a) disguise that data as something else or b) just carry it out of the building on media. Let's not forget that theft was going on long before the internet.
--
Ultimately there is no good solution to this sort of problem. Various technologies have been developed (usually in concert with a government) which allow data to be labled, etc. While there are some rudimentary barriers to moving around labled data, it's nothing your average school kid couldn't circumvent.
The truth of the matter is this: you have chosen to trust your employees (at various levels). They must be trusted in order to do their jobs properly. If they choose to violate that trust, you will be unable to stop them.
Now, it is possible to make that sort of thing much more difficult, but the methods are not terribly reasonable, and usually incompatible with business practices.
In terms of monitoring outbound traffic for sensitive data, well, forget it. Heck, even compression will ruin pattern matches. Better to simply spend more time evaluating how trustworth potential employees are before hiring them into sensitive, high access positions. Get background checks and be a good judge of character.
Oh, and cross your fingers.
--
I can't say enough good things about Planescape Torment. It has a very directed story line, so if you don't like that sort of thing than stay away, but the story it has kicks ass. I highly recommend it to anyone looking for a good RPG.
;)
It's also from BioWare
--
That pretty much leaves the security in the hands of folks whith little or no experience. Based on that the report isn't surprising at all.
Of course, this is all second hand information. Perhaps some military/gov't (or ex) security folks here on /. (c'mon, we know you're here) could pipe up and correct me if I'm way off base?
--
Here's the Amazon.com book review (and summary):
That's a pretty fair summary of the work. It's a decent read for people interested in this topic, and now it's out in paperback so you don't have to shell out to much cash to get it.
--
This is ridiculous. Everyone already knows how to "thwart" Carnivore: Encryption! What the FBI I probably really afraid of is someone hacking the server and using it to steal passwords. Gee, wouldn't that be embarassing. Of course, we all know how well simply not mentioning vulnerabilities helps in stopping them....
--
On the other hand, it's complete BS. As I believe another poster already mentioned, interstate commerce can only be regulated by the Federal government, not by the states. Now I'm not exactly sure where in the scheme of "regulation" taxation falls, but I'm betting it's not the most clear cut issue in the world.
Likewise, the actual implementation of Internet taxation seems prone to overcomplication and beaurocratic bloat. When interstate commerce occours which state's taxes are applied? The state where the merchant is located? Or the state where the purchaser is located? Perhaps both (because it starts out one way and then the other state feels screwed over... I mean, if a large percentage of online stores are in, say, Texas, they would love to get their hands on all that tax money, at their local sales tax rate. But if most of those purchases are happening in California then I'm sure that California will want to get in on the action.
Perhaps someone more conversant in interstate commerce than I can enlighten us as to how this works with mailorder catalogs right now? That would seem to be the closest guidline that I can think of.
As for taxation on the internet, my bet for a final tax scheme is this: some sort of federal tax, with the same rate everywhere, on all purchases made from domestic merchants. Maybe, if they are lucky, the states will get cuts of this, but I doubt it.
But that's just my guess...
--
Ok, I'm not a doctor, and I have very little understanding of ADD, but this seems odd to me. As far as I can tell the article pretty much says that ADD can be effectively treated by prolonged concentration. It sounds like the viedeo games (and associated feedback) are just a means to encourage that concentration, and are fairly arbitrarily chosen. That makes me really wonder about the true nature of ADD. If it were a serious phsiological problem I wouldn't think that it could be treated quite so well with exercises in disciplined thinking.
If there's a Slashdotter who could throw some light on the nature of ADD and it's other forms of treatment it would be much appreciated. I did a little bit of reading over at www.add.org but it looks like there's a lot of data to sift through before anything even starts to become clear.
--
find / -name "lost.data" -ls
yeah, right.
I know that there are companies out there that are dealing with this sort of problem already (Zantaz archives email for a living... a lot of email) but I have no idea how much processing power it would take to find something is a reasonable time frame, or how it might be indexed.
Are these legitimate concerns or is this just another version of the "indexing the internet" problem?
--
OpenBSD does an amazing job of presenting an extremely secure distribution, I will stipulate that right at the get go. I think it's a bit premeture to say that it's the Most Secure OS though. There are a number of implimentation of the DoD B1 security standard (as applies to operating systems, specifically) in the world - these include Trusted Solaris from Sun and PitBull from Argus Systems Group.
Granted, these operating systems take a quite different approach to security (rather than requiring strict application audits as in OpenBSD they instead try to eliminate the need for such audits through strict kernel control manifested in a number of sneaky ways). These systems have been, and are currently widely used by military, intelligence, financial, and, increasingly, high end e-commerce systems. In an attempt to increase public awareness and popularity of PitBull Argus Systems Group has begun giving it away for non-commercial use. Anyone interested in high security servers is highly recommended to check it out. It's no holy grail, and by no means the right solution for every problem, but it is a very interesting take on the problem, and quite a different way of looking at system architecture and administration than most of us get exposed to on a regular basis.
None of this is intended to steal OpenBSD's thunder - it's a great accomplishment, and far closer to existing operating environments than it's B1 counterparts (which makes it more accessable, and more flexable). Often, a B1 system will be severe overkill (or just too much of a pain to configure and manage), where OpenBSD will just work. So I'm not saying that OpenBSD is no good, I'm just saying that choosing the "Most Secure OS" isn't quite so clear cut...
Oh, BTW, there is a Trusted BSD project, but it's fairly young and as I understand it building a trusted OS is quite time consuming. When it's ready I think it will likely kick ass, but it may yet be a long way off.
--
This seems to be largely a semantic distinction (and that would be ok by me, I like precise terms), but I think there is an actual reason to make it. I do not think that it is possible to make an accurate comparative judgement of an OS using the criteria presented by the author. The factors he seems to be assesing have as much to do with OS popularity as "completeness" Applications get produced for Operating Systems that people use (without a *nix with the pop culture appeal and popularity of Linux the state of consumer level *nix software would be, I think, significantly different. Before Linux there was simply not the public demand for a Word work alike, for instance. This has little or nothing to do with the quality of Linux as a kernel or OS, and everything to do with popularity, I believe).
As far as I can tell the author is attempting to make (useful) points regarding usability, productivity, and application availability - I just think his methodology is clumsy, misdirected, and somewhat manipulative. Even so, his points are still valid, and interesting.
--
This is a very interesting way to define operating system. I have always thought of an operating system as the fundamental set of software componants which mediate, support and enable the applications running on a system. I suppose one could make the football (soccer, for Americans) analogy: I would call the Field, Rules, and Officials the OS of football. By the definition used in the article, Windows would not be an operating system (for me, at least) without rendering software installed... otherwise I cannot be productive with it. That doesn't feel quite right, as definitions go.
Of course, reading through the rest of the article makes it clear why the whole question of what precisely constitutes an operating system becomes clear: Marketing OSX. (Yes, I know I should have guessed that just from the link, but hey, I'm an optimist).
The message there is about as clear as they come. Now, I'm not saying that the sentiment is actually wrong -- it may very well be that OS X is the greatest thing since gcc -- but I'm not really sure that I appreciate the way the point is being made. It almost seems to prey on the ignorance of consumers. There is bound to be a long and involved argument here on /. regarding what exactly an OS is, and I'm willing to bet that the average Mac & PC users in the world wouldn't even be able to follow most of it. So, essectialy, the author is using buzzwords (UNIX is becoming one even in the mainstream) and creative premises to make an almost unrelated point.
Journalism at it's finest.
--