PGP has always existed as freeware, with full source code too. It's not going to disappear!
PGP 7.1 has not been released as freeware, and source release for anything past 6.5.8 is problematic. You can get the crypto engine of 7.1 (but not 7.0), but only if you agree to a truly onerous license. Better to say
Freeware builds of PGP haven't been made available for 7.1, and there's been practically no source release, too. At this rate, it's going to disappear!
Of course, my panties are far from in a knot. In the first place, I wear boxers. In the second, I use GnuPG.
This would violate the Free Software Foundation's definiton of Free Software. One of the primary freedoms of Free Software is the freedom of privacy. Namely, the right to keep your modifications private, for yourself, and not share them with your neighbor. RMS would certainly prefer that you do share--but he feels it unethical to require that you share. If you do this, then your software, while still being Open Source, will not be Free Software.
Think in the long-term. What happens in ten years when you're no longer active in the community? What if nobody can find you to send you these diffs? In that case, your software cannot be modified and distributed--because without sending you the diffs, the software cannot be distributed!
If you have a clause that says ``you are not required to send me changes if you can't find me'', then people can make whatever diffs they like and not send them on--after all, hey, they looked around their cube for you, you weren't there, so they just went on with business as usual. Yes, that's an extreme case, but it'd be technically legal.
The more complex a legal agreement becomes, the easier it is to subvert. The GPL is already on questionable legal ground; if you add another clause, even with a lawyer's help, you also diminish the likelihood that you can ever enforce this license.
... I don't mean to burst your bubble here, but this is just a Bad Idea. Better to leave a note in the README that says ``please, please, please remember to send me diffs'' and not make it a legal requirement of the license than to try and write in your own clause.
unless some major Churches are subsidized by the state, but I don't know if that's the case in the UK
Given that the monarch of England is also the head of the Anglican Church, aka the Church of England, it's a fairly good bet that some major churches in the UK enjoy very strong government ties, to put it mildly.
He's wrong. The UK still punishes assassinations of monarchs and arson in royal shipyards by execution. The HRA was supposed to get rid of this, but by dint of the fact that the HRA can be suspended if required for national security, and both of those crimes are national-security ones, capital punishment is still on the books.
The UK still has execution on the law books--for assassinating a monarch, or for arson in a royal dockyard. The Human Rights Act supposedly got rid of capital punishment, but that Act permits itself to be suspended when required by national security concerns--meaning it's not worth the paper it's printed on.
If the UK still has capital punishment on the books, then you can't claim all of Western Europe has abandoned capital punishment.
As it turns out, if you want to eavesdrop on my phone calls, or intercept my mail, I do have a security force that's charged with keeping my communications secure. You (assuming you're an American) have a security force that does the exact same thing for you.
To the former, that's under the authority of the FBI.
To the latter, that's under the authority of the Postal Inspectors.
Given that there are strict laws against eavesdropping on phone calls and intercepting mail, the expectation of privacy in phone calls and mail is entirely reasonable.
Your phone land line in an unencrypted, insecure wire. With some parts from Radioshack I could easily listen in to everything you have to say. But it's still protected by law.
Because in the absence of significant undertaking--actually going onto someone's property and planting the alligator clips on the junction box--the phone conversation is secure. In normal usage, phone conversations cannot be overheard by any Tom, Dick or Harry who wants. In normal usage, email can. Your analogy to phone lines falls apart right here.
Secondly, it is a serious violation of the law to do this. If you really want to do this, the FBI will be happy to come down to your house and stick a gun in your face and place you under arrest. Given that it requires a criminal act to eavesdrop on a landline, there is a reasonable expectation of privacy--it's axiomatic that you can reasonably expect people to follow the law. (Whether or not this legal axiom is correct is another story altogether.)
Other tidbit is that proof by analogy is intellectual fraud.
Your cell phone is even easier to listen in to. But again, your conversations are protected by law.
No, they aren't. Cops don't need wiretaps to listen in on radiotelephone transmissions--you're *broadcasting*, and anyone with a receiver can listen in. Ever wonder why attorneys don't use cell phones for privileged attorney-client information? Because there is no recognized reasonable expectation of privacy on cell phones.
Cops often seek court orders for radiotelephony anyway, in the interests of making sure the information doesn't get bounced out of court--but in a strictly legal sense, they don't need to.
Again, proof by analogy is intellectual fraud.
Paper mail is incredibly insecure. Open the envelope. But we prosecute the hell out of anyone who dares to do such a thing.
We have laws which require the confidentiality of the US Mail, and we have armed Postal Inspectors who will be more than happy to shove a gun in your face and place you under arrest if you try and violate this confidence. In light of the fact that the confidentiality of the mail is protected by Federal law, there is a very reasonable expectation of privacy in the mail.
Again, proof by analogy is intellectual fraud.
I could bug your home with a little effort and a bit of technical know-how without ever having to walk through the front door. Just need some windows, is all. How much time do you think I'll spend in jail if I do it?
Given that this is, you guessed it, against the law, and that armed cops will be happy to shove a gun in your face and place you under arrest if you do it, there is a very reasonable expectation of privacy within one's own home.
A ``reasonable expectation of privacy'' for the identities of people you correspond with via email? Guys, you don't have a reasonable expectation of privacy in email period, encrypted email notwithstanding. One of my friends had the sysadmin at her company reading through her email recently, including a couple of emails from her fiancee, and this sonufabitch was actually reading her emails aloud to a (female) co-worker he was trying to impress.
Your emails are not private. If you think they are, you're stupid and living under a rock. We know this here on Slashdot; after all, we advocate using email encryption, we set up anonymous remailers, etc., exactly because we don't expect privacy otherwise.
So now a couple of senators are saying ``hey, Americans have no reasonable expectation of privacy in the identities of their correspondents'', and what are we saying? Sounds like ``how dare they!''
Gee. Color us hypocritical.
Same argument applies to HTTP headers. Guys, you're sending traffic across an unencrypted, insecure wire. What expectation of privacy do you really have? We understand that HTTP is an insecure protocol and we even expect that HTTP headers will be abused by pretty much anyone who can make a buck off it. But when senators who hold political opinions most Slashdotters don't like say that ``Americans have no reasonable expectation of privacy in their HTTP headers'', suddenly we're up in arms?
For the love of God, people. Figure out what you believe and take an unambiguous stand for it.
You know, I could be wrong, but here it was I thought Wiles proved Fermat's Last Theorem in the process of proving a subset of the Taniyama-Shimura Conjecture. He didn't use the Fermat-related subset of Taniyama-Shimura to prove Fermat, because that's what he was trying to prove in the first place.
If I'm wrong, I'm wrong. If I'm right... then you've got some explaining to do.:)
[Q]uantum computation: what is there to trust or not trust? It's just like an Athlon, only different; either it works, or it doesn't. Either it factors an RSA key, or it doesn't. It's not like it spits out an answer that you can't check easily.
Right--this wasn't quite what I meant, though. It was an inaccuracy on my part; it'd be more accurate to say that I don't trust the current claims being made about superpositional computation. While theoretically all the claims are valid, practically there's a helluva long way to go. Recently, there was a lot of hubbub about a display of superpositional computation using a small number of qubits. In the middle of the hubbub, one cryptographer said archly, ``gee, any RSA moduli with less than three bits is in real trouble now...''
That's what I don't trust--the hype and hubbub. Superpositional computation has tremendous theoretical possibilities, but superpositional computation in practice is... nowhere near useful. Ask me again in five years what I think and you might get a different answer.:)
[about my distrust of ECC:] Well, that's a good reason not to use it, but not a good reason not to trust it.
See above. Also, keep in mind that the only curves useful in open implementations are either horrifically slow or else insecure--the former is a usability problem, the latter is a trust problem. For ECC, I don't trust the hype, and to a lesser extent I don't trust the curves available to open implementations, either.
Best algorithm? Take your pick. AES/Rijndael, Serpent, Twofish, RC6, Blowfish, MARS, Triple-DES-- all of them are good algorithms
Ack! Not RC6, not RC6. 15 of 20 rounds were broken during the AES selection process.
In fact, I'd suggest avoiding all of the AES candidates altogether. Even AES itself (nee Rijndael), for that matter--they're simply too new and not enough cryptanalysis has been performed of them.
The only two on your list which I'd recommend would be Blowfish and 3DES. Both of them have been around for years and have been extensively cryptanalyzed, with no significant results being discovered.
It'll keep a twelve-year old from figuring out what you're talking about. It won't keep a sophisticated attacker from figuring out what you're talking about. English is a terribly redundant language; whenever you use a sentence with Fjornborgi in it, you're encoding that word in the rest of your sentence, too. A cryptanalyst would study the environment in which you use the word; the time of day; after what activity; with who else around.
In time, the cryptanalyst would be able to figure out what "Fjornborgi" means--even if you didn't tell him directly, he'd know to a surprising degree of accuracy.
These are people who recreate the internal mechanisms of cipher algorithms just by watching a string of nearly completely random numbers flow out of it. Compared to that, human conversation is trivial.
You don't want to ask ``what's the state of the art?'', you want to ask ``what's a decade old or more?''
State-of-the-art would be something like the NSA's Dual Counter Mode for AES, which was recently successfully cryptanalyzed. Or the NSA's SKIPJACK algorithm, which has had 31 of 32 rounds broken. Or RC6, which has had 15 of 20 rounds broken. Or... you get the idea. Of all the really neat and nifty things being developed right now, perhaps only one percent of them--and I may be optimistic here--will survive the test of time.
Once something's survived five years of hard cryptanalysis, it might be worth using. Ten years, it's probably worth using. More than that, and you should probably be using it already.
The state-of-the-art is found in quantum computation and quantum cryptography (which are based on different principles, BTW--I'd rather people call them "superposition computation" and "Heisenberg key exchange", or somesuch), and to a slightly lesser extent in elliptical-curve cryptography. I don't trust any of the three worth a damn.
I don't trust QC of either sort because it depends on so much knowledge of physics and technical savvy that, were it to be fielded today, it would be hideously insecure by virtue of its implementation being so difficult to get right. I don't trust ECC, even though the Taniyama-Shimura Conjecture has been proven, because all of the good elliptic curves have been patented by Certicom and the remainder are either untrustworthy or too slow for practical use.
This means I'm going to be stuck using my old standbys of El Gamal and 3DES. I'm not at all concerned. El Gamal has had some savagely intense cryptanalysis (almost as much as RSA) and is built on a more difficult problem than RSA; and 3DES has driven good cryptographers to the brink of madness trying to find some exploitable flaw in it.
Mmmhmm. Real good idea, asking an intelligence agency for an informed opinion on the judicial branch. The CIA is not what I would consider an authority on what the United States legal system is.
The Federal judge I had dinner with two nights ago, on the other hand, is an authority.
The US legal system is not ``based on'' the English system any more than the US Constitution is ``based on'' the English constitution. Yes, it's true that virtually everything in the Bill of Rights was recognized as a right of a free Englishman; yes, it's true that the Senate/House split is reminiscent of the House of Lords/House of Commons split; but it's not true that the US Constitution is based on the English constitution because England doesn't have a constitution in the first place.
Similarity does not mean ``based on''. The simple Constitutional fact alone is enough to make the US legal system stand independent.
Linux is similar to SysV and BSD. Does that mean it's ``based on'' either?
Commit yourself to a strict policy: nothing in a minor version will break anything since the last major version. If your code is at 1.9.99, it should be backwards-compat with 1.0.0. If your code is at 1.1.0 and backwards compatability breaks, move it to a 2.0 release.
Typically, users expect breakage--or, at the very least, problems related to upgrades--with major versions. With minor versions, they don't expect breakage.
Follow the Law of Least Surprise. If you break backwards compatability, up the major by one.
Insofar as when to break backwards compatability, that's a much harder question. The obvious answer is a little philosophic: not all engineering problems can be solved by saying ``screw backwards compatability'', and some engineering problems cannot be solved without saying it.
Close; it creates bugs. Dynamic memory management is much more reliable when it's left to automated tools; when was the last time you saw LISP or Scheme code dump core on a segmentation fault?
I compile with gcc -Wall. Maybe you should go back to Basic?
Funny. I write code in Ada95, in LISP, in Scheme, in OCaml, in C, in C++, in Python, and in half a dozen other languages too esoteric to mention here.
If you feel that you're a 31337 haX0r because you know C, buddy... think again. There's an entire world of languages out there, and some of them are very, very good.
For one project of mine (a GNOME-based network app), I prototyped in Glade and spent the rest of my time in gIDE tweaking it until it was in a semistable form. It took a helluva lot of time, due to the code's complexity and the tremendously intolerant attitude C takes toward even the slightest failing.
A few weeks later, I decided to learn Python and figured to port this app to Python and PyGNOME as my own sort of final exam; i.e., did I now understand Python well enough to write real apps? Using no tool more sophisticated than xemacs, I had the app running in Python/PyGNOME in under three days.
Part of this is undoubtedly due to the fact that I'd already hammered out the program logic by writing it in C the first time. Part of it is due to the fact Python is a more appropriate tool for GUI construction.
But in the end, a shift in programming language (C to Python) made a tremendous difference in development time and brain-pain. The ``downshift'' from an IDE to a traditional editor made pretty much no difference at all.
The question ``[a]re GUI dev tools more advanced than CLI counterparts?'' is, in some ways, a foolish one. The most advanced tool any hacker has is what's between his ears, and the experience he's accumulated over his years.
Fortunately, I don't care what you think. That being said:
If Tom Miller is "the most aggressive of all the state AGs" and he doesn't want a breakup, then a breakup would have never seen the light of day in the first place
You apparently have never been inside a courtroom. A lot of things are said and threatened in a courtroom, even though the party making those threats never has any intent of following through on it. A lot of the time, those threats are made for public-relations purposes and nothing more--but when it comes time to put your cards on the table, the language becomes more conciliatory, less threatening.
The first lesson of law is that as soon as you step into a courtroom, you lose. Wise lawyers avoid court whenever possible--whether via a plea bargain in criminal cases or a negotiated agreement in civil cases. Judges are infamously fickle, and nobody in their right mind feels like letting a judge decide whether the sun comes up in the east or not.
The Feds and the state AGs were threatening a breakup in order to get Microsoft to take negotiations seriously. If you remember, in the prior round of negotiations, Microsoft failed to take anything seriously--to the point where Judge Posner all but threw up his hands in frustration. MS was refusing to concede on anything, instead comfortable and certain that they'd win in court.
They didn't.
Now MS is willing to negotiate, and is apparently willing to accept some pretty draconian conditions as part of the agreement. Presto. The Feds and the state AGs get what they want, so they drop the breakup threat.
The threat of action is usually more effective than the action itself. That's why lawyers are so willing to threaten lawsuits--because the threat is more effective than the lawsuit itself. That's why prosecutors promise to ``throw the book'' at a perp--because the threat is often enough to get the perp to agree to a plea-bargain.
You didn't actually think they wanted Microsoft broken up, did you?
Don't have a reference handy, unfortunately. I first heard of it from David Boies, when he was hired in relation to the Napster/RIAA debacle. He figured that if Napster could show RIAA was acting in violation of antitrust law--difficult, but possible--then they could get all those copyrights turned over to the public domain, and Napster would be home free.
The law predates the twentieth century, apparently, having been passed very late in the 1800s. Almost everyone had forgotten about it or overlooked it until Boies found it while doing research into converting copyrighted works into public-domain works. The law has, to the best of my knowledge, never been tested in court.
The law is filled with all sorts of landmines like that--laws passed over a hundred years ago which everyone has forgotten about, up until the point someone points the law out and you discover you just had your balls cut off by a rusty spoon. That's why I'm so deeply suspicious of the law, myself.:)
Remember: if you're a monopoly and you illegally use your monopoly power to stifle competition, you have to pay triple damages to the people you've harmed.
Let's take a hypothetical example of a small start-up worth $50 million at its peak which was brutally hammered by Microsoft's unethical business practices. This start-up might not be worth anything anymore, but whoever's handling the start-up's business affairs (even though it's defunct and bankrupt) can sue Microsoft for a hundred fifty million in damages.
Let's take a look at Be, which was worth (at its peak) $120 mil--or, at least, that's the highest price Apple ever offered for them. Be is currently worth less than a six-pack of Budweiser. Since Be was crushed in large part due to Microsoft's unethical business practices, that's $360 million dollars in damages right there--or a third of a billion.
Now let's take Sun Microsystems, which is unarguably going to be hurt by Microsoft refusing to include Java in WinXP. How many billions of dollars can Sun claim in damages? Now triple that, and you get an idea of how large Microsoft's Sun-induced headache is going to be.
The interesting thing is not going to be the breakup, or the conduct remedies, or anything else. It's when the dust finally settles and this is all over, the US government is going to wind up placing big-ass, gnarled, iron-studded clubs into the hands of the Mongol Hordes who hate Microsoft.
That's gonna hurt.
And let's not even get into the copyright issue. Under American law, any monopoly which leverages intellectual property to preserve their monopoly has their work turned over to the public domain. This isn't something the Feds or the state AGs are pursuing, because they probably think that would kill Microsoft outright, and they don't want to do that. But how long until Sun, or IBM, or someone else, discovers this--I'd be surprised if they didn't know it already--and files a suit in Federal court to get Windows turned over to the public domain, and thus slaughters Microsoft outright?
For Microsoft, the pain isn't really going to begin until after the trial ends. That's why they're stalling as long as they can--because when the trial ends, that's when the Mongol Hordes arrayed against them start chanting, Bring the Pain, Bring the Pain.
(And yes, the DOJ has used that nifty bit of copyright law as leverage to get RIAA to do things the DOJ's way. If the DOJ can use it against RIAA, then anyone can use it against Microsoft.)
Really. The point is not that Bush is letting Microsoft off the hook--he's not. The Bush administration (important to remember that) is saying, ``we don't think a breakup is called for, we want to see conduct remedies instead''.
This is not necessarily a bad idea. In fact, Tom Miller, the Iowa attorney general who has been one of the biggest movers in the states' suit against Microsoft, has agreed with the Bush administration's decision on this matter.
When even the most aggressive of all the state AGs agrees that ``conduct remedies are enough, they'll do'', what in God's name are the rest of you mewling about?
Let's also note that the Bush administration is no longer pushing for a breakup. That doesn't mean a breakup won't happen, because in the end, it is the judge hearing the case who gets to decide what action is necessary to restore competition to the marketplace. If the judge in question thinks a breakup is called for, well, it doesn't matter a damn what the Bush administration or the states want--Microsoft will be broken up.
If they are going to be making laws when they have no Constitutional right too, they need more oversight by the public.
They do have that right. The Constitution only grants the authority to pass codified law to Congress and the States; the Constitution is silent on whether or not the Judiciary can enact common law. Given that at the time the Constitution was drafted, a few hundred years of English common law had been incorporated into the United States, the historical record is pretty clear that the courts have always held the right to enact common law.
This doesn't mean it's wise or good when judges write a new chapter of common law, but it is most certainly Constitutional.
I know one Federal judge whose hobby is finding the oldest binding precedent that he can to support a notion. If I remember correctly, he's managed to get all the way back to 1632, predating the United States by almost two centuries, by using English common law which was incorporated into the United States.
Furthermore judges can only interpret the law. While this can have large implications, it's not the same as if they can decree martial law is in effect or pass taxes to raise money for themselves.
This actually happened in Missouri. If I recall correctly, Kansas City was not budgeting enough money to pay for a court-ordered desegregation effort, so the Federal judge sitting on the bench imposed a sales tax on Kansas City with orders that the proceeds from the tax be used to pay for this court-ordered desegregation.
This was very recently, too--in just the last few years.
The decision was later found to be grossly unconstitutional by the Eighth Circuit Court of Appeals, but the damage had already been done.
When John Ashcroft was being grilled for his Attorney General confirmation hearings, he took a lot of flak (primarily from Democrats) for his statement that the number one threat to the Constitution and public liberty was ``judicial tyranny''. A lot of people screamed bloody murder that we couldn't approve Ashcroft as A.G., that he didn't trust the courts.
How could he?
John Ashcroft was the Governor of Missouri at the time this half-baked crock in a robe usurped the Constitution and passed his own tax on the citizens of Missouri.
Slashdot Mirror
PGP has always existed as freeware, with full source code too. It's not going to disappear!
PGP 7.1 has not been released as freeware, and source release for anything past 6.5.8 is problematic. You can get the crypto engine of 7.1 (but not 7.0), but only if you agree to a truly onerous license. Better to say
Freeware builds of PGP haven't been made available for 7.1, and there's been practically no source release, too. At this rate, it's going to disappear!
Of course, my panties are far from in a knot. In the first place, I wear boxers. In the second, I use GnuPG.
- This would violate the Free Software Foundation's definiton of Free Software. One of the primary freedoms of Free Software is the freedom of privacy. Namely, the right to keep your modifications private, for yourself, and not share them with your neighbor. RMS would certainly prefer that you do share--but he feels it unethical to require that you share. If you do this, then your software, while still being Open Source, will not be Free Software.
- Think in the long-term. What happens in ten years when you're no longer active in the community? What if nobody can find you to send you these diffs? In that case, your software cannot be modified and distributed--because without sending you the diffs, the software cannot be distributed!
- If you have a clause that says ``you are not required to send me changes if you can't find me'', then people can make whatever diffs they like and not send them on--after all, hey, they looked around their cube for you, you weren't there, so they just went on with business as usual. Yes, that's an extreme case, but it'd be technically legal.
- The more complex a legal agreement becomes, the easier it is to subvert. The GPL is already on questionable legal ground; if you add another clause, even with a lawyer's help, you also diminish the likelihood that you can ever enforce this license.
... I don't mean to burst your bubble here, but this is just a Bad Idea. Better to leave a note in the README that says ``please, please, please remember to send me diffs'' and not make it a legal requirement of the license than to try and write in your own clause.unless some major Churches are subsidized by the state, but I don't know if that's the case in the UK
Given that the monarch of England is also the head of the Anglican Church, aka the Church of England, it's a fairly good bet that some major churches in the UK enjoy very strong government ties, to put it mildly.
He's wrong. The UK still punishes assassinations of monarchs and arson in royal shipyards by execution. The HRA was supposed to get rid of this, but by dint of the fact that the HRA can be suspended if required for national security, and both of those crimes are national-security ones, capital punishment is still on the books.
The UK still has execution on the law books--for assassinating a monarch, or for arson in a royal dockyard. The Human Rights Act supposedly got rid of capital punishment, but that Act permits itself to be suspended when required by national security concerns--meaning it's not worth the paper it's printed on.
If the UK still has capital punishment on the books, then you can't claim all of Western Europe has abandoned capital punishment.
As it turns out, if you want to eavesdrop on my phone calls, or intercept my mail, I do have a security force that's charged with keeping my communications secure. You (assuming you're an American) have a security force that does the exact same thing for you.
To the former, that's under the authority of the FBI.
To the latter, that's under the authority of the Postal Inspectors.
Given that there are strict laws against eavesdropping on phone calls and intercepting mail, the expectation of privacy in phone calls and mail is entirely reasonable.
Your phone land line in an unencrypted, insecure wire. With some parts from Radioshack I could easily listen in to everything you have to say. But it's still protected by law.
Because in the absence of significant undertaking--actually going onto someone's property and planting the alligator clips on the junction box--the phone conversation is secure. In normal usage, phone conversations cannot be overheard by any Tom, Dick or Harry who wants. In normal usage, email can. Your analogy to phone lines falls apart right here.
Secondly, it is a serious violation of the law to do this. If you really want to do this, the FBI will be happy to come down to your house and stick a gun in your face and place you under arrest. Given that it requires a criminal act to eavesdrop on a landline, there is a reasonable expectation of privacy--it's axiomatic that you can reasonably expect people to follow the law. (Whether or not this legal axiom is correct is another story altogether.)
Other tidbit is that proof by analogy is intellectual fraud.
Your cell phone is even easier to listen in to. But again, your conversations are protected by law.
No, they aren't. Cops don't need wiretaps to listen in on radiotelephone transmissions--you're *broadcasting*, and anyone with a receiver can listen in. Ever wonder why attorneys don't use cell phones for privileged attorney-client information? Because there is no recognized reasonable expectation of privacy on cell phones.
Cops often seek court orders for radiotelephony anyway, in the interests of making sure the information doesn't get bounced out of court--but in a strictly legal sense, they don't need to.
Again, proof by analogy is intellectual fraud.
Paper mail is incredibly insecure. Open the envelope. But we prosecute the hell out of anyone who dares to do such a thing.
We have laws which require the confidentiality of the US Mail, and we have armed Postal Inspectors who will be more than happy to shove a gun in your face and place you under arrest if you try and violate this confidence. In light of the fact that the confidentiality of the mail is protected by Federal law, there is a very reasonable expectation of privacy in the mail.
Again, proof by analogy is intellectual fraud.
I could bug your home with a little effort and a bit of technical know-how without ever having to walk through the front door. Just need some windows, is all. How much time do you think I'll spend in jail if I do it?
Given that this is, you guessed it, against the law, and that armed cops will be happy to shove a gun in your face and place you under arrest if you do it, there is a very reasonable expectation of privacy within one's own home.
Again, proof by analogy is intellectual fraud.
In short, none of your examples hold water.
A ``reasonable expectation of privacy'' for the identities of people you correspond with via email? Guys, you don't have a reasonable expectation of privacy in email period, encrypted email notwithstanding. One of my friends had the sysadmin at her company reading through her email recently, including a couple of emails from her fiancee, and this sonufabitch was actually reading her emails aloud to a (female) co-worker he was trying to impress.
Your emails are not private. If you think they are, you're stupid and living under a rock. We know this here on Slashdot; after all, we advocate using email encryption, we set up anonymous remailers, etc., exactly because we don't expect privacy otherwise.
So now a couple of senators are saying ``hey, Americans have no reasonable expectation of privacy in the identities of their correspondents'', and what are we saying? Sounds like ``how dare they!''
Gee. Color us hypocritical.
Same argument applies to HTTP headers. Guys, you're sending traffic across an unencrypted, insecure wire. What expectation of privacy do you really have? We understand that HTTP is an insecure protocol and we even expect that HTTP headers will be abused by pretty much anyone who can make a buck off it. But when senators who hold political opinions most Slashdotters don't like say that ``Americans have no reasonable expectation of privacy in their HTTP headers'', suddenly we're up in arms?
For the love of God, people. Figure out what you believe and take an unambiguous stand for it.
And while you're at it, grow up.
You know, I could be wrong, but here it was I thought Wiles proved Fermat's Last Theorem in the process of proving a subset of the Taniyama-Shimura Conjecture. He didn't use the Fermat-related subset of Taniyama-Shimura to prove Fermat, because that's what he was trying to prove in the first place.
:)
If I'm wrong, I'm wrong. If I'm right... then you've got some explaining to do.
[Q]uantum computation: what is there to trust or not trust? It's just like an Athlon, only different; either it works, or it doesn't. Either it factors an RSA key, or it doesn't. It's not like it spits out an answer that you can't check easily.
:)
Right--this wasn't quite what I meant, though. It was an inaccuracy on my part; it'd be more accurate to say that I don't trust the current claims being made about superpositional computation. While theoretically all the claims are valid, practically there's a helluva long way to go. Recently, there was a lot of hubbub about a display of superpositional computation using a small number of qubits. In the middle of the hubbub, one cryptographer said archly, ``gee, any RSA moduli with less than three bits is in real trouble now...''
That's what I don't trust--the hype and hubbub. Superpositional computation has tremendous theoretical possibilities, but superpositional computation in practice is... nowhere near useful. Ask me again in five years what I think and you might get a different answer.
[about my distrust of ECC:] Well, that's a good reason not to use it, but not a good reason not to trust it.
See above. Also, keep in mind that the only curves useful in open implementations are either horrifically slow or else insecure--the former is a usability problem, the latter is a trust problem. For ECC, I don't trust the hype, and to a lesser extent I don't trust the curves available to open implementations, either.
I like Blowfish, but it came out in 1994.
I use Blowfish with some regularity, but it's still a fairly new algorithm.
If you want a key-agile Blowfish, take a look at Twofish. Just be careful, given that Twofish is only a couple of years old.
Best algorithm? Take your pick. AES/Rijndael, Serpent, Twofish, RC6, Blowfish, MARS, Triple-DES-- all of them are good algorithms
Ack! Not RC6, not RC6. 15 of 20 rounds were broken during the AES selection process.
In fact, I'd suggest avoiding all of the AES candidates altogether. Even AES itself (nee Rijndael), for that matter--they're simply too new and not enough cryptanalysis has been performed of them.
The only two on your list which I'd recommend would be Blowfish and 3DES. Both of them have been around for years and have been extensively cryptanalyzed, with no significant results being discovered.
Are you saying that someone actually patented some MATH?
That is exactly what I'm saying. Trust me, I'm just as outraged over it as anyone else.
It'll keep a twelve-year old from figuring out what you're talking about. It won't keep a sophisticated attacker from figuring out what you're talking about. English is a terribly redundant language; whenever you use a sentence with Fjornborgi in it, you're encoding that word in the rest of your sentence, too. A cryptanalyst would study the environment in which you use the word; the time of day; after what activity; with who else around.
In time, the cryptanalyst would be able to figure out what "Fjornborgi" means--even if you didn't tell him directly, he'd know to a surprising degree of accuracy.
These are people who recreate the internal mechanisms of cipher algorithms just by watching a string of nearly completely random numbers flow out of it. Compared to that, human conversation is trivial.
You don't want to ask ``what's the state of the art?'', you want to ask ``what's a decade old or more?''
State-of-the-art would be something like the NSA's Dual Counter Mode for AES, which was recently successfully cryptanalyzed. Or the NSA's SKIPJACK algorithm, which has had 31 of 32 rounds broken. Or RC6, which has had 15 of 20 rounds broken. Or... you get the idea. Of all the really neat and nifty things being developed right now, perhaps only one percent of them--and I may be optimistic here--will survive the test of time.
Once something's survived five years of hard cryptanalysis, it might be worth using. Ten years, it's probably worth using. More than that, and you should probably be using it already.
The state-of-the-art is found in quantum computation and quantum cryptography (which are based on different principles, BTW--I'd rather people call them "superposition computation" and "Heisenberg key exchange", or somesuch), and to a slightly lesser extent in elliptical-curve cryptography. I don't trust any of the three worth a damn.
I don't trust QC of either sort because it depends on so much knowledge of physics and technical savvy that, were it to be fielded today, it would be hideously insecure by virtue of its implementation being so difficult to get right. I don't trust ECC, even though the Taniyama-Shimura Conjecture has been proven, because all of the good elliptic curves have been patented by Certicom and the remainder are either untrustworthy or too slow for practical use.
This means I'm going to be stuck using my old standbys of El Gamal and 3DES. I'm not at all concerned. El Gamal has had some savagely intense cryptanalysis (almost as much as RSA) and is built on a more difficult problem than RSA; and 3DES has driven good cryptographers to the brink of madness trying to find some exploitable flaw in it.
Mmmhmm. Real good idea, asking an intelligence agency for an informed opinion on the judicial branch. The CIA is not what I would consider an authority on what the United States legal system is.
The Federal judge I had dinner with two nights ago, on the other hand, is an authority.
The US legal system is not ``based on'' the English system any more than the US Constitution is ``based on'' the English constitution. Yes, it's true that virtually everything in the Bill of Rights was recognized as a right of a free Englishman; yes, it's true that the Senate/House split is reminiscent of the House of Lords/House of Commons split; but it's not true that the US Constitution is based on the English constitution because England doesn't have a constitution in the first place.
Similarity does not mean ``based on''. The simple Constitutional fact alone is enough to make the US legal system stand independent.
Linux is similar to SysV and BSD. Does that mean it's ``based on'' either?
Commit yourself to a strict policy: nothing in a minor version will break anything since the last major version. If your code is at 1.9.99, it should be backwards-compat with 1.0.0. If your code is at 1.1.0 and backwards compatability breaks, move it to a 2.0 release.
Typically, users expect breakage--or, at the very least, problems related to upgrades--with major versions. With minor versions, they don't expect breakage.
Follow the Law of Least Surprise. If you break backwards compatability, up the major by one.
Insofar as when to break backwards compatability, that's a much harder question. The obvious answer is a little philosophic: not all engineering problems can be solved by saying ``screw backwards compatability'', and some engineering problems cannot be solved without saying it.
The trick is learning which is which.
This is a good thing, it finds bugs.
Close; it creates bugs. Dynamic memory management is much more reliable when it's left to automated tools; when was the last time you saw LISP or Scheme code dump core on a segmentation fault?
I compile with gcc -Wall. Maybe you should go back to Basic?
Funny. I write code in Ada95, in LISP, in Scheme, in OCaml, in C, in C++, in Python, and in half a dozen other languages too esoteric to mention here.
If you feel that you're a 31337 haX0r because you know C, buddy... think again. There's an entire world of languages out there, and some of them are very, very good.
Free your mind and your code will follow.
For one project of mine (a GNOME-based network app), I prototyped in Glade and spent the rest of my time in gIDE tweaking it until it was in a semistable form. It took a helluva lot of time, due to the code's complexity and the tremendously intolerant attitude C takes toward even the slightest failing.
A few weeks later, I decided to learn Python and figured to port this app to Python and PyGNOME as my own sort of final exam; i.e., did I now understand Python well enough to write real apps? Using no tool more sophisticated than xemacs, I had the app running in Python/PyGNOME in under three days.
Part of this is undoubtedly due to the fact that I'd already hammered out the program logic by writing it in C the first time. Part of it is due to the fact Python is a more appropriate tool for GUI construction.
But in the end, a shift in programming language (C to Python) made a tremendous difference in development time and brain-pain. The ``downshift'' from an IDE to a traditional editor made pretty much no difference at all.
The question ``[a]re GUI dev tools more advanced than CLI counterparts?'' is, in some ways, a foolish one. The most advanced tool any hacker has is what's between his ears, and the experience he's accumulated over his years.
Fortunately, I don't care what you think. That being said:
If Tom Miller is "the most aggressive of all the state AGs" and he doesn't want a breakup, then a breakup would have never seen the light of day in the first place
You apparently have never been inside a courtroom. A lot of things are said and threatened in a courtroom, even though the party making those threats never has any intent of following through on it. A lot of the time, those threats are made for public-relations purposes and nothing more--but when it comes time to put your cards on the table, the language becomes more conciliatory, less threatening.
The first lesson of law is that as soon as you step into a courtroom, you lose. Wise lawyers avoid court whenever possible--whether via a plea bargain in criminal cases or a negotiated agreement in civil cases. Judges are infamously fickle, and nobody in their right mind feels like letting a judge decide whether the sun comes up in the east or not.
The Feds and the state AGs were threatening a breakup in order to get Microsoft to take negotiations seriously. If you remember, in the prior round of negotiations, Microsoft failed to take anything seriously--to the point where Judge Posner all but threw up his hands in frustration. MS was refusing to concede on anything, instead comfortable and certain that they'd win in court.
They didn't.
Now MS is willing to negotiate, and is apparently willing to accept some pretty draconian conditions as part of the agreement. Presto. The Feds and the state AGs get what they want, so they drop the breakup threat.
The threat of action is usually more effective than the action itself. That's why lawyers are so willing to threaten lawsuits--because the threat is more effective than the lawsuit itself. That's why prosecutors promise to ``throw the book'' at a perp--because the threat is often enough to get the perp to agree to a plea-bargain.
You didn't actually think they wanted Microsoft broken up, did you?
Think.
Don't have a reference handy, unfortunately. I first heard of it from David Boies, when he was hired in relation to the Napster/RIAA debacle. He figured that if Napster could show RIAA was acting in violation of antitrust law--difficult, but possible--then they could get all those copyrights turned over to the public domain, and Napster would be home free.
:)
The law predates the twentieth century, apparently, having been passed very late in the 1800s. Almost everyone had forgotten about it or overlooked it until Boies found it while doing research into converting copyrighted works into public-domain works. The law has, to the best of my knowledge, never been tested in court.
The law is filled with all sorts of landmines like that--laws passed over a hundred years ago which everyone has forgotten about, up until the point someone points the law out and you discover you just had your balls cut off by a rusty spoon. That's why I'm so deeply suspicious of the law, myself.
Remember: if you're a monopoly and you illegally use your monopoly power to stifle competition, you have to pay triple damages to the people you've harmed.
Let's take a hypothetical example of a small start-up worth $50 million at its peak which was brutally hammered by Microsoft's unethical business practices. This start-up might not be worth anything anymore, but whoever's handling the start-up's business affairs (even though it's defunct and bankrupt) can sue Microsoft for a hundred fifty million in damages.
Let's take a look at Be, which was worth (at its peak) $120 mil--or, at least, that's the highest price Apple ever offered for them. Be is currently worth less than a six-pack of Budweiser. Since Be was crushed in large part due to Microsoft's unethical business practices, that's $360 million dollars in damages right there--or a third of a billion.
Now let's take Sun Microsystems, which is unarguably going to be hurt by Microsoft refusing to include Java in WinXP. How many billions of dollars can Sun claim in damages? Now triple that, and you get an idea of how large Microsoft's Sun-induced headache is going to be.
The interesting thing is not going to be the breakup, or the conduct remedies, or anything else. It's when the dust finally settles and this is all over, the US government is going to wind up placing big-ass, gnarled, iron-studded clubs into the hands of the Mongol Hordes who hate Microsoft.
That's gonna hurt.
And let's not even get into the copyright issue. Under American law, any monopoly which leverages intellectual property to preserve their monopoly has their work turned over to the public domain. This isn't something the Feds or the state AGs are pursuing, because they probably think that would kill Microsoft outright, and they don't want to do that. But how long until Sun, or IBM, or someone else, discovers this--I'd be surprised if they didn't know it already--and files a suit in Federal court to get Windows turned over to the public domain, and thus slaughters Microsoft outright?
For Microsoft, the pain isn't really going to begin until after the trial ends. That's why they're stalling as long as they can--because when the trial ends, that's when the Mongol Hordes arrayed against them start chanting, Bring the Pain, Bring the Pain.
(And yes, the DOJ has used that nifty bit of copyright law as leverage to get RIAA to do things the DOJ's way. If the DOJ can use it against RIAA, then anyone can use it against Microsoft.)
Really. The point is not that Bush is letting Microsoft off the hook--he's not. The Bush administration (important to remember that) is saying, ``we don't think a breakup is called for, we want to see conduct remedies instead''.
This is not necessarily a bad idea. In fact, Tom Miller, the Iowa attorney general who has been one of the biggest movers in the states' suit against Microsoft, has agreed with the Bush administration's decision on this matter.
When even the most aggressive of all the state AGs agrees that ``conduct remedies are enough, they'll do'', what in God's name are the rest of you mewling about?
Let's also note that the Bush administration is no longer pushing for a breakup. That doesn't mean a breakup won't happen, because in the end, it is the judge hearing the case who gets to decide what action is necessary to restore competition to the marketplace. If the judge in question thinks a breakup is called for, well, it doesn't matter a damn what the Bush administration or the states want--Microsoft will be broken up.
This is, realistically, not news.
If they are going to be making laws when they have no Constitutional right too, they need more oversight by the public.
They do have that right. The Constitution only grants the authority to pass codified law to Congress and the States; the Constitution is silent on whether or not the Judiciary can enact common law. Given that at the time the Constitution was drafted, a few hundred years of English common law had been incorporated into the United States, the historical record is pretty clear that the courts have always held the right to enact common law.
This doesn't mean it's wise or good when judges write a new chapter of common law, but it is most certainly Constitutional.
I know one Federal judge whose hobby is finding the oldest binding precedent that he can to support a notion. If I remember correctly, he's managed to get all the way back to 1632, predating the United States by almost two centuries, by using English common law which was incorporated into the United States.
Common law has a loooooooooooong pedigree.
Furthermore judges can only interpret the law. While this can have large implications, it's not the same as if they can decree martial law is in effect or pass taxes to raise money for themselves.
This actually happened in Missouri. If I recall correctly, Kansas City was not budgeting enough money to pay for a court-ordered desegregation effort, so the Federal judge sitting on the bench imposed a sales tax on Kansas City with orders that the proceeds from the tax be used to pay for this court-ordered desegregation.
This was very recently, too--in just the last few years.
The decision was later found to be grossly unconstitutional by the Eighth Circuit Court of Appeals, but the damage had already been done.
When John Ashcroft was being grilled for his Attorney General confirmation hearings, he took a lot of flak (primarily from Democrats) for his statement that the number one threat to the Constitution and public liberty was ``judicial tyranny''. A lot of people screamed bloody murder that we couldn't approve Ashcroft as A.G., that he didn't trust the courts.
How could he?
John Ashcroft was the Governor of Missouri at the time this half-baked crock in a robe usurped the Constitution and passed his own tax on the citizens of Missouri.