One of the problems OCN faces is the seemingly obvious problem that data needs to be encoded in order to be shared. This is the problem we faced with MojoNation (the original swarm downloading system) and while throwing around ideas in a brainstorming session Bram came up with the idea of just swarming without encoding the data. This was not suitable to our needs at the time (it only works for popular, massively replicated files) but Bram stuck with the idea and developed it into BitTorrent.
The key insight here is that when data is encoded to increase its reliability within the p2p network it becomes useless to the person who is holding the data. This is not a problem for some applications, but when you are trying to solve the slahsdot effect or serve popular content it can become a limiting factor. The advantages that BT has over this system are that it does not require the data to be encoded in a special manner by the publisher and that data that is stored on the edge nodes is still useful to those nodes. A design like BT can peer data out of your browser cache and share data a larger range of data from each particular peer. This is going to be a significant advantage in the long-run.
One legitimate use of p2p methods is as a distribute online backup system within an enterprise. The HiveCache system uses under-utilized disk space on desktop PCs within an enterprise intranet to provide an online backup service that does not require an online backup provider (and increases the ROI on storage space you have already paid for as a bonus). Because of the massive replication of data within and enterprise (e.g. every desktop has word.exe and various windows dlls, plus all of the powerpoinit presentations and spreadsheets that are shared among workgroups or attached to email sent out to multiple people within the company) it is possible to realize a significant amount of storage efficiency by only storing enough copies to ensure reliability.
Users can backup and restore their own files; user self-help for cases of "pilot error" and random system crashes means that IT does not get the "hey, I accidentally deleted my presentation that I have to give to the board in 2 hours, can you help me out?" call that interrupts whatever they were doing. Doing daily/hourly snapshots to an online storage mesh also means that the backup tape monkey does not need to spend time trying to balance backup runs to fit within various backup windows, you can let the distributed system handle the snapshots of current data and use the tape for weekly/monthly offsite archive.
There are lots of cool and interesting uses for p2p outside of simple content distribution, you just need to look a little harder.
Just to inject a bit of reality into your pointer to the mnet work, the public prototype of the MojoNation client was always available as LGPL code (pending a patent application on certain bits of the system which may change the license to something similar to RSAREF eventually; Zooko and I are looking for a legit 503c or similar vehicle that is willing to hold on to a license for non-commercial and non-DMCA-infringing use of the mnet system so that we can avoid this if possible...any takers out there?) Prior to the hibernation of the company we had been working on a commercial p2p backup system based upon the mojonation architecture called HiveCache, which is now getting prepped for a beta release. Another fork out of the mojonation work was BitTorrent, which started out as an idea Bram had while we were brainstorming new ideas for mojonation at one point (a cool idea which we did not pursue because it really only works for high-demand, massively replicated content).
Unfortunately, the legal work we did early on when designing the system only prevented people from suing us (the code creators) and it did so by pushing liability off on to the users. That was the closest that one could really get to safety given the structure of the DMCA. Contrary to the widely held fantasy among decentralized p2p systems, "willful blindness" is not a valid defense against DMCA attacks -- something that I think the upcoming Kazaa et al. trial is eventually going to reveal after all of the appeals and other legal wrangling is worked out.
BTW, the only app that mnet provides is a publish-retrieve shared data system identical to the old mojonation (sans distributed resource management), file sharing is not "one of" the apps for the API, it is the only app.
secure UIs apply to more than just crypto tools
on
Secure Interaction Design
·
· Score: 4, Interesting
Why this work does apply almost entirely to GUI issues this is because the GUI is the tool through which 99.99% of the world uses a computer. For related work that shows some better examples by the same author I would suggest that you take a look at this paper (sorry for citing it Ping...) which provides some nice examples of how a GUI that explains the security implications of certain preference settings can be used for a mp3 player, etc. This paper is writen from the capability-semantics perspective, so the standard unix security model is already outclassed, but it will give you a better idea of how security and UI are related.
Security is useless if usability is sacrificed
on
Secure Interaction Design
·
· Score: 5, Insightful
This isn't anything new really, the security vs. usability arguement has been a problem forever, and frankly, it's not something to be addressed.
What a crock. You obviuosly have never really done much secure system work. Security and usability are only in contention when people who only understand one side of the argument start dealing with people who only understand the other side of the problem. It is possible to have secure systems that do not place a significantly larger usage burden on the user if they are designed correctly, and Ping is one of the few people out there who I know has been thinking about this for more than fifteen minutes. This is not about security being convenient, it is about meeting security requirements without going the extreme that you suggest and making the useless system. Sometimes this requires that you add a bit of additional effort on the part of the user, but often it means that you actually use the UI to let the user know that an action they are about to perform has security implications that might not be obvious to a casual user.
There is an old, probably apocryphal story about how someone ran a test on a bunch of users that presented them with a bunch of modal dialog windows in the midst of a task and one of the windows asked the user if they wanted to reformat the disk. When the users get bored or frustrated with poor UI design they will often switch into auto-pilot and in this case they blindly hit the "yes" button because that was the proper response to all of the other modal dialogs that had been interrupting their work. When the users complained the person running the test pointed out that the system asked them if they wanted to reformat the disk and they had said yes.
Security and UI should never be considered independant items in system design, because if you can't communicate what is happening and the consequences of actions to users then the only security policy possible is the brain-dead ones that you suggest.
Check out Rotorway (http://www.rotorway.com/) which offers the Exec 162F as a kit helicopter. These things are supposedly a little bit more "twitchy" and not as forgiving as a bigger helicopter (less time to react and less angular momentum stored in the blades in the case of a power failure) but for $65k you get a well-tested and engineered system backed by a "real" company and not someone running an operation out of their garage. The system this article references seems to be the ultralight of the rotorcraft world and not the Cessna 162 or GlassAir...
For anyone who thinks this idea sounds familiar, it is. The Lifestreams concept and software that David Gelernter has been pimping in various NYT articles and in other news/PR pieces (all of them somehow deemed worthy of a/. story at the time...) is based upon the same organizational metaphor. Keep track of all of the data you interact with in your life, including all sensory input according to the wearable computing guys, and organize it chronologically. The time-based structure assists the user by supporting a metaphor to which the human brain is well-adapted and because the information is digital you can also do the raw searches and analysis that computers are good at.
Besides, who needs moments of quiet introspection when we can just use grep to find the patterns in our life?
if handwriting recognition was the killer feature then the PDA revolution would have starred the Newton instead of the Palm (which required you to learn Graffiti).
I guess the Newt was before your time kid, but Graffiti was invented for the newton. It was ported over the the Palm and included with the OS (instead of being the third-party add-on software package it was with the Newt). While the original handwriting recognition on the Newton was not great, by the time the Newton 2000 and 2100 came out it kicked ass. I know this because I have been using my Newton 2100 since 1997, waiting in vain for someone, anyone, to come up with something that was even 75% of what the Newt provided in terms of fast recognition and good cross-linking of information among the apps.
Two things let US Robotics get ahead of Apple: price of the units and price of the development software. A palm was in the $300 range while the newt 2000/2100 was more than $1K. This limited the userbase and prevented the Newt from being an "everyone at the office has one, so I need to get one" device. The development software for the Newt was also a $1K package until the very end and this turned off a lot of potential developers, particularly when combined with the radical shift in thinking required for using NewtonScript (NS it was a prototypes-based OO system -- very good for keeping application size down and allowing developers to modify/enhance exisiting apps, very bad for getting buy-in from people with no experience in PDA programming and a C-mostly background).
Don't kid yourself, the PDA revolution did start with the Newton. It is just that the revolution passed the Newt and then Steve came back to apple and killed the Sculley-backed Newton (i.e. for this revoution, the Newton was Trotsky and Palm was Lenin).
I am still waiting for a real PDA that comes close to the Newt. Unfortunately the PocketPC devices are the closest things out there right now. The only thing that keeps me waiting on the sidelines was Apple's re-introduction of the Inkwell handwriting recognition technology from the Newt into OS X 10.2.
I will grant you that the persistent fungus that is the commerce clause is occasionally fought back, but the opinion in the case you cite does not, as far as I can tell, actually cite the ninth or tenth amendments. The case limits the range of the pernicious combination of the fourteenth and the commerce clause.
Seriously, does anyone with a Lexus link have an answer here? It has been more than a decade since my last con law class and I sort of lost track of what the Supremes were up to in some of the less celebrated cases of the 90s...
Think I am joking? Try to find an opinion of the court (not a dissent) that rested its argument upon either amendment... It may be the case that most cases based upon retained or reserved rights never get cert, but in practical terms these amendments are about as important to the current court as the third amendment. I have heard reasonable arguments made that the 13th and 14th amendments effectively gutted 9 and 10 when combined with the commerce clause after the various civil rights cases.
Airlines were deregulated a LONG time ago, southwest is a relatively new phenomenom that appears to NOT be working.
You are just making this up as you go, aren't you? For starters, Southwest was incorporated BEFORE the airlines were de-regulated. It was able to adapt quickly and take advantage of the new opportunities that emerged. Quick pop quiz moron. what is the only airline to report a profit last quarter? Southwest. What is the only airline to NEVER report a quarterly loss? Southwest. If that is your definition of failure and having the government set prices is your idea of a solution then the only other question I can ask is "what color is the sky in your world?"
You are correct that people would rather pay $5 for a better meal, but not one served by the airline. If you actually were allowed to leave your padded room and read once in a while you would discover that the recent trend has been for airline passengers to forgo the airline-provided slop and pick up a meal at the terminal restaurant (usually to the dismay of other passengers who can't quite figure out where the smell of McD's french fries is coming from...)
It absolutely amazes me that people think they can get away with outright lies and deception in online forums where the counter examples are a simple Google search away. Please take your trolling BS elsewhere.
When the airlines were deregulated, prices skyrocketed and became more mysterious, new aircraft types became fewer, meals and perks got skimpier, and share value was decreased.
This is demonstrably false. I guess you just don't remember the days before airline de-regulation very well, but it was more expensive and there were far fewer options available to the traveller. The market de-regulation allowed the emergence of low-cost carriers like Southwest, JetBlue, RyanAir, etc. and these have been an outstanding benefit to the average air traveller.
While the major airlines are currently getting their much-deserved comeuppance for overspending and failing to adapt to the changing market, there are several airlines which stand out from the crowd for having managed to grasp key insights into the nature of the changes that de-regulation imposed upon the air travel market and have prospered as a result. The poster-child for this is Southwest airlines, a small airline that realized that the democratization of air travel (prior to de-regulation the majority of Americans had never flown in an aircraft, after de-reg the numbers have shifted significantly towards air travel as a common and preferred mode of transportation) would allow them to efficiently run short-haul flights with quick turn-around and fewer costly perks to the air traveller. By avoiding the hub-and-spoke arrangement of its competitors and running short flights on a common airframe SWA was able to get more flights out of fewer planes. It also cut down its maintenance costs and per-passenger operating costs.
And how exactly is the dearth of new aircraft types the fault of airline de-regulation? If anything, there were too many different aircraft types. One of the things which is killing the major airlines like American or United is the fact that they have too many different types of aircraft: each one requires its own set of maintenance procedures and facilites and a maintenance and pilot staff trained for that aircraft type. Airlines do not exist to keep aeronautical engineers employed. The decrease in the number of aircraft types being flown is a good thing for the air traveller!
Additionally, most air travellers do not really care about perks and meals if they can get from point A to point B cheaper. BTW, what are the frequently flyer programs that have sprouted up in the post-de-regulation world if not the most successful perk program ever?
The slides mention that Y!Maps was done in Python, but the slides also conveniently did not mention that all of YahooMail was done in Python. Given that the ability of non-CS types to create code was a requirement as well as the ability to maintain code for large, multi-person development projects I am surprised that Python was not among the possibilities examined by this particular group (unless, of course, the outcome was already pre-determined before the "test" was conducted:)
A 10% performance difference is a wash as far as most sites are concerned, for a large site you will see this sort of a difference eaten up in your hourly traffic variance (e.g. you spec for the peak load, not sustained load) and if your bottleneck is at your servers then you have other problems to deal with. I can max out a reasonably sized internet uplink with a single, off-the-shelf PC. Given the cost of these boxes, it is _always_ going to be the case that your monthly bandwidth bill exceeds the cost of the servers needed to max out that connection. Think about that one for a few minutes and then get back to me on why you think a 10% performance difference is going to be a significant factor when it comes to purchasing decisions...
When I was running YahooMail ops we used massive farms of FreeBSD boxes, not because it was the absolute best server PC OS when it came to performance (although at the time I think that it probably was) but because it was what we knew best. Filo was a BSD hacker and we had a collection of ops guys who knew that particular OS inside and out -- if there was a problem we could track it down and figure things out, we didn't have to start guessing or need to make an appeal to newsgroups or mailing lists for help. For a large site performance numbers like these are one factor, but it is not the only factor and is often not even the most important factor. Maintenance and management can often be a more important cost factor then raw performance, sometimes it is something as "trivial" as driver support (or even raw performance differences among various drivers and OS configuration options) or what the team doing the technical evaluation feels comfortable with using and supporting.
Do you think that an A-ganger on this sub is just going to be able to dash off to Fry's when a critical component breaks? Subs are a special case that highlight some of the extremes of a combat environment. They are over-manned and many processes that you or I would look at and call inefficient and a poor use of technology are set up that way for a reason: if it breaks or if the ship takes damage then everyone's life may depend on being able to fix the problem. That means that sometimes it is better to put a person flipping switches or re-directing compressed air in the loop rather than a fancy electronic component -- if the person is injured someone else can step up and take over and if something breaks it can be repaired from stock onboard the sub.
Just because something can be replaced with a shiny new gizmo does not mean that it should be replaced. If the old process is good enough and is well-understood by the crew then what benefit is there to replacing it? It is rather sad that you could not see the whole boat as a large, complicated process and understand the elegance and graceful degradation in the face of component failure that is built-in to these systems. Maybe once you understand the technical challenges of designing fault-tolerance complex systems you will start to appreciate these boats for the marvels of systems and process integration that they can be...
True there will be less barrels, but his point was that we made these plants so that we can collect the arsenic from dump sites. Then we take that collected arsenic and dump it again. Repeat.
Riddle me this batman, which of these two cases presents a harder clean-up problem: 100 kg of lead powdered into a fine dust and bound to the soil as various metalic salts, or a 100 kg brick of lead? The problem that is trying to be addressed here is large-scale soil contamination, where the toxic compounds are distributed and diffuse. The original title to this slashdot story (in the grand slashdot tradition) is completely misleading about the goals here, a better title would have been something like "Using plants to concentrate soil contamination for further processing" but that did not have the same tabloid appeal I guess.
At some point someone should to a bit of examination of past slashdot stories and give the rest of us a bit of feedback on which slashdot editors actually read the articles they are linking to and have the brain cells necessary to understand the content of these links. While I dispair for the future any of the slashdot editors have in fields related to science and technology, they can always fall back to a career with the Weekly World News...
An attacker does not need to log multigigabit traffic, because IIP will not be generating this sort of traffic levels. The attacker only needs to filter out the packets which are obviously IIP packets (based upon packet construction, source or destination, etc.) and note the source IP, destination IP, packet size, and packet timestamps. I know people who build devices specifically for this purpose to do policy-based network security analysis and can watch mutliple gigabit ethernet feeds using a single 1Ghz+ P4 system while still being able to keep basic state on various connections to determine if people are tunneling non-approved protocols through port 80, etc.
It is really not that hard to do, and with the recent CALEA provisions here in the US and other anti-terrorism efforts by other countries such monitoring capability has almost become a requirements for the equipment used at these major exchange points... Sad, but true.
You should be subscribed to coderpunks (coderpunks@toad.com) to get access to a large group of top-notch crypto people. The next list that is a necessity is the nym-ip list (nymip-res-group@nymip.org), which discusses anonymity networks. You should also be checking out proceedings of the Information Hiding workshops, Privacy Enhancing Technologies workshops, and hunt down the other research work by presenters at these conferences.
Not true. Take a quick scan of recent work by Albert-Laslo Berabasi et al. regarding the structure of the internet (there was a recent paper in the Proceedings of the NAS and he published a book on this titled Linked that every slashdot reader should check out) which shows that there are a few key nodes which handle a bulk of the traffic. You have to stop thinking about this network as if it was a random network. There will be well-known, stable nodes that will become preferred nodes and relays within the network -- an attacker will start by watching these nodes. If that is not enough the attacker will watch the major routers and relay points within the net using these well-known nodes as the hook to find additional nodes. It does not matter how widespread your nodes are for these sorts of attacks; in fact, wide geographic distribution of the nodes makes the traffic analysts job easier because this will force more of the packets through major interconnects (and into view of the observer) instead of keeping them localized.
It does not matter that the traffic is encrypted in this case. An attacker is not necessarily interested in getting the contents of the messages, they will start off wanting to know who is talking to who. For this it is not necessary to break the encryption, you treat the whole network as a black box and apply some signal processing tricks to get the conversation flows. [Sorry if all of this sounds negative, but you have decided to tackle a very hard problem that lots of very smart people have been thinking and tinkering on for more than a decade...]
For starters a DC-net is not what you want here because of the communications overhead it creates (the latency would kill you unless you made your DC-net rings rather small, which would introduce other problems...) Additionally, while a DC-net seems trivial because Chaum did such a good job at describing the basics of how it works, in practice it is very, very difficult to create a DC-net which resists internal attacks. DC-nets have the wonderful property of ensuring sender and recipient anonymity but this same property makes it hard to prevent jamming attacks and node collusion. The protocols which were built on top of DC-nets to prevent these problems turn a system which seems trivial to code in the simple example Chaum gives into something that is a PITA to actually get done right. If you really want to do a DC-net I would suggest you dig up a ref to an old cypherpunks posting I sent out way back when regarding applying reputation metrics as a mechanism for controlling these attacks within DC-nets.
The onion routing work suffers from the same problem IIP does, it does not enforce constant bandwidth connections so it is not difficult to discover routes based upon statistical analysis. If you want a model to examine, I suggest you check out Wei Dai's pipenet for a general model and be sure to look at the work Roger Dingledine and others have been doing with MIX-cascades.
The creators of IIP seem to have fallen for the seductive "if we keep adding cool things we read about in Applied Crypto it will magically become anonymous/secure" fallacy. There has been a lot of good research and test implementations done on real anonymous networking over the past few years, unfortunately the creators of IIP seem to have been unaware of all of it. I will not waste too much time ripping on this because it is a noble (albeit doomed) effort.
One example of why this system does not offer the level of anonymity/security it is claiming is the mistaken belief that adding random "cover traffic" prevents traffic analysis. For some reason amateurs seem to think that if you add a few random bits of message traffic and delay a few messages between nodes then this "noise" will make observation and message correlation harder for an attacker. This is incorrect. The simple example that should help the/. crowd understand this is that an attacker can simply view the entire internal network as a black box and do statistical analysis on the inputs and outputs of this black box. There is only one way to prevent this sort of statistical analysis -- fixed bandwidth (or at least constant traffic) pipes. For a recent paper on this subject check out this paper that describes some of the techniques.
There are several lists out there populated by people who actually know what they are doing when it comes to this stuff and simply lack the time/initiative to code up what they know. If the creators of IIP had simply asked a few pertinent questions they would have learned a lot and saved themselves a lot of frustration given that most of this will have to be completely re-coded if it is actually going to live up to the claims being made by this project.
I had -2.5 nearsightedness in both eyes and decided to go looking for the best vision correction solution I could find. I considered RK and LASIK but was a bit concerned that there was no long-term data on either procedure. At the time Intacts (intra-corneal stomal rings, I think) had just getting FDA approval and UCSF was one of the eye centers that performed the procedure. The big win for Intacts was that the procedure was reversible, they put a couple of half-rings into the cornea to re-shape things and if necessary they can yank them back out again...
Post-Intacts I am 20/15 in both eyes and have had no problems after three years.
They would start by going after the site that served as the director of the votester protest (the criminal complaint will probably include conspiracy to commit crimial mischief, conspiracy to commit theft of services, and probably a couple of other conspiracy charges) and then you pick a few random nodes that were a part of the protest and sue them into oblivion while they also face a few choice criminal conspiracy counts themselves. After this happens once or twice do you think anyone would use this tool again?
Of course we have not even begun to plumb the depths of fun that could be had with RICO laws and other tools that can be used against large criminal conspiracies. You really need to start talking to a lawyer kid, before you find yourself needing a lawyer to keep you out of jail and out of debt to the targets of your vandalism for the remainder of your productive lifetime...
And the people who staged sit-down strikes for civil rights in the 60's were participating in a denial of service attack as well.
What makes those people different from those employing this system is that they were prepared to face the consequences of civil disobedience to show those who were not aware of the nature of the problem or the depth of resistence that there were large numbers of people willing to accept the consequences of their actions to make their point heard. Non-violent protest of the Ghandi/MLK, Jr. sort were noteworthy because the protesters stood up to the attacks directed against them and persevered, this projects seeks to attack free speech and deny a voice to those it opposes.
Please do not ever again dare to suggest that this project if in any way an equivalent of the brave and noble souls who faced death and imprisonment to demonstrate the depth of their belief, spamming and DDoSing a site while hiding behind the anonymity of the net is in no way equivalent to these earlier protests.
This is much closer to the work of the "black block" and other pseudo-anarchists who seem to think that destroying property and denying the other side of the argument a voice, all the while hiding their identity and attempting to avoid facing any consequences for their actions, is somehow a valid form of political protest. It is simply vandalism writ large.
Ask yourself this simple question: if the forces being opposed were to use the same tactics to shut down and overload sites like indymedia or other political web sites would you be equally supportive of their actions? I think not.
p.s. The people proposing this action should really read up on the laws regarding conspiracy before claiming that participating in such a system would be legal.
Slashdot Mirror
One of the problems OCN faces is the seemingly obvious problem that data needs to be encoded in order to be shared. This is the problem we faced with MojoNation (the original swarm downloading system) and while throwing around ideas in a brainstorming session Bram came up with the idea of just swarming without encoding the data. This was not suitable to our needs at the time (it only works for popular, massively replicated files) but Bram stuck with the idea and developed it into BitTorrent.
The key insight here is that when data is encoded to increase its reliability within the p2p network it becomes useless to the person who is holding the data. This is not a problem for some applications, but when you are trying to solve the slahsdot effect or serve popular content it can become a limiting factor. The advantages that BT has over this system are that it does not require the data to be encoded in a special manner by the publisher and that data that is stored on the edge nodes is still useful to those nodes. A design like BT can peer data out of your browser cache and share data a larger range of data from each particular peer. This is going to be a significant advantage in the long-run.
Users can backup and restore their own files; user self-help for cases of "pilot error" and random system crashes means that IT does not get the "hey, I accidentally deleted my presentation that I have to give to the board in 2 hours, can you help me out?" call that interrupts whatever they were doing. Doing daily/hourly snapshots to an online storage mesh also means that the backup tape monkey does not need to spend time trying to balance backup runs to fit within various backup windows, you can let the distributed system handle the snapshots of current data and use the tape for weekly/monthly offsite archive.
There are lots of cool and interesting uses for p2p outside of simple content distribution, you just need to look a little harder.
Unfortunately, the legal work we did early on when designing the system only prevented people from suing us (the code creators) and it did so by pushing liability off on to the users. That was the closest that one could really get to safety given the structure of the DMCA. Contrary to the widely held fantasy among decentralized p2p systems, "willful blindness" is not a valid defense against DMCA attacks -- something that I think the upcoming Kazaa et al. trial is eventually going to reveal after all of the appeals and other legal wrangling is worked out.
BTW, the only app that mnet provides is a publish-retrieve shared data system identical to the old mojonation (sans distributed resource management), file sharing is not "one of" the apps for the API, it is the only app.
Why this work does apply almost entirely to GUI issues this is because the GUI is the tool through which 99.99% of the world uses a computer. For related work that shows some better examples by the same author I would suggest that you take a look at this paper (sorry for citing it Ping...) which provides some nice examples of how a GUI that explains the security implications of certain preference settings can be used for a mp3 player, etc. This paper is writen from the capability-semantics perspective, so the standard unix security model is already outclassed, but it will give you a better idea of how security and UI are related.
What a crock. You obviuosly have never really done much secure system work. Security and usability are only in contention when people who only understand one side of the argument start dealing with people who only understand the other side of the problem. It is possible to have secure systems that do not place a significantly larger usage burden on the user if they are designed correctly, and Ping is one of the few people out there who I know has been thinking about this for more than fifteen minutes. This is not about security being convenient, it is about meeting security requirements without going the extreme that you suggest and making the useless system. Sometimes this requires that you add a bit of additional effort on the part of the user, but often it means that you actually use the UI to let the user know that an action they are about to perform has security implications that might not be obvious to a casual user.
There is an old, probably apocryphal story about how someone ran a test on a bunch of users that presented them with a bunch of modal dialog windows in the midst of a task and one of the windows asked the user if they wanted to reformat the disk. When the users get bored or frustrated with poor UI design they will often switch into auto-pilot and in this case they blindly hit the "yes" button because that was the proper response to all of the other modal dialogs that had been interrupting their work. When the users complained the person running the test pointed out that the system asked them if they wanted to reformat the disk and they had said yes.
Security and UI should never be considered independant items in system design, because if you can't communicate what is happening and the consequences of actions to users then the only security policy possible is the brain-dead ones that you suggest.
Check out Rotorway (http://www.rotorway.com/) which offers the Exec 162F as a kit helicopter. These things are supposedly a little bit more "twitchy" and not as forgiving as a bigger helicopter (less time to react and less angular momentum stored in the blades in the case of a power failure) but for $65k you get a well-tested and engineered system backed by a "real" company and not someone running an operation out of their garage. The system this article references seems to be the ultralight of the rotorcraft world and not the Cessna 162 or GlassAir...
Besides, who needs moments of quiet introspection when we can just use grep to find the patterns in our life?
I guess the Newt was before your time kid, but Graffiti was invented for the newton. It was ported over the the Palm and included with the OS (instead of being the third-party add-on software package it was with the Newt). While the original handwriting recognition on the Newton was not great, by the time the Newton 2000 and 2100 came out it kicked ass. I know this because I have been using my Newton 2100 since 1997, waiting in vain for someone, anyone, to come up with something that was even 75% of what the Newt provided in terms of fast recognition and good cross-linking of information among the apps.
Two things let US Robotics get ahead of Apple: price of the units and price of the development software. A palm was in the $300 range while the newt 2000/2100 was more than $1K. This limited the userbase and prevented the Newt from being an "everyone at the office has one, so I need to get one" device. The development software for the Newt was also a $1K package until the very end and this turned off a lot of potential developers, particularly when combined with the radical shift in thinking required for using NewtonScript (NS it was a prototypes-based OO system -- very good for keeping application size down and allowing developers to modify/enhance exisiting apps, very bad for getting buy-in from people with no experience in PDA programming and a C-mostly background).
Don't kid yourself, the PDA revolution did start with the Newton. It is just that the revolution passed the Newt and then Steve came back to apple and killed the Sculley-backed Newton (i.e. for this revoution, the Newton was Trotsky and Palm was Lenin).
I am still waiting for a real PDA that comes close to the Newt. Unfortunately the PocketPC devices are the closest things out there right now. The only thing that keeps me waiting on the sidelines was Apple's re-introduction of the Inkwell handwriting recognition technology from the Newt into OS X 10.2.
I will grant you that the persistent fungus that is the commerce clause is occasionally fought back, but the opinion in the case you cite does not, as far as I can tell, actually cite the ninth or tenth amendments. The case limits the range of the pernicious combination of the fourteenth and the commerce clause.
Seriously, does anyone with a Lexus link have an answer here? It has been more than a decade since my last con law class and I sort of lost track of what the Supremes were up to in some of the less celebrated cases of the 90s...
Think I am joking? Try to find an opinion of the court (not a dissent) that rested its argument upon either amendment... It may be the case that most cases based upon retained or reserved rights never get cert, but in practical terms these amendments are about as important to the current court as the third amendment. I have heard reasonable arguments made that the 13th and 14th amendments effectively gutted 9 and 10 when combined with the commerce clause after the various civil rights cases.
You are just making this up as you go, aren't you? For starters, Southwest was incorporated BEFORE the airlines were de-regulated. It was able to adapt quickly and take advantage of the new opportunities that emerged. Quick pop quiz moron. what is the only airline to report a profit last quarter? Southwest. What is the only airline to NEVER report a quarterly loss? Southwest. If that is your definition of failure and having the government set prices is your idea of a solution then the only other question I can ask is "what color is the sky in your world?"
You are correct that people would rather pay $5 for a better meal, but not one served by the airline. If you actually were allowed to leave your padded room and read once in a while you would discover that the recent trend has been for airline passengers to forgo the airline-provided slop and pick up a meal at the terminal restaurant (usually to the dismay of other passengers who can't quite figure out where the smell of McD's french fries is coming from...)
It absolutely amazes me that people think they can get away with outright lies and deception in online forums where the counter examples are a simple Google search away. Please take your trolling BS elsewhere.
This is demonstrably false. I guess you just don't remember the days before airline de-regulation very well, but it was more expensive and there were far fewer options available to the traveller. The market de-regulation allowed the emergence of low-cost carriers like Southwest, JetBlue, RyanAir, etc. and these have been an outstanding benefit to the average air traveller.
While the major airlines are currently getting their much-deserved comeuppance for overspending and failing to adapt to the changing market, there are several airlines which stand out from the crowd for having managed to grasp key insights into the nature of the changes that de-regulation imposed upon the air travel market and have prospered as a result. The poster-child for this is Southwest airlines, a small airline that realized that the democratization of air travel (prior to de-regulation the majority of Americans had never flown in an aircraft, after de-reg the numbers have shifted significantly towards air travel as a common and preferred mode of transportation) would allow them to efficiently run short-haul flights with quick turn-around and fewer costly perks to the air traveller. By avoiding the hub-and-spoke arrangement of its competitors and running short flights on a common airframe SWA was able to get more flights out of fewer planes. It also cut down its maintenance costs and per-passenger operating costs.
And how exactly is the dearth of new aircraft types the fault of airline de-regulation? If anything, there were too many different aircraft types. One of the things which is killing the major airlines like American or United is the fact that they have too many different types of aircraft: each one requires its own set of maintenance procedures and facilites and a maintenance and pilot staff trained for that aircraft type. Airlines do not exist to keep aeronautical engineers employed. The decrease in the number of aircraft types being flown is a good thing for the air traveller!
Additionally, most air travellers do not really care about perks and meals if they can get from point A to point B cheaper. BTW, what are the frequently flyer programs that have sprouted up in the post-de-regulation world if not the most successful perk program ever?
The slides mention that Y!Maps was done in Python, but the slides also conveniently did not mention that all of YahooMail was done in Python. Given that the ability of non-CS types to create code was a requirement as well as the ability to maintain code for large, multi-person development projects I am surprised that Python was not among the possibilities examined by this particular group (unless, of course, the outcome was already pre-determined before the "test" was conducted :)
A 10% performance difference is a wash as far as most sites are concerned, for a large site you will see this sort of a difference eaten up in your hourly traffic variance (e.g. you spec for the peak load, not sustained load) and if your bottleneck is at your servers then you have other problems to deal with. I can max out a reasonably sized internet uplink with a single, off-the-shelf PC. Given the cost of these boxes, it is _always_ going to be the case that your monthly bandwidth bill exceeds the cost of the servers needed to max out that connection. Think about that one for a few minutes and then get back to me on why you think a 10% performance difference is going to be a significant factor when it comes to purchasing decisions...
When I was running YahooMail ops we used massive farms of FreeBSD boxes, not because it was the absolute best server PC OS when it came to performance (although at the time I think that it probably was) but because it was what we knew best. Filo was a BSD hacker and we had a collection of ops guys who knew that particular OS inside and out -- if there was a problem we could track it down and figure things out, we didn't have to start guessing or need to make an appeal to newsgroups or mailing lists for help. For a large site performance numbers like these are one factor, but it is not the only factor and is often not even the most important factor. Maintenance and management can often be a more important cost factor then raw performance, sometimes it is something as "trivial" as driver support (or even raw performance differences among various drivers and OS configuration options) or what the team doing the technical evaluation feels comfortable with using and supporting.
Just because something can be replaced with a shiny new gizmo does not mean that it should be replaced. If the old process is good enough and is well-understood by the crew then what benefit is there to replacing it? It is rather sad that you could not see the whole boat as a large, complicated process and understand the elegance and graceful degradation in the face of component failure that is built-in to these systems. Maybe once you understand the technical challenges of designing fault-tolerance complex systems you will start to appreciate these boats for the marvels of systems and process integration that they can be...
Newton wavelan/wi-fi drivers
Riddle me this batman, which of these two cases presents a harder clean-up problem: 100 kg of lead powdered into a fine dust and bound to the soil as various metalic salts, or a 100 kg brick of lead? The problem that is trying to be addressed here is large-scale soil contamination, where the toxic compounds are distributed and diffuse. The original title to this slashdot story (in the grand slashdot tradition) is completely misleading about the goals here, a better title would have been something like "Using plants to concentrate soil contamination for further processing" but that did not have the same tabloid appeal I guess.
At some point someone should to a bit of examination of past slashdot stories and give the rest of us a bit of feedback on which slashdot editors actually read the articles they are linking to and have the brain cells necessary to understand the content of these links. While I dispair for the future any of the slashdot editors have in fields related to science and technology, they can always fall back to a career with the Weekly World News...
An attacker does not need to log multigigabit traffic, because IIP will not be generating this sort of traffic levels. The attacker only needs to filter out the packets which are obviously IIP packets (based upon packet construction, source or destination, etc.) and note the source IP, destination IP, packet size, and packet timestamps. I know people who build devices specifically for this purpose to do policy-based network security analysis and can watch mutliple gigabit ethernet feeds using a single 1Ghz+ P4 system while still being able to keep basic state on various connections to determine if people are tunneling non-approved protocols through port 80, etc.
It is really not that hard to do, and with the recent CALEA provisions here in the US and other anti-terrorism efforts by other countries such monitoring capability has almost become a requirements for the equipment used at these major exchange points... Sad, but true.
You should be subscribed to coderpunks (coderpunks@toad.com) to get access to a large group of top-notch crypto people. The next list that is a necessity is the nym-ip list (nymip-res-group@nymip.org), which discusses anonymity networks. You should also be checking out proceedings of the Information Hiding workshops, Privacy Enhancing Technologies workshops, and hunt down the other research work by presenters at these conferences.
It does not matter that the traffic is encrypted in this case. An attacker is not necessarily interested in getting the contents of the messages, they will start off wanting to know who is talking to who. For this it is not necessary to break the encryption, you treat the whole network as a black box and apply some signal processing tricks to get the conversation flows. [Sorry if all of this sounds negative, but you have decided to tackle a very hard problem that lots of very smart people have been thinking and tinkering on for more than a decade...]
For starters a DC-net is not what you want here because of the communications overhead it creates (the latency would kill you unless you made your DC-net rings rather small, which would introduce other problems...) Additionally, while a DC-net seems trivial because Chaum did such a good job at describing the basics of how it works, in practice it is very, very difficult to create a DC-net which resists internal attacks. DC-nets have the wonderful property of ensuring sender and recipient anonymity but this same property makes it hard to prevent jamming attacks and node collusion. The protocols which were built on top of DC-nets to prevent these problems turn a system which seems trivial to code in the simple example Chaum gives into something that is a PITA to actually get done right. If you really want to do a DC-net I would suggest you dig up a ref to an old cypherpunks posting I sent out way back when regarding applying reputation metrics as a mechanism for controlling these attacks within DC-nets.
The onion routing work suffers from the same problem IIP does, it does not enforce constant bandwidth connections so it is not difficult to discover routes based upon statistical analysis. If you want a model to examine, I suggest you check out Wei Dai's pipenet for a general model and be sure to look at the work Roger Dingledine and others have been doing with MIX-cascades.
One example of why this system does not offer the level of anonymity/security it is claiming is the mistaken belief that adding random "cover traffic" prevents traffic analysis. For some reason amateurs seem to think that if you add a few random bits of message traffic and delay a few messages between nodes then this "noise" will make observation and message correlation harder for an attacker. This is incorrect. The simple example that should help the
There are several lists out there populated by people who actually know what they are doing when it comes to this stuff and simply lack the time/initiative to code up what they know. If the creators of IIP had simply asked a few pertinent questions they would have learned a lot and saved themselves a lot of frustration given that most of this will have to be completely re-coded if it is actually going to live up to the claims being made by this project.
I had -2.5 nearsightedness in both eyes and decided to go looking for the best vision correction solution I could find. I considered RK and LASIK but was a bit concerned that there was no long-term data on either procedure. At the time Intacts (intra-corneal stomal rings, I think) had just getting FDA approval and UCSF was one of the eye centers that performed the procedure. The big win for Intacts was that the procedure was reversible, they put a couple of half-rings into the cornea to re-shape things and if necessary they can yank them back out again...
Post-Intacts I am 20/15 in both eyes and have had no problems after three years.
They would start by going after the site that served as the director of the votester protest (the criminal complaint will probably include conspiracy to commit crimial mischief, conspiracy to commit theft of services, and probably a couple of other conspiracy charges) and then you pick a few random nodes that were a part of the protest and sue them into oblivion while they also face a few choice criminal conspiracy counts themselves. After this happens once or twice do you think anyone would use this tool again?
Of course we have not even begun to plumb the depths of fun that could be had with RICO laws and other tools that can be used against large criminal conspiracies. You really need to start talking to a lawyer kid, before you find yourself needing a lawyer to keep you out of jail and out of debt to the targets of your vandalism for the remainder of your productive lifetime...
What makes those people different from those employing this system is that they were prepared to face the consequences of civil disobedience to show those who were not aware of the nature of the problem or the depth of resistence that there were large numbers of people willing to accept the consequences of their actions to make their point heard. Non-violent protest of the Ghandi/MLK, Jr. sort were noteworthy because the protesters stood up to the attacks directed against them and persevered, this projects seeks to attack free speech and deny a voice to those it opposes.
Please do not ever again dare to suggest that this project if in any way an equivalent of the brave and noble souls who faced death and imprisonment to demonstrate the depth of their belief, spamming and DDoSing a site while hiding behind the anonymity of the net is in no way equivalent to these earlier protests.
This is much closer to the work of the "black block" and other pseudo-anarchists who seem to think that destroying property and denying the other side of the argument a voice, all the while hiding their identity and attempting to avoid facing any consequences for their actions, is somehow a valid form of political protest. It is simply vandalism writ large.
Ask yourself this simple question: if the forces being opposed were to use the same tactics to shut down and overload sites like indymedia or other political web sites would you be equally supportive of their actions? I think not.
p.s. The people proposing this action should really read up on the laws regarding conspiracy before claiming that participating in such a system would be legal.