Any guess on how many people share the name "Wang Chen" in all of China? Chances are most people could use their real name and still remain relatively anonymous.
Certain pieces of information are key nodes that link other clusters of information. You're right in so far as a name itself may not be unique and if given nothing but that piece of information, it'd be hard to single out and individual. But real names are very rarely isolated like that. There is usually a entire clusters of information around a name. And this rule would simply ensure that those clusters stay attached to any given individual (or at least - harder to isolate).
I use multiple SN's. For professional contacts I use LinkedIn. For personal contacts I use Google Buzz (or at least did until recently). For imaginary contacts I use WoW.
Which is probably part of the reason so many are upset at Activision/Blizzard's intent to interface Battle.net with Facebook.
Seriously, is that him? Or some troll? It seems bizarre that he would make public comments like that.
Well, yes. He's usually hiding under his Skyline Cowboy moniker. To come forward under his real name is something new. But then - this isn't quite the same ammunition he uses normally; there's no personal attack or bounty associated with this "proof".
Not surprising. The first (and only publicly available - after a fashion) "smoking gun" SCO produced was also BSD code. One has to wonder how much of this was dishonesty and how much was simple incompetence.
CNN falls all over itself to pander to "social networking" types while the BBC refers to them as "saddos." Yet another example of the BBC showing up US news services.
Before you start dismissing the article without reading it, they do have a very good point that cyberattacks by governments should have consequences for those for those governments. If Russia were to blow up the HQ of a company they didn't like, everybody would up in arms about, but if they hire a bunch of script kiddies to go in an wipe the company's server farm (effectively destroying the company), it probably wouldn't even draw a comment from the State Department. That's not a good precedent to set for the future...
That sounds like good, common sense. However, the situation isn't that simple. As others noted, it's difficult to identify an attacker. That difficultly exists for different reasons.
First - simply identifying an attacker is difficult. A single attacker has multiple avenues. Their control path can jump through multiple nodes from various types of networks and various nationalities with different legal structures. Those can be simple proxies, compromised hosts, or botnets. Identifying a single attacker is difficult. Identifying who that attacker is or where they come from can be even more difficult.
Even when you've identified an attacker, figuring out whether they are an agent of any given Government is not simple. An amateur enthusiast has the same access to the training and tools that are on par if not the very same used by National agents. Whats more, an amateur can just as easily gain experience with little exposure and risk. Attacking a digital target takes little effort once one has amassed these. And as such, an attacker is just as likely (if not more likely) to be acting without State sponsorship. Even when you've got your attacker cornered, attaching them to a given Government is going to be difficult. Especially if that Government has taken any precautions to distance themselves from the attacker.
*snerk* Usually that old "replace the keyword with the opposite side" works well, but this is bullshit. Closed source takes feedback all the time. After all, they want people to buy the next version. They do beta testing, market research, all that shit that takes money that FOSS can't afford to do on as large a scale.
Well... yeah. Sure they do. It doesn't mean they'll do anything about it.
My employers tend to spend rather large sums on support contracts. Some companies will bend over backwards to make us happy; introducing almost every whim as a new feature. Others have had major issues in an open ticket for several years. I've had OSS projects gladly take money and produce software. I'm had proprietary companies gladly take money and produce software. And I've had more than a few replies that amounted to "that's very interesting - we'll look in to it" and that's the final word.
There's no cut-and-dry rule of thumb in these things. Money seems to help as it is a great motivator and attention-getter. But even that is not the only factor.
Why is it that no one complains when the US government deliberately omits information (or flat out lies) to win public opinion?
It's not that nobody complains. Quite the contrary. But you have to be sure to call a spade a spade. From this very thread:
It was obvious that this could not be allowed to continue, since they were doing exactly what they should: finding and publishing the truth, and I have to say better than most journalists.
So instead of noticing Wikileaks is presenting propaganda, we have people believing that it is presenting truth. This is the same blind eye that allows people to fall for the establishment's propaganda. Just because some group might be against a given establishment, it doesn't mean their intent is pure. Or that they're not being driven by a competing establishment.
To be sure, Wikileaks and their ilk can provide needed criticism. But following any organization blindly is dangerous. A critical eye should be kept on all parties.
The professor asked me why I thought that was. The only thing I could come up with was that once you have an optimal solution bringing more people in only increases the chances that you will end up with a sub optimal solution.
And what made you the optimal solution? Take a list generated by of of the individuals who doesn't understand how a compass works, and I'm sure the outcome would been very different.
This issue is so simple guys. Every country has their own laws, this applies US too. A Chinese company comes to US to do their business, it has to obey US Laws. If it doesn't do so, the result will be the same as google in China. I hope you guys can take a different perspective to look at this issue.
You'll probably find that many people here understand this. But cultural diversity is not an absolute excuse behavior. We find this behavior despicable whether it is the Chinese government or (as it is occasionally want to do) our own.
I agree that democracy and freedom of speech will be the ultimate final goal where Chinese government pursuits. However, they are not the most important issues in China now. In order to fix that, we have to fix poor and hunger now. And the scale of governing is totally different from any other countries, since we have 1.5 billion, no other government understands how hard it is. Let me give an example in IT maybe you geeks will be easier to understand. To manage a web site with 100 visits per day is totally different than to run a web site with 1 million visits per day, geeks call it scaling, right.
I see that solving issues of poverty and hunger are closely driving the Chinese Government's interaction with Google. If only there were a few less searches for Tienanmen Square or the Falun Gong, China would have these issues tied up. Alas, Google has caused untold poverty with images of anonymous men standing in front of tanks rather than serene city squares. The issues with pornography simply don't have to be commented on as this is a world-wide problem.
Or maybe one has nothing to do with the other. Or, at least... not in the way presented. There might be a point about scaling. Top-heavy, authoritarian systems tend to scale very poorly. And it would seem that Chinese government is a wonderful example of authoritarian bureaucracy at work.
if a nation wants to blackhole all.xxx domains at a national level meanwhile: ok, this nation is retarded. as if not having.xxx means they won't engage in idiotic censorship? you make it easier for them? do you see iran and china quaking in their boots because censorship is hard? get real: a committed censoring asshole is a committed censoring asshole, the issue of easy or hard to censor is an issue for people who want to block the domain for legitimate purposes (kids in the house), not an issue for those who will censor no matter what
Iran and China are not completely effective in their efforts. The problem they face is that the rest of the world does not share their outlook and, therefore, the mechanisms are not in place to help them achieve their goals. Start sorting out content for them and their jobs get much easier. But this isn't just about Iran or China. This is about every nation that has a population who's moral imperative would also like to pigeonhole content they find offensive so that they can then apply pressure to censor it. Use the Government to make content easy to identify (and believe me - having been part of a very large organization's censorship attempts, sexual content is difficult to identify in advance). And then once that is done, you begin to apply local government and private pressure to apply "community standards" to make that content disappear from many ISPs. As much as you would like to couch this as an issue of individual choice, the fact is that censorship of sexual content has long been driven by small groups deciding for everyone. The Internet has been a thorn in those people's sides as it has driven that decission down to the individual level where it should continue to remain.
and finally, there's the red herring of sexual content that shouldn't be grouped with porn, like sexual health. well if its sexual health, like how to put on a condom, its sexual health, end of discussion. its not pornography. yes, some assholes will try to group sexual health issues with porn. the existence of such assholes does not mean sexual health issues deserve to be with porn, just that there exists assholes in this world with harmful ideas about sexual health that you need to fight, and the existence or lack of existence of an.xxx domain does not change their existence or the need to fight them. in fact, let them make fools of themselves by trying to group sexual health topics with porn, and reveal to the thinking rational world what ignorant assholes they really are, bring their idiocy to the forefront
And yet, there are plenty of assholes and fools that will mix sexual health and education with porn. They will use the same community standards to squelch it all. They do this in the clear light of day as they are not ashamed of it; wearing these acts as badges of honor for their beliefs. This is no red herring. It is reality.
It's not a question of why they finally relented so much as what took so long. There's no inherent reason why this should've taken so long. The reasoning was that the conservatives don't want any porn anywhere, and the porn industry was concerned about being relegated to a ghetto TLD.
The question likely depends on whether you think this is a good idea or not. ICANN has looked at the issue several times in the past decade and denied it. That didn't take long. It is the relentless pursuit (ICANN notes that Lawley claims an over US$5 mil bill for this pursuit) that took so long.
It is, indeed, interesting. And it does give pause to anyone who sees Android as a complete anarchy. For Android fanboys, that means Android isn't quite a free-wheeling as they might like. For Apple fanboys, that means Android isn't quite as chaotic as they fear.
Of course, this doesn't negate a lot of other controls that Android does or does not present. That includes legal availability of customized Android builds for many Android phones and the ability to install apps without the Marketplace. Which means you'll probably have to suffer the Android fanboys a bit longer.
Why couldn't they just get a list of those who have it installed (surely they know that?) and then email them? Beats this draconian/big brother approach in my opinion...
I'm not Google so I can't answer this with authority. But since when has that been an end to Internet speculation?
I'm guessing that these apps tweaked Google. They raised the spectre oft-invoked by Apple (or App Store friendly viewpoints) that Androids free-wheeling Marketplace is a security disaster waiting to happen. These particular apps were part of the question of "what if" - whether the author could have spawned a malicious network of malware. Nothing proves a point like a proof-of-concept. So the security researcher put out some benign apps in a step towards that proof-of-concept to make his point.
Google's reaction is also a proof-of-concept; a response to "what if". If a malicious app gets distributed in the Marketplace, Google will flip a bit and remove it. And so they've removed the proof-of-concept applications using a proof-of-concept method. From Google's blog:
The remote application removal feature is one of many security controls Android possesses to help protect users from malicious applications. In case of an emergency, a dangerous application could be removed from active circulation in a rapid and scalable manner to prevent further exposure to users. While we hope to not have to use it, we know that we have the capability to take swift action on behalf of users’ safety when needed.
I don't have sources per se... but I do have personal experience. I'm using a Motorola Droid with default factory image. I was curious about how Fennec was coming along. You can't find Fennec in the Android Marketplace, but you can get nightly builds if you follow instructions. I've done that. Marketplace doesn't show Fennec as being installed.
Granted - all this assumes what Marketplace does, in fact, only muck with apps it knows about and there isn't some other back-door involved.
Sure, I'm not trying to defend Google here. But there is a difference between malicious apps and apps that violate the terms of service. I don't think Google has wiped any apps of off user's devices when they were removed from the market. (Such as the tetris clones that were recently removed from the market).
And that makes me wonder if this is Google's entry in the "what if" game. The apps in question existed as a near-proof-of-concept that questioned the security of Android / Marketplace. As this was getting a fair amount of attention, Google's reaction may very well have been "OK - if that was really a malicious app... this is what we would have done." The TOC is just a legal CYA for providing their own proof-of-concept reply to the question posed.
Apple makes it pretty hard to install software outside the App Store. Android has it a click away. Install from another source and Android's Marketplace app won't bother it (AFAIK). Even with this control, you'll find a lot more leeway happening in Android's Marketplace than Apple's App Store. I know it's fun to poke at the Android fanboys but it's pretty transparent with even a casual look at the situation.
It's very interesting that Google has their kill switch. Apple fanboys like to claim security in Apple's control over the App Store. Does this mean the big, bad spectre of malicious Marketplace apps takes on less importance?
Right now many sites use 'ambiguous' names to lure me with tame sounding name. Putting it into the xxx domain tells me 'not what I am looking for' OR if i am looking for porn 'thats what I am looking for'.
How often does that happen to you? I can't think of the last time I accidentally ended up on a porn site. Most of the time I've seen porn without intending to do so involved someone's prank or visiting questionable sites that paid their traffic bills with porn site ad banners.
Along those lines - I've always been suspicious of the "...and when I walked in to the room, I found Little Johnny staring at the screen in SHOCK at the naked ladies that somehow showed up on his screen completely by accident" stories.
Slashdot Mirror
...
Any guess on how many people share the name "Wang Chen" in all of China? Chances are most people could use their real name and still remain relatively anonymous.
Certain pieces of information are key nodes that link other clusters of information. You're right in so far as a name itself may not be unique and if given nothing but that piece of information, it'd be hard to single out and individual. But real names are very rarely isolated like that. There is usually a entire clusters of information around a name. And this rule would simply ensure that those clusters stay attached to any given individual (or at least - harder to isolate).
This is an advanced indication that China is preparing to become one of Facebook's biggest partners.
Sure. Facebook isn't going anywhere either. But one can dream.
If you could toss Zynga on to that fire, I'd really appreciate it.
I use multiple SN's. For professional contacts I use LinkedIn. For personal contacts I use Google Buzz (or at least did until recently). For imaginary contacts I use WoW.
Which is probably part of the reason so many are upset at Activision/Blizzard's intent to interface Battle.net with Facebook.
Seriously, is that him? Or some troll? It seems bizarre that he would make public comments like that.
Well, yes. He's usually hiding under his Skyline Cowboy moniker. To come forward under his real name is something new. But then - this isn't quite the same ammunition he uses normally; there's no personal attack or bounty associated with this "proof".
Not surprising. The first (and only publicly available - after a fashion) "smoking gun" SCO produced was also BSD code. One has to wonder how much of this was dishonesty and how much was simple incompetence.
CNN falls all over itself to pander to "social networking" types while the BBC refers to them as "saddos." Yet another example of the BBC showing up US news services.
Before you start dismissing the article without reading it, they do have a very good point that cyberattacks by governments should have consequences for those for those governments. If Russia were to blow up the HQ of a company they didn't like, everybody would up in arms about, but if they hire a bunch of script kiddies to go in an wipe the company's server farm (effectively destroying the company), it probably wouldn't even draw a comment from the State Department. That's not a good precedent to set for the future...
That sounds like good, common sense. However, the situation isn't that simple. As others noted, it's difficult to identify an attacker. That difficultly exists for different reasons.
First - simply identifying an attacker is difficult. A single attacker has multiple avenues. Their control path can jump through multiple nodes from various types of networks and various nationalities with different legal structures. Those can be simple proxies, compromised hosts, or botnets. Identifying a single attacker is difficult. Identifying who that attacker is or where they come from can be even more difficult.
Even when you've identified an attacker, figuring out whether they are an agent of any given Government is not simple. An amateur enthusiast has the same access to the training and tools that are on par if not the very same used by National agents. Whats more, an amateur can just as easily gain experience with little exposure and risk. Attacking a digital target takes little effort once one has amassed these. And as such, an attacker is just as likely (if not more likely) to be acting without State sponsorship. Even when you've got your attacker cornered, attaching them to a given Government is going to be difficult. Especially if that Government has taken any precautions to distance themselves from the attacker.
*snerk* Usually that old "replace the keyword with the opposite side" works well, but this is bullshit. Closed source takes feedback all the time. After all, they want people to buy the next version. They do beta testing, market research, all that shit that takes money that FOSS can't afford to do on as large a scale.
Well... yeah. Sure they do. It doesn't mean they'll do anything about it.
My employers tend to spend rather large sums on support contracts. Some companies will bend over backwards to make us happy; introducing almost every whim as a new feature. Others have had major issues in an open ticket for several years. I've had OSS projects gladly take money and produce software. I'm had proprietary companies gladly take money and produce software. And I've had more than a few replies that amounted to "that's very interesting - we'll look in to it" and that's the final word.
There's no cut-and-dry rule of thumb in these things. Money seems to help as it is a great motivator and attention-getter. But even that is not the only factor.
Why is it that no one complains when the US government deliberately omits information (or flat out lies) to win public opinion?
It's not that nobody complains. Quite the contrary. But you have to be sure to call a spade a spade. From this very thread:
So instead of noticing Wikileaks is presenting propaganda, we have people believing that it is presenting truth. This is the same blind eye that allows people to fall for the establishment's propaganda. Just because some group might be against a given establishment, it doesn't mean their intent is pure. Or that they're not being driven by a competing establishment.
To be sure, Wikileaks and their ilk can provide needed criticism. But following any organization blindly is dangerous. A critical eye should be kept on all parties.
The professor asked me why I thought that was. The only thing I could come up with was that once you have an optimal solution bringing more people in only increases the chances that you will end up with a sub optimal solution.
And what made you the optimal solution? Take a list generated by of of the individuals who doesn't understand how a compass works, and I'm sure the outcome would been very different.
This issue is so simple guys. Every country has their own laws, this applies US too. A Chinese company comes to US to do their business, it has to obey US Laws. If it doesn't do so, the result will be the same as google in China. I hope you guys can take a different perspective to look at this issue.
You'll probably find that many people here understand this. But cultural diversity is not an absolute excuse behavior. We find this behavior despicable whether it is the Chinese government or (as it is occasionally want to do) our own.
I agree that democracy and freedom of speech will be the ultimate final goal where Chinese government pursuits. However, they are not the most important issues in China now. In order to fix that, we have to fix poor and hunger now. And the scale of governing is totally different from any other countries, since we have 1.5 billion, no other government understands how hard it is. Let me give an example in IT maybe you geeks will be easier to understand. To manage a web site with 100 visits per day is totally different than to run a web site with 1 million visits per day, geeks call it scaling, right.
I see that solving issues of poverty and hunger are closely driving the Chinese Government's interaction with Google. If only there were a few less searches for Tienanmen Square or the Falun Gong, China would have these issues tied up. Alas, Google has caused untold poverty with images of anonymous men standing in front of tanks rather than serene city squares. The issues with pornography simply don't have to be commented on as this is a world-wide problem.
Or maybe one has nothing to do with the other. Or, at least... not in the way presented. There might be a point about scaling. Top-heavy, authoritarian systems tend to scale very poorly. And it would seem that Chinese government is a wonderful example of authoritarian bureaucracy at work.
Baidu might even gain enough power to come to the US and dominate our market too.
Yup. I can't wait to use products from a company who's in the back pocket of the Chinese government.
if a nation wants to blackhole all .xxx domains at a national level meanwhile: ok, this nation is retarded. as if not having .xxx means they won't engage in idiotic censorship? you make it easier for them? do you see iran and china quaking in their boots because censorship is hard? get real: a committed censoring asshole is a committed censoring asshole, the issue of easy or hard to censor is an issue for people who want to block the domain for legitimate purposes (kids in the house), not an issue for those who will censor no matter what
Iran and China are not completely effective in their efforts. The problem they face is that the rest of the world does not share their outlook and, therefore, the mechanisms are not in place to help them achieve their goals. Start sorting out content for them and their jobs get much easier. But this isn't just about Iran or China. This is about every nation that has a population who's moral imperative would also like to pigeonhole content they find offensive so that they can then apply pressure to censor it. Use the Government to make content easy to identify (and believe me - having been part of a very large organization's censorship attempts, sexual content is difficult to identify in advance). And then once that is done, you begin to apply local government and private pressure to apply "community standards" to make that content disappear from many ISPs. As much as you would like to couch this as an issue of individual choice, the fact is that censorship of sexual content has long been driven by small groups deciding for everyone. The Internet has been a thorn in those people's sides as it has driven that decission down to the individual level where it should continue to remain.
and finally, there's the red herring of sexual content that shouldn't be grouped with porn, like sexual health. well if its sexual health, like how to put on a condom, its sexual health, end of discussion. its not pornography. yes, some assholes will try to group sexual health issues with porn. the existence of such assholes does not mean sexual health issues deserve to be with porn, just that there exists assholes in this world with harmful ideas about sexual health that you need to fight, and the existence or lack of existence of an .xxx domain does not change their existence or the need to fight them. in fact, let them make fools of themselves by trying to group sexual health topics with porn, and reveal to the thinking rational world what ignorant assholes they really are, bring their idiocy to the forefront
And yet, there are plenty of assholes and fools that will mix sexual health and education with porn. They will use the same community standards to squelch it all. They do this in the clear light of day as they are not ashamed of it; wearing these acts as badges of honor for their beliefs. This is no red herring. It is reality.
Why should pornographers want to hide themselves? Really.
They should want to make it as easy as possible for their customers to find them and there non-customers to avoid them.
Because there is a portion of non-customers who also want all their customers to be unable to find them as well.
It's not a question of why they finally relented so much as what took so long. There's no inherent reason why this should've taken so long. The reasoning was that the conservatives don't want any porn anywhere, and the porn industry was concerned about being relegated to a ghetto TLD.
The question likely depends on whether you think this is a good idea or not. ICANN has looked at the issue several times in the past decade and denied it. That didn't take long. It is the relentless pursuit (ICANN notes that Lawley claims an over US$5 mil bill for this pursuit) that took so long.
It is, indeed, interesting. And it does give pause to anyone who sees Android as a complete anarchy. For Android fanboys, that means Android isn't quite a free-wheeling as they might like. For Apple fanboys, that means Android isn't quite as chaotic as they fear.
Of course, this doesn't negate a lot of other controls that Android does or does not present. That includes legal availability of customized Android builds for many Android phones and the ability to install apps without the Marketplace. Which means you'll probably have to suffer the Android fanboys a bit longer.
Why couldn't they just get a list of those who have it installed (surely they know that?) and then email them? Beats this draconian/big brother approach in my opinion...
I'm not Google so I can't answer this with authority. But since when has that been an end to Internet speculation?
I'm guessing that these apps tweaked Google. They raised the spectre oft-invoked by Apple (or App Store friendly viewpoints) that Androids free-wheeling Marketplace is a security disaster waiting to happen. These particular apps were part of the question of "what if" - whether the author could have spawned a malicious network of malware. Nothing proves a point like a proof-of-concept. So the security researcher put out some benign apps in a step towards that proof-of-concept to make his point.
Google's reaction is also a proof-of-concept; a response to "what if". If a malicious app gets distributed in the Marketplace, Google will flip a bit and remove it. And so they've removed the proof-of-concept applications using a proof-of-concept method. From Google's blog:
The remote application removal feature is one of many security controls Android possesses to help protect users from malicious applications. In case of an emergency, a dangerous application could be removed from active circulation in a rapid and scalable manner to prevent further exposure to users. While we hope to not have to use it, we know that we have the capability to take swift action on behalf of users’ safety when needed.
I don't have sources per se... but I do have personal experience. I'm using a Motorola Droid with default factory image. I was curious about how Fennec was coming along. You can't find Fennec in the Android Marketplace, but you can get nightly builds if you follow instructions. I've done that. Marketplace doesn't show Fennec as being installed.
Granted - all this assumes what Marketplace does, in fact, only muck with apps it knows about and there isn't some other back-door involved.
Sure, I'm not trying to defend Google here. But there is a difference between malicious apps and apps that violate the terms of service. I don't think Google has wiped any apps of off user's devices when they were removed from the market. (Such as the tetris clones that were recently removed from the market).
And that makes me wonder if this is Google's entry in the "what if" game. The apps in question existed as a near-proof-of-concept that questioned the security of Android / Marketplace. As this was getting a fair amount of attention, Google's reaction may very well have been "OK - if that was really a malicious app... this is what we would have done." The TOC is just a legal CYA for providing their own proof-of-concept reply to the question posed.
Apple makes it pretty hard to install software outside the App Store. Android has it a click away. Install from another source and Android's Marketplace app won't bother it (AFAIK). Even with this control, you'll find a lot more leeway happening in Android's Marketplace than Apple's App Store. I know it's fun to poke at the Android fanboys but it's pretty transparent with even a casual look at the situation.
It's very interesting that Google has their kill switch. Apple fanboys like to claim security in Apple's control over the App Store. Does this mean the big, bad spectre of malicious Marketplace apps takes on less importance?
Right now many sites use 'ambiguous' names to lure me with tame sounding name. Putting it into the xxx domain tells me 'not what I am looking for' OR if i am looking for porn 'thats what I am looking for'.
How often does that happen to you? I can't think of the last time I accidentally ended up on a porn site. Most of the time I've seen porn without intending to do so involved someone's prank or visiting questionable sites that paid their traffic bills with porn site ad banners.
Along those lines - I've always been suspicious of the "...and when I walked in to the room, I found Little Johnny staring at the screen in SHOCK at the naked ladies that somehow showed up on his screen completely by accident" stories.
If slashdot comments are the inane ramblings of semi-literate retards... then I don't know what words remain to accurately describe youtube comments.
The sampling of 50,000 individuals from a million monkey typing pool.