Anyone that thinks security is easy (apparently some people still do) really needs to read Ken Thompson's 1984 Turing Award Lecture "Reflections on Trusting Trust":
http://www.acm.org/classics/sep95/
As Bruce Schneier says, security is a process, not a product.
Of note is that 92 percent of the new information was stored on magnetic media, which may create an interesting problem for historians and archaeologists of the future.
Many nine-track magtapes from the 1960s are
still readable. For those that aren't, typically
the problem is not with the magnetic coating, but
the substrate. By now the properies of the
substrate materials are much better understood, so this should be less of a problem with modern magnetic media.
Most optical media does not have any better longevity than magnetic media, and in many cases is actually worse. There are a multitude of problems. For stamped discs, the most insidious is oxidation of the aluminum reflective layer, which reduces the contrast ratio between the pits and lands to a level too low for normal drives to read the discs.
For dye-based writable discs (e.g. CD-R) there is the same problem (though with regard to the pregroove and general reflectivity rather than data pits and lands), and the dye will eventually undergo the
same chemical reaction used to write the disc due to ambient temperature and aging.
For phase-change discs (e.g. CD-RW) I expect the temperature and aging problems to be reduced due to the higher activation energy needed for the phase change. However, I am not aware of any actual studies on longevity of phase-change media.
Discs with a gold reflective layer are basically immune to the oxidation problem, but how much of the 8% of data that is not on magnetic media is actually on gold phase-change discs? Probably only a trivial percentage of it.
The tablet as currently conceived by Microsoft and its hardware partners is not much of an innovation.
"not much of an innovation"? I nominate that for the understatement of the year award. Tablets were made by Grid, Eo (AT&T), NCR, and others a decade ago. No one wanted them back then, and no one wants them now. What a surprise.
It does lock me into Java, but not into any particular vendor. There are perfectly good independent Java implementations from companies other than Sun.
Someone pointed out the existence of Mono, an independent implementation of part of.Net, but it does not appear to me to be sufficiently complete to allow me to build complete systems without having to use some Microsoft components.
The problem is that webservices don't offer the performance some applications require.
That's true, but it's not necessarily the case the.Net remoting is a better solution, although it may be in some situations.
If I have a choice between developing a system using.Net and.Net remoting, or a system using web services, I'm going to build the system that does not tie me to a single software vendor, and that will not be the.Net solution.
The.Net remoting mechanism is pluggable. You can write code to perform remoting via RMI, so the other end of your.Net code can actually be written in Java.
If I wanted to waste a bunch of time developing my own infrastructure, I wouldn't use either.Net or web services.
In actual fact,.NET remoting is often a more appropriate solution than Web Services,
I would dispute the characterization of this statement as a "fact"..NET remoting locks you into a single operating system vendor, which for many developers outweighs any technical advantages it may have.
The gaming commission in Nevada requires very strict analysis of gambling machines before they are deployed, and periodic audits of the machines (including firmware verification!) to make sure they haven't been tampered with.
Your bank puts a lot of effort into making sure that their ATM machines don't have problems. This isn't because of government regulations, it's because they don't want to lose money! (Note that many of these ATMs are made by the same Diebold that is now making the unauditable voting machines. If your bank were in charge of voting, you can bet that Diebold would be making much better voting machines.)
Yet the government has essentially no standards for voting machines! How is it that we as a society care more about gambling and convenient access to cash than we do about voting?
The ACLU may have been right to challenge the equipment used in the recent California recall election, but their argument was completely bass-ackwards. They claimed that the four counties using punched card ballots were unfairly discriminating against minorities. Ironically, it is ONLY in those four counties that the voters (including minorities) can have even the slightest degree of certainty that their vote was in fact counted correctly as they cast it.
We need open-source designs for voting machine hardware and software. There should be at least one, and possibly several designs which are made publicly available for scrutiny, and fully public domain so that no royalties need be paid to use them. Then the counties can put out bid requests, and any manufacturer could produce them. However, the bidding requirements should include that the machine and software has to conform exactly to the published plans. Any deviations must be preapproved, and must be published and in the public domain.
Note that this means that both the software and hardware must be open-sourced.
And even then, it will still be necessary to have plenty of auditing to make sure the machines aren't tampered with. There should be internal printers for audit trails. And, like the gambling machines, it will be necessary to verify that the software integrity routinely.
The normal technique used to verify the software in electronic gambling machines has been to use ROM verifiers. The auditor actually removes the firmware chips from the machine, puts them into a verifier, and compares them against known-good images. (The software was subjected to intensive scrutiny when the machine was approved by the gaming commission, but in the case of open-source code for voting machines, it could get even more intense scrutiny.)
Newer machines, starting with the Odyssey machine from Silicon Gaming, store game code on a hard drive. The ROM code refuses to load code that isn't digitally signed. So they still use the ROM verifier, but now verifying the ROM proves that the software on disc is correct as well.
A voting machine shouldn't even need a hard drive, though. In fact, it's much better if it does not have one. Aside from the paper log, writing the data to a write-only medium would be preferred.
The list of items to be voted on (candidates, ballot measures, etc.) could be supplied to the machine on a flash card, and the contents of the card could be digitally signed by the election officials.
The drives for the removable media should be in physically locked containers. Of course, the machine as a whole needs to be physically secured against tampering such that attempts to do so will be easily detected by the poll workers. Tamper detectors should also log messages to both the paper audit trail and the machine-readable log.
Perhaps Sitefinder was an attempt at maximizing shareholder value for the sale.
Sitefinder worked by inserting a wildcard record in the.com and.net registries. If Versign spins off their registrar services, that won't include Sitefinder because the registry (which Versign is keeping) does not and can not provide registrars (the part Verisign is spinning off) with the ability to insert wildcards in the registry.
Sitefinder was an abuse of the registry side of the business. Since the registry business is operated under contract to the Commerce Department and ICANN, and Verisign has violated that contract by not operating the registry in compliance with applicable contract requirements (such as releasing expired domains after the grace period) and technical standards (DNS responses for non-existent domains), the Commerce Department and ICANN should cancel the contract and award a new contract to a non-profit corporation. Preferrably one that has demonstrated an ability to provide responsible stewardship of public infrastructure, such as the
Internet Society.
The expiration dates for the.com and.net registry contracts are 10-NOV-2007 and 30-JUN-2005; if the contracts aren't cancelled by then, I hope ICANN and the Commerce Dept. at least have the good sense not to renew them, and instead evaluate and choose new registry operators.
So how many years of searching Iraq and not finding WMDs will it take before you're willing to concede that they didn't have WMDs?
It's rather hard to believe that with all the resources the US can bring to bear on this problem, that WMDs can remain hidden without a trace for this long. They haven't even found any infrastructure that would have been necessary to produce the WMDs, and that should be much more difficult to hide.
If GWB doesn't want people to think he is guilty of war crimes for ordering the deaths of thousands of Iraqi citizens, let him publish the evidence that he used to justify the war.
There is concrete evidence that Sadaam did have, and used, WMD.
There is no evidence that he had the alleged WMDs that provoked the war. The fact that he had some WMDs in the past, and even that he used them on Iraqi civilians, only proves that he is an evil asshole, not that it was in any way justifiable for the US to attack Iraq.
As far as anyone has been able to determine, Saddam was in compliance with the UN requirements from the time he readmitted the UN inspectors until the time the US attacked.
When GWB said that he had evidence but couldn't make it public for reasons of national security, I was willing to give him the benfit of the doubt. In hindsight, it appears that he completely fabricated whatever evidence he claimed to have. Even GWB himself now claims that the war wasn't about WMDs, yet he provides no alternate explanation that justifies a first strike on our part.
Do you really mean to suggest that these investigations should be called off?
No, I meant that Saddam should be restored to
power and the thousands of Iraqi citizens we
killed should be unkilled.
At this point there's no reason to call off the
investigation. Calling it off won't resurrect the
dead.
Saddam may be an evil asshole, but when the US
mounts a first strike on a country without in fact having any proof that the country has in fact done anything actionable, and the US kills thousands of civilians to overthrow that country's government, I really question the choice of countries designated the "axis of evil".
If the ruler of a country being evil is sufficient justification for the US to launch a first strike, why haven't we attacked North Korea? Maybe because North Korea doesn't have resources that the US cares about?
Nice parody. The big difference being that Saddam didn't actually have WMDs, the US merely claimed he did. And although Saddam did violate the UN resolutions for quite a while, the US didn't attack him until quite a while after he submitted to inspections.
It should be noted that the bugs in the BIND patch are really
Verisign's fault, not ISC's. Verisign (Network Solutions) is the company that
unilaterally decided to break the.com and.net TLD servers by
making them return false data, with almost no advance warning.
ISC basically came up with an emergency response to support their
customers, and it's unsurprising that it wasn't perfect.
It seems appropriate for the Commerce Dept. to revoke the Verisign
contract and award it to another entity that will be more concerned about
operating the registry, root, and TLD servers in compliance with
relevant standards and for stability and the public benefit, rather than an entity
that sees their custodianship as a way of subverting the system to
increase their profits without regards to the effects on the internet
at large.
No one is forced to use GPL'd software. Broadcom and Linksys chose to use GPL'd software, with full knowledge that it was GPL'd, and what their responsibilities would be. The fact that Linux was GPL'd was not a secret, but was in fact widely publicized.
Forbes apparently would like us to have sympathy for companies that have somehow been tricked into using GPL'd software without knowing that they'd have to publish their source code, which is not, as Forbes claims, equivalent to burning down your own house. But that's not how things work. Any time a company takes someone else's copyrighted material and makes a derived work, they have to deal with licensing issues, and GPL'd software (including Linux) is no different in this regard.
Can you imagine what would have happened if Broadcom and Linksys had decided to use proprietary software, perhaps belonging to Microsoft, in their router without a proper license? Instead of someone asking them to publish their sources, which would only be a minor inconvenience, they would already be in court being sued for tens of millions of dollars. With the resources Microsoft could bring to bear, Broadcom and Linksys headquarters would soon be reduced to patches of scorched earth.
Yet Forbes somehow manages to portray the free software community as bad guy. Amazing.
'Storage Tank has the potential to become to an organization's data what the Dewey Decimal system is to a library,' said Dan Colby, general manager of storage systems at IBM.
So the Storage Tank is obsolete and irrelevant, like the Dewey Decimal System? In the US, most libraries other than those of K-12 schools have converted over to the Library of Congress system. Possibly at least partially because they have to pay $500/year to use the Dewey Decimal System!
We don't actually have deregulation of the electric utilities here in the US. All we've done is replace one set of bad regulations with another set of (possibly worse) regulations.
That's especially true of what's happened in California; the new regulations here are really, really bad. For instance, the utilies are not allowed to buy any long term contracts, but instead have to buy electricity on the spot market to make up any shortfalls in local generation. Anyone that has even the slightest knowledge of economics can tell you that this will cause higher prices. How can the government prohibiting the utility from exercising proper fiduciary responsibility to their customers and shareholders possibly be considered "deregulation"?
No, the legislature here, and in other states, decided to jump on the "deregulation" bandwagon, and just used the word deregulation to fool the media and their constituents about what is in fact simply different regulation.
I am really sick of people saying that deregulation doesn't work! We haven't tried it, so we don't have strong evidence that it won't work.
I'm going to sell the sidekick on ebay. [...]
No outside development means I'm stuck with a locked box
Maybe you could actually try to find out whether they support outside developers before flaming about it? It's easy to sign up
as a developer and get the SDK from the hiptop developer outlet. I found it in about 15 seconds from the Danger home page.
I think that Bluetooth headsets are a bit silly, because in return for eliminating the cord you have to add a battery and a bunch of electronics to your headset.
It's well worth it. Headset cords annoy the hell out of me. I use a Jabra Freespeak headset with my Sony Ericsson T68i phone, and there's no way I'm giving it up. The Treo 600 looks really nice, but I'll wait for a version with Bluetooth.
How can the leak possibly cause a schedule delay? There's no point in delaying the schedule unless they want to do so for other unrelated reasons. And there's no cause for lost revenue unless they delay. It's just another lame excuse they're putting out to draw attention away from whatever their real problems are.
That says that the vendor has the option of providing the user the ability to turn off the DRM.
Vendors like Dell disable just about every BIOS option they can, so I wouldn't be at all surprised if Dell machines do NOT allow their users to turn off DRM.
At least until/unless they start losing business due to pissed off customers.
Slashdot Mirror
Anyone that thinks security is easy (apparently some people still do) really needs to read Ken Thompson's 1984 Turing Award Lecture "Reflections on Trusting Trust": http://www.acm.org/classics/sep95/ As Bruce Schneier says, security is a process, not a product.
Most optical media does not have any better longevity than magnetic media, and in many cases is actually worse. There are a multitude of problems. For stamped discs, the most insidious is oxidation of the aluminum reflective layer, which reduces the contrast ratio between the pits and lands to a level too low for normal drives to read the discs.
For dye-based writable discs (e.g. CD-R) there is the same problem (though with regard to the pregroove and general reflectivity rather than data pits and lands), and the dye will eventually undergo the same chemical reaction used to write the disc due to ambient temperature and aging.
For phase-change discs (e.g. CD-RW) I expect the temperature and aging problems to be reduced due to the higher activation energy needed for the phase change. However, I am not aware of any actual studies on longevity of phase-change media.
Discs with a gold reflective layer are basically immune to the oxidation problem, but how much of the 8% of data that is not on magnetic media is actually on gold phase-change discs? Probably only a trivial percentage of it.
Someone pointed out the existence of Mono, an independent implementation of part of .Net, but it does not appear to me to be sufficiently complete to allow me to build complete systems without having to use some Microsoft components.
That's true, but it's not necessarily the case theIt is an issue, and you haven't contradicted what I wrote.
Your bank puts a lot of effort into making sure that their ATM machines don't have problems. This isn't because of government regulations, it's because they don't want to lose money! (Note that many of these ATMs are made by the same Diebold that is now making the unauditable voting machines. If your bank were in charge of voting, you can bet that Diebold would be making much better voting machines.)
Yet the government has essentially no standards for voting machines! How is it that we as a society care more about gambling and convenient access to cash than we do about voting?
The ACLU may have been right to challenge the equipment used in the recent California recall election, but their argument was completely bass-ackwards. They claimed that the four counties using punched card ballots were unfairly discriminating against minorities. Ironically, it is ONLY in those four counties that the voters (including minorities) can have even the slightest degree of certainty that their vote was in fact counted correctly as they cast it.
We need open-source designs for voting machine hardware and software. There should be at least one, and possibly several designs which are made publicly available for scrutiny, and fully public domain so that no royalties need be paid to use them. Then the counties can put out bid requests, and any manufacturer could produce them. However, the bidding requirements should include that the machine and software has to conform exactly to the published plans. Any deviations must be preapproved, and must be published and in the public domain.
Note that this means that both the software and hardware must be open-sourced.
And even then, it will still be necessary to have plenty of auditing to make sure the machines aren't tampered with. There should be internal printers for audit trails. And, like the gambling machines, it will be necessary to verify that the software integrity routinely.
The normal technique used to verify the software in electronic gambling machines has been to use ROM verifiers. The auditor actually removes the firmware chips from the machine, puts them into a verifier, and compares them against known-good images. (The software was subjected to intensive scrutiny when the machine was approved by the gaming commission, but in the case of open-source code for voting machines, it could get even more intense scrutiny.)
Newer machines, starting with the Odyssey machine from Silicon Gaming, store game code on a hard drive. The ROM code refuses to load code that isn't digitally signed. So they still use the ROM verifier, but now verifying the ROM proves that the software on disc is correct as well.
A voting machine shouldn't even need a hard drive, though. In fact, it's much better if it does not have one. Aside from the paper log, writing the data to a write-only medium would be preferred. The list of items to be voted on (candidates, ballot measures, etc.) could be supplied to the machine on a flash card, and the contents of the card could be digitally signed by the election officials.
The drives for the removable media should be in physically locked containers. Of course, the machine as a whole needs to be physically secured against tampering such that attempts to do so will be easily detected by the poll workers. Tamper detectors should also log messages to both the paper audit trail and the machine-readable log.
Sitefinder was an abuse of the registry side of the business. Since the registry business is operated under contract to the Commerce Department and ICANN, and Verisign has violated that contract by not operating the registry in compliance with applicable contract requirements (such as releasing expired domains after the grace period) and technical standards (DNS responses for non-existent domains), the Commerce Department and ICANN should cancel the contract and award a new contract to a non-profit corporation. Preferrably one that has demonstrated an ability to provide responsible stewardship of public infrastructure, such as the Internet Society.
The expiration dates for the .com and .net registry contracts are 10-NOV-2007 and 30-JUN-2005; if the contracts aren't cancelled by then, I hope ICANN and the Commerce Dept. at least have the good sense not to renew them, and instead evaluate and choose new registry operators.
It's rather hard to believe that with all the resources the US can bring to bear on this problem, that WMDs can remain hidden without a trace for this long. They haven't even found any infrastructure that would have been necessary to produce the WMDs, and that should be much more difficult to hide.
If GWB doesn't want people to think he is guilty of war crimes for ordering the deaths of thousands of Iraqi citizens, let him publish the evidence that he used to justify the war.
As far as anyone has been able to determine, Saddam was in compliance with the UN requirements from the time he readmitted the UN inspectors until the time the US attacked.
When GWB said that he had evidence but couldn't make it public for reasons of national security, I was willing to give him the benfit of the doubt. In hindsight, it appears that he completely fabricated whatever evidence he claimed to have. Even GWB himself now claims that the war wasn't about WMDs, yet he provides no alternate explanation that justifies a first strike on our part.
No, I meant that Saddam should be restored to power and the thousands of Iraqi citizens we killed should be unkilled.At this point there's no reason to call off the investigation. Calling it off won't resurrect the dead.
Saddam may be an evil asshole, but when the US mounts a first strike on a country without in fact having any proof that the country has in fact done anything actionable, and the US kills thousands of civilians to overthrow that country's government, I really question the choice of countries designated the "axis of evil".
If the ruler of a country being evil is sufficient justification for the US to launch a first strike, why haven't we attacked North Korea? Maybe because North Korea doesn't have resources that the US cares about?
GWB should be tried for war crimes.
It seems appropriate for the Commerce Dept. to revoke the Verisign contract and award it to another entity that will be more concerned about operating the registry, root, and TLD servers in compliance with relevant standards and for stability and the public benefit, rather than an entity that sees their custodianship as a way of subverting the system to increase their profits without regards to the effects on the internet at large.
Forbes apparently would like us to have sympathy for companies that have somehow been tricked into using GPL'd software without knowing that they'd have to publish their source code, which is not, as Forbes claims, equivalent to burning down your own house. But that's not how things work. Any time a company takes someone else's copyrighted material and makes a derived work, they have to deal with licensing issues, and GPL'd software (including Linux) is no different in this regard.
Can you imagine what would have happened if Broadcom and Linksys had decided to use proprietary software, perhaps belonging to Microsoft, in their router without a proper license? Instead of someone asking them to publish their sources, which would only be a minor inconvenience, they would already be in court being sued for tens of millions of dollars. With the resources Microsoft could bring to bear, Broadcom and Linksys headquarters would soon be reduced to patches of scorched earth.
Yet Forbes somehow manages to portray the free software community as bad guy. Amazing.
That's especially true of what's happened in California; the new regulations here are really, really bad. For instance, the utilies are not allowed to buy any long term contracts, but instead have to buy electricity on the spot market to make up any shortfalls in local generation. Anyone that has even the slightest knowledge of economics can tell you that this will cause higher prices. How can the government prohibiting the utility from exercising proper fiduciary responsibility to their customers and shareholders possibly be considered "deregulation"?
No, the legislature here, and in other states, decided to jump on the "deregulation" bandwagon, and just used the word deregulation to fool the media and their constituents about what is in fact simply different regulation.
I am really sick of people saying that deregulation doesn't work! We haven't tried it, so we don't have strong evidence that it won't work.
"terra" is not a base 10 prefix, despite its unfortunate presence in the white paper.
"terra" is not a base 10 prefix, nor is it a base 2 prefix.
How can the leak possibly cause a schedule delay? There's no point in delaying the schedule unless they want to do so for other unrelated reasons. And there's no cause for lost revenue unless they delay. It's just another lame excuse they're putting out to draw attention away from whatever their real problems are.
At least until/unless they start losing business due to pissed off customers.
There is a GTK+ port for Windows. I don't personally do any Windows development.