5) "Hold down ctrl to make anything a hyperlink" - want to go to where a method, variable, class etc is declared? Just hold down ctrl and click. Navigation was never simpler.
6) Search for all references (etc) - in theory there's "go to definition" in VS.NET 2003, but half the time it doesn't work when you're in a large solution, and I don't believe there's any way of finding all references.
In fairness, both of these are trivial in any recent VS.Net version. Jumping to definitions/declarations has been around forever (right-click and go to definition, or click in the name and hit a shortcut key). There are a few usability gremlins -- constructors in C++, for example -- but these have been improved in more recent versions.
Also, there's a specific find references command (under the Edit menu by default, IIRC) in VS.Net, which works very well. That lets me forgive them just a little for removing the Browse toolbar that was one of the most useful features in VC++ 6.
While your criticism of Perl is entirely valid, I think you're missing the main problem (such as it is) with readability in Lisp. In fact, the other example you gave, XML, suffers much the same problem.
In neither case is the problem the vast number of () or <> pairs you've got in the code. That's tedious and doesn't help readability, but it's not the end of the world.
Rather, the problem is that (up to a point), that is all you've got. Languages evolve syntactic sugar for a reason. Of course you can create a very pure, very small language without much syntax at all. Indeed, classical Lisp is about as pure and small as you can get. But in doing so, you force all concepts to be represented in the same uniform notation, even if that notation isn't necessarily the most natural or readable.
Lisp-like languages with more friendly syntax don't suffer the same problems here of course, but I suspect these are rarely what people are complaining about when they attack the readability of "Lisp".
I couldn't agree more. During an extensive period of contractual negotiations after my formerly small and privately owned employer was bought out by a US corp, I had just two absolute requirements:
they get a fair day's work for a fair day's pay
outside working hours, they get nothing
The initial contract they offered tried to tell us we couldn't do any other paid work without our manager's permission (no bar work for the guy saving to buy his first home, then) and claimed universal IP rights to anything while we were employed (even if completely unconnected to work).
Suffice it to say that no-one on the existing staff seemed to have a problem with my two principles, a lot of people voiced their agreement, and nothing that violated those principles made it into the contract we eventually signed. It's a shame we had to waste so much of everyone's time and effort to reach the inevitable conclusion. However, since our laws here don't currently make either of those principles mandatory (IMHO, they should, particularly the latter since it's so frequently abused) it was necessary.
You're telling me that your printers always include a dot, printed with yellow toner, visible only with an 8x magnifying glass, in which is encoded enough information for you to identify exactly which printer that you made was responsible for printing that page?
Sorry, but if that's all you've got, I call bullshit. Too much doesn't add up.
Printer manufacturers have high enough resolution to do this, yet only put out 600dpi/1200dpi boxes, where you can easily enough see jaggies with the naked eye?
If the dots are really that small, they could be messed up just by bleed in average quality printer paper.
Alternatively, this isn't a microdot in the classic meaning of the term, but rather the system is supposed to rely on the relative positions of the dots on the page, with dots spaced inches apart? How is that going to help fight conterfeiting? I don't know many bank notes that come in handy US letter or A4 size for counterfeiting convenience.
You say your department has never had to look up a serial number for the authorities, yet strangely according to TFA, the authorities seem to do this all the time with other makers?
Only a tiny number of people in your department know how to do this, it's all so secret that other printer manufacturers cited in TFA wouldn't even comment and you can't tell us how to find the things, yet you're prepared to identify your employer, thus practically waving a flag about who you are and the fact that you're willing to disclose this sort of information?
There's no obligation to register where you buy your printer, nor to notify anyone of selling it on, so there's nothing to connect to the serial number unless someone bothers transferring warranty information (even after the usually pretty naff warranty has expired).
And here's the kicker: governments all over the world use these things. If there were security marks being printed on their documents, they would know about it, not least because they all do it routinely with confidential documents themselves. How am I supposed to believe that government departments are allowed to use these things when anything they print could be traced back to exactly where it comes from by someone who isn't cleared by that government's security people, and works in another country?
Sorry, but this just doesn't ring true. There is absolutely no factual information in either TFA or all your posts to this thread that's good enough to reproduce this effect reliably, and what's more I'm looking at full-page print-outs from two colour printers, following the directions given in TFA, and unable to see anything even remotely resembling what's described.
I'm happy to change my view on this if more information is provided, but I'm very sceptical about this whole story right now.
While 3.6Ghz is today's top level CPU I would consider anything 1.6Ghz or so and greater a current CPU.
Well, my home PC is an Athlon XP 2100+ (technically a 1.73GHz processor) and my office desktop is a 2.2GHz P4, so that sounds about right to me.
Incidentally, the work machine was just passed over for an upgrade in the annual tech audit: it's towards the lower edge of what's deemed acceptable for a developer's machine these days, but it'll probably be next year before I get a new one. I'm not in the IT group, but I work for a US corp big enough to have deals directly with Microsoft, so I'm guessing it's a pretty typical corporate policy.
IOWs, if Vista won't run on this sort of tech or something very close to it, Microsoft are on a loser. No-one in my office has a machine much over 3GHz, including those who just got upgraded.
Notice no mention about gfx cards. I assume all those transparent window borders will take a bit of power.
At the last count, they were planning something like 3 levels of graphical funkiness, depending on your hardware. It was something like 64+MB AGP4x cards, 32MB cards, and lowest common denominator (i.e., Win2K clone). There's probably something about it if you can face clicking through the five billion links in TFA.
They certainly don't work reliably enough, that's for sure.
Lack of reliability is one of the big reasons behind the first objection I listed (not bringing the claimed benefits). This, combined with the ability to trawl the database for suspects any time any biometric information is found near a crime scene, is also a major cause of objection 4 (the NIR is subject to abuse).
What's wrong with the PC BIOS anyway? Give or take a few gremlins when new technologies are first introduced, the basic tech seems to have adapted remarkably well for a very long time. Since flashable BIOS technology is now routine, even the early adopter problems don't seem like that great an issue. What's the replacement supposed to offer as an advantage over tried-and-tested, apart from a few buzzwords?
On a more sinister note, there's no mention in TFA of DRM and the idea of "trusted" computing, but I can't help wondering whether this isn't one of the main aims behind the scenes, given who's supporting this new organisation.
It seems like we're stuck in the rut like we were in 80's - better the devil you know and all that. The only difference being that in the 80's the Tories were elected by more than 21% of the electorate.
Of course, the Conservative Party actually won the popular vote in England at the last election. Tony Blair's Labour were returned to government by a tiny majority of the popular vote across the UK as a whole, relying on their stronger support in the other countries to keep them in, yet have wound up with an absolute majority in parliament thanks to our wonderful first-past-the-post system.
This system is more wonderful than ever, because most of those other countries in the UK now have devolved governments that they elect independently. Consequently, unlike England, they often don't suffer the results of votes in the UK parliament directly, leading to the absurd position that Labour can force through legislation on universities that is widely opposed in England, with the support of their Scottish MPs whose own universities won't be adversely affected by it!
What really turns my stomach is when Labour happily argue that since they won the election, they now have a mandate to implement measures in their manifesto, even though more than 2/3 of the votes went to candidates who do not support those measures. Still, this is the government that introduced the term "spin" into common vocabulary, so what do we expect?
Our government system was never ideal, but the handling of devolution and the House of Lords has made it even more corrupt than ever since New Labour came to power. I'd say vote them out, but we did that, and yet they're still there.
OK, let's get this straight right from the start, because while no doubt well-intentioned, the parent post is Just Plain Wrong on several counts.
I won't presume to speak for everyone, but here are some of the main objections to the specific plans currently being advocated by the Labour government in the UK.
The cards are not likely to bring the claimed benefits. The government has switched its argument for the cards from anti-terror to reducing benefit fraud to immigration issues, each time as the previous "advantages" were debunked. Little evidence has been provided that any of these causes will be advanced by the introduction of the government's proposed scheme.
The cards will be expensive. The government's own estimates put them at nearly 100 pounds already, though they try to hide this behind the claim that we need biometric passports already and they'll cost nearly as much on their own. Independent estimates have put the figure as high as 300 pounds already, and no major UK government IT project in recent years has come in anywhere close to on-budget.
The cards present a risk to civil liberties. While the government is keen to stress that having an ID card will not be compulsory at first, it is on the record as saying it wants them to be compulsory within a few years. The government also says that it won't be compulsory to carry them in the street, but without that they'll be even less effective, and once everyone has them it's a short step away. Civil rights campaigners argue that simply walking the streets of our own country is likely to become a privilege rather than a right.
The National Identity Register is subject to abuse. One of the main objections is not to the cards themselves, but to the creation of a national, government-controlled ueber-database. The government has made noises about restricting access to this database very carefully, but history suggests that they aren't as good at data protection as they claim.
The National Identity Register is subject to human error. Even if the system is reasonably resilient to malicious interference, any database that's dealt with hundreds of times a day by civil servants is inevitably going to get incorrect data entered occasionally simply through keyboard error and the like. Examples have been given (I personally am one) where a similar error in the existing tax office computer systems have left individuals out of pocket by large amounts of money for several months, with essentially no way to get compensation (since this part of the government is conveniently has Crown immunity from prosecution). There have been no guarantees made about the failsafe procedures to protect victims of innocent mistakes. While the government says the Information Commissioner (who usually enforces our data protection rules) will have some authority here, the Information Commissioner himself has criticised the proposals.
The scheme could make things worse. If the scheme becomes the established, universal form of ID that it's supposed to be, then it will present a single point of attack for identity thieves. Identity theft is one of the fastest growing crimes in our country today, and recovering after having your identity stolen can take a huge amount of time and effort.
Several of the claims in the parent post (mandatory carry, exempt from individual access) have been explicitly denied by the government at the present time. Such rules would certainly be even more unwelcome, and are definitely a cause for concern, but perhaps we should concern ourselves more with the damage that may be done by the proposals the government is actively and publicly supporting already?
Hmm... This is looking like the UK's infamous Godfrey vs. Demon case all over again, but now with the ISP giving up the should-have-been-common-sense defence Demon tried.
For those who don't know, this was a landmark UK legal ruling from the mid-90s. Godfrey was defamed in newsgroup postings, and sued Demon, a major UK ISP, for hosting those postings. Demon's defence was basically that the postings were made by an unknown individual who wasn't a Demon customer, and they were simply providing access to content accessible to anyone on the Internet, and so shouldn't be held responsible. Essentially, though I don't know whether UK law uses the same term, they were arguing that it was unreasonable for a common carrier to be held responsible for the information they carry.
Demon famously lost, but they lost on the basis that having been told about the defamatory content they should have removed it from their systems, not on the basis that they shouldn't have been hosting it in the first place. This opened up a huge legal can of worms, because it put all ISPs within the jurisdiction in a position of having to remove any offensive content in the face of any complaint or risk being sued, yet then acting as courts and censoring material without giving the source so much as a right to reply. AFAIK, the resulting legal minefield remains unsafe to this day, and ISPs get shaky at the very mention of the case. On the flip side, the case also seems to confirm that ISPs are not to be treated as publishers, with publishers' liabilities for content, just for providing access to material: the "common carrier" principle appears to be respected here.
In today's Canadian version, however, it seems the ISP has already given up any pretense of being a mere provider of access to globally available information. If an active decision was made to kill access to a particular web site, it's hard to see how they didn't just make themselves liable by default for every site they allow access to that contains defamation, kiddie porn, or any other $OFFENSIVE_CONTENT.
How this move was approved by their lawyers, I can't imagine...
There are easier ways to avoid spam, virii, etc. than to give up your freedom.
What happened to freedom coming with responsibility attached? Do you believe that you can have a free society, yet not hold anyone accountable for their actions?
Ah, a few more lovely quotes from an AC to annihilate. I needed some entertainment on a Sunday night, so here goes...
It is a sign of a limited mindset that you view your employer, bank, landlord, etc., as an authority over you; and not as an equal with whom you do business.
You jump too readily to a false confusion. I do not view any of those people as an authority over me; on the contrary, they provide benefits to me, and I choose to benefit from their services/employment rather than another's. In fact, a handful of colleagues and myself forced our employer to rewrite several pages of its new employment contract for the entire UK staff base because we objected on principle to some of the terms they wanted, and were prepared to resign over it. Authoritize that.
No, the examples I gave are authorities only in the sense we're discussing: they may need to authenticate someone who comes to them, in order to determine whether they can use the service, and if so to ascertain necessary information about how (e.g., dental records, reference number to co-ordinate salary deductions with the tax office).
And all of those listed have a track record of abusing such information, when it has suited them. [...] I could give numerous examples.
Please, do. I actually laughed out loud when I read some of your claims (though not as much as my girlfriend, when I told her someone thought I was a sheep who viewed my employer as an authority!).
Whistleblowers come to mind.
How is my employer going to abuse any information they have about me if I find they're misbehaving and blow the whistle on them?! Does this have anything to do with the kind of identity technologies we're discussing at all?
And are you aware that your mobile phone service is probably reselling your information so that anyone can buy a list of your outgoing calls (this was mentioned even on Slashdot recently, IIRC).
Please, do tell. But before you do, be aware that I spent considerable time working for a mobile telecomms company. I've heard all the horror stories about trusting your comms service provider, and I know pretty well which ones have some truth to them and which ones are the tinfoil brigade having a laugh.
Similar things will also now start happening, now that your Doctor and Dentist are cutting over to standardized electronic health records.
Are you claiming that doctors and dentists are disclosing patients' confidential health records? I'd love to see any proof you have of that; certainly here in the UK, that would equate to "career dead" within a matter of days.
Your bank and investment funds also probably resell your information; at the least, to their affiliates unless you've opted out.
Really? How so? My bank certainly can't disclose thinks like my account balance and who I give money to and receive it from. Again, if that got as far as the Office of the Information Commissioner over here, the bank would be as good as toast.
I could go on and on here, but it's really not worth it. But I"ve never found it useful to try to improve the mindset of those stuck in the way of thinking like a sheep.
I don't think like a sheep. On the contrary, as hopefully the above comments demonstrate well enough, I am very well informed about what various organisations can and cannot do with the personal information about me that they hold, and quite prepared to stand up for my rights and bring others along with me.
None of that changes the fact that, since some groups do require personal information about me in order to fulfil their part of our relationship. Contrary to your flippant comment, everyone on the list I gave does require some information about
Show me one single case where the "suitable authorities" haven't abused their power? You can't, can you? Now go munch your fodder like a nice sheep; you aren't capable of independent thought.
...Says the AC, while adopting the standard "I should be completely anonymous and have no responsibility for my actions because They will get me" position.
We're talking about a more general concept of identity and authorisation here than everyone you deal with being able to identify you by name and address etc. However, if you want to restrict it to that particular application, here are a few examples of people who have confirmed various information about me including my name and address, for legitimate reasons, and to my knowledge have never abused that information:
my employer
my bank and investment funds
my landlord
my mobile phone service provider
my doctor and dentist
Those are just the first few who come to mind. In each case, they had a legitimate reason to know various things about who I was, and to the best of my knowledge that information has never been abused. My employer doesn't get to see my health records just because my doctor does. My bank and investment funds know who the money they hold belongs to and where he lives, but my mobile phone provider only knows where to send the bill each month and can't adjust their rates upwards for higher-earning customers. My employer can't find out where I went on my day off from my mobile phone service provider.
It is in everyone's interests for secure, minimal-data identification systems to exist for use by those people or organisations they deal with who have a legitimate need to confirm information about them. AFAICS, that is all this article is promoting.
(This is pretty much orthogonal to the idea that in order to use certain kinds of services, you should be required to provide enough information to identify you as an individual, and this information should then be accessibile according to due process in the event that it provides evidence that you have committed a crime. It just happens that such an arrangement would have advantages of its own, and would necessitate the introduction of some form of identity scheme to support it.)
There'd be a lot of advantages to ubiqutuous telescreens too.
Please save the 1984 references for when they're applicable. Crying "Big Brother is coming!" in the face of any discussion of privacy and identification technology, regardless of its potential merits for both individuals and society, does not make a compelling argument, and serves only to dampen useful discussion. The last thing we want on a subject as important as this is to stop people thinking and discussing new ideas, and wait for events to take care of things for us in whatever knee-jerk reactionary way they see fit.
To address your specific example, the invasive telescreens in 1984 monitored private behaviour in an individual's own home, amongst other things. Neither the article nor my posts advocate any such intrusion. This is a completely different concept to requiring individuals to be accountable for their behaviour on public networks where other people can be affected. This simple obligation to society in general is the basis of any legal system.
The Internet has had a free pass so far because the technology and legal framework haven't been up to dealing with much of the abusive behaviour. Look what's resulted: viruses, spam, phishing, and all the rest of it. This is what happens when you allow anyone access to a powerful, public service, without any responsibility for their actions.
A "suitable authority" which makes the rules and to whom your actions are 100% accountable to is your master, no bones about it.
I don't get this. I've had lots of replies in the past 24 hours that make similar comments, but where in either TFA or any of my posts is there any advocacy of some global authority that knows everything about you and makes all the rules? The main point here is that in order to use a service, it's not unreasonable to require you to provide sufficient information to confirm that you're entitled to use that service, and possibly to allow remedies if you abuse it. That doesn't imply giving your name, address, DoB, government-issued ID numbers, etc. to everyone you deal with. Nor does it imply some central organisation, government or commercial, needs to know everything you're doing.
Having said that, we do operate with authorities that make the rules (legislative branch of government), enforce those rules (executive branch of government) and hold you accountable if you break them (judicial branch of government). We've been doing this since long before computers and the Internet, it generally works pretty well, and I've yet to hear any compelling reason why using some sort of technology should exempt you from any responsibility for your actions, even if they are harmful to others in society. Courts can order all kinds of information to be disclosed about you from all kinds of source, if it's important to a trial and necessary to secure a just verdict. I don't have a problem with that, and I question to motives of anyone who does. But this is only a single, limited aspect of the more general principles under discussion here.
Until someone creates a worm that propogates those things, through your PC, without your consent.
But that will result in two things happening:
Your compromised system will temporarily be blocked by everyone else, as will all the other compromised systems, cutting off the distribution network from further abuse. (This would happen anyway, of course, as people complained to your ISP's abuse address that you were sending them junk. It's just less efficient now, and the current system allows non-responsive ISPs to screw everyone else on the Internet.)
This will immediately result in lots of users complaining to their ISPs that their e-mail has stopped working, which in turn will result in rapidly tracking down the origins of the worm and taking action against the ****wit who started it.
Given a sensible framework for blocking reported abusive senders -- perhaps a short block to start with, increasing in length every time they're reported again shortly after being reactivated -- this would cause less disruption to most people than the existing worm attacks, since they'll all automatically come back on-line after a brief period of disconnection. If they haven't patched their systems by then, of course, they'll get booted again, but that's their problem: unpatched systems have no automatic right to be on the Internet and disrupt everyone else!
And of course, it would also put the emphasis back on not connecting up to the Internet if you can't keep a computer secure, and put a lot of pressure on software developers not to allow compromises via their software. Customers who find themselves repeatedly disconnected because their machine is owned are likely to start looking for alternative, more reliable software.
So why shouldn't MS be held liable for their crappy spooftware... I mean software?
Software development will involve bugs, because no-one yet knows how to write completely bug free software. So, here are a few things that could happen if you make software companies responsible for any failing in their software:
The software industry will realise its shocking ignorance of best development practices, develop the concept of software engineer into what it really should be, and increase software quality dramatically.
The software industry will start taking out insurance against damages claims for bugs in their software.
Software development will be contracted out by the big marketing companies to little guys, and the latter will bear the brunt of the liability while the former rake in most of the profits.
The cost of software to the end user will increase dramatically.
The time taken to make software will increase dramatically.
The amount of software made will be reduced.
Use of FOSS in business and government will plummet almost overnight, and development on many smaller projects will cease.
Would you like to guess which ones will happen, and which ones won't, in the majority of cases?
I'm not quite sure what you think the article was proposing, but obviously we've read it different ways. My understanding was that the article wasn't proposing concrete measures, but rather a set of constraints that any concrete measure will probably have to satisfy in order to become successful.
As for Slashdot, please don't put words into my fingers. I didn't say Slashdot's approach was universally good; in fact, I specifically noted that it was possible for someone to fake being me by grabbing my password. I don't have a problem with the use of a unique user name and password, but the way it's handled is not exactly secure, is it? Anyone with any number of kindergarten cracks in their toolbox could fake me and pretend to be me if they had some reason to bother doing so.
That's all very well on a forum like this, where there is little value in faking being someone else other than to irritate them. It's hardly suitable for more general use where basic security is required. At that point, you need a verifiable version, and that's what the article is all about.
Much the same is true of the banking web site example. It's all very well saying that a browser should display accurate URLs today -- nice dig at IE, I'm surprised you didn't pimp Firefox while you were at it -- but also utterly irrelevant. What if you went to a financial site you belonged to, and it was going to redirect you to another company for a particular service. You have no idea what the correct URL would be, though presumably you trust the service that's directing you there. Displaying dubious URLs properly won't help you here, but a form of trust-based verifiable identity will ensure that once you've been there from a trusted source, anything you come across later that claims to be the same company can be verified -- and all without any need for information on your part, incidentally.
And yes, I get the idea. But I happen to think it's incredibly dangerous and prone to abuse. Do you really want the family values gang to shut you out of the Internet for good just because they don't like your artful nudes? Do you want some semi-rational posse of political activists to be able to legally DOS you just because they consider your ideas dangerous? Do you want the government to have an excuse to throw you into jail simply because of some anonymous denunciation?
And how exactly is any of that going to happen under anything remotely resembling the idea I described, if you weren't sending that stuff in e-mails to people who didn't want it? And if you were, too bad, you deserve to be blocked. Maybe you shouldn't have been sending unsolicited content to people who'd find it offensive?
Isn't it understood that there will be websites out there that will use subterfuge in an attempt to get identity data from the system?
Of course it is. But how is an untrustworthy web site going to convince you that it's really your bank when your browser pops up a flashing red warning sign all over your screen the the claimed identity can't be verified the instant you visit it? The identity concept cuts both ways.
But they system would have to also know that you're "John Doe" as well as that "John Doe" belongs to group X.
Why?
Slashdot only knows that I am the real Anonymous Brave Guy (or someone who ripped his password, at least) and the e-mail address I supplied at sign-up. It doesn't know my real life address, nor need to, in order to understand that I can post here with this identity attached to my writing.
So, all those bad websites put up by bad people will be trying to get additional info held by the central system.
You keep writing as if there's some sort of centralised authority that would have to manage all of this stuff. I don't see where that assumption comes from, or why any system based on the principles in TFA would have to work that way.
This imposes a large burden on government, though: to avoid your bank ever seeing your information, or linking you with anything other than the bank's own activities, the government would have to issue separate identity numbers with verified real world identities for every service that any citizen signed up to where government access might also be required. Now you've got a single point of failure, which is one of the big dangers of a system like this.
You seem to think that this would be a foolproof identity system. In reality it would not apply to any of the above mentioned people as they also have the know-how to get around it.
Sure, there will always be loopholes, but today, it seems like a significant amount of the really damaging stuff is done by script kiddies who don't really know anything, just because they can by downloading some tool from astalavista.
Something like this has been on the cards for e-mail for a long time. Ultimately, to get something onto the Internet, you need a connection via a relatively small and well-identified set of ISPs. If every e-mail must come with a validated chain of headers indicating where it really came from, and any ISP not maintaining such a chain is simply bounced by the first compliant ISP the mail reaches, bingo, 95% of spam just disappeared.
Sure, you can still get a spammer signing up for a new account, doing it once, and then going away, but at least you can shut them down quickly and effectively. You could almost automate it: if x% of recipients of mail from verified address spammer@spammers.com click the "I think this is spam" button in their mail client within a brief period, the system just shuts down any further propagation of mail from that address. (That naive an approach is probably unworkable, but you get the idea.)
In fairness, both of these are trivial in any recent VS.Net version. Jumping to definitions/declarations has been around forever (right-click and go to definition, or click in the name and hit a shortcut key). There are a few usability gremlins -- constructors in C++, for example -- but these have been improved in more recent versions.
Also, there's a specific find references command (under the Edit menu by default, IIRC) in VS.Net, which works very well. That lets me forgive them just a little for removing the Browse toolbar that was one of the most useful features in VC++ 6.
While your criticism of Perl is entirely valid, I think you're missing the main problem (such as it is) with readability in Lisp. In fact, the other example you gave, XML, suffers much the same problem.
In neither case is the problem the vast number of () or <> pairs you've got in the code. That's tedious and doesn't help readability, but it's not the end of the world.
Rather, the problem is that (up to a point), that is all you've got. Languages evolve syntactic sugar for a reason. Of course you can create a very pure, very small language without much syntax at all. Indeed, classical Lisp is about as pure and small as you can get. But in doing so, you force all concepts to be represented in the same uniform notation, even if that notation isn't necessarily the most natural or readable.
Lisp-like languages with more friendly syntax don't suffer the same problems here of course, but I suspect these are rarely what people are complaining about when they attack the readability of "Lisp".
I couldn't agree more. During an extensive period of contractual negotiations after my formerly small and privately owned employer was bought out by a US corp, I had just two absolute requirements:
The initial contract they offered tried to tell us we couldn't do any other paid work without our manager's permission (no bar work for the guy saving to buy his first home, then) and claimed universal IP rights to anything while we were employed (even if completely unconnected to work).
Suffice it to say that no-one on the existing staff seemed to have a problem with my two principles, a lot of people voiced their agreement, and nothing that violated those principles made it into the contract we eventually signed. It's a shame we had to waste so much of everyone's time and effort to reach the inevitable conclusion. However, since our laws here don't currently make either of those principles mandatory (IMHO, they should, particularly the latter since it's so frequently abused) it was necessary.
If that's the level of humour we can look forward to, this could be curtains for Windows...
[Glances at Windows Vista requirements]
Anyone with a machine slower than 3GHz and a graphics card more than six months old, apparently.
OK, so let me be sure I understand this.
You're telling me that your printers always include a dot, printed with yellow toner, visible only with an 8x magnifying glass, in which is encoded enough information for you to identify exactly which printer that you made was responsible for printing that page?
Sorry, but if that's all you've got, I call bullshit. Too much doesn't add up.
Printer manufacturers have high enough resolution to do this, yet only put out 600dpi/1200dpi boxes, where you can easily enough see jaggies with the naked eye?
If the dots are really that small, they could be messed up just by bleed in average quality printer paper.
Alternatively, this isn't a microdot in the classic meaning of the term, but rather the system is supposed to rely on the relative positions of the dots on the page, with dots spaced inches apart? How is that going to help fight conterfeiting? I don't know many bank notes that come in handy US letter or A4 size for counterfeiting convenience.
You say your department has never had to look up a serial number for the authorities, yet strangely according to TFA, the authorities seem to do this all the time with other makers?
Only a tiny number of people in your department know how to do this, it's all so secret that other printer manufacturers cited in TFA wouldn't even comment and you can't tell us how to find the things, yet you're prepared to identify your employer, thus practically waving a flag about who you are and the fact that you're willing to disclose this sort of information?
There's no obligation to register where you buy your printer, nor to notify anyone of selling it on, so there's nothing to connect to the serial number unless someone bothers transferring warranty information (even after the usually pretty naff warranty has expired).
And here's the kicker: governments all over the world use these things. If there were security marks being printed on their documents, they would know about it, not least because they all do it routinely with confidential documents themselves. How am I supposed to believe that government departments are allowed to use these things when anything they print could be traced back to exactly where it comes from by someone who isn't cleared by that government's security people, and works in another country?
Sorry, but this just doesn't ring true. There is absolutely no factual information in either TFA or all your posts to this thread that's good enough to reproduce this effect reliably, and what's more I'm looking at full-page print-outs from two colour printers, following the directions given in TFA, and unable to see anything even remotely resembling what's described.
I'm happy to change my view on this if more information is provided, but I'm very sceptical about this whole story right now.
No, as opposed to A4.
Well, my home PC is an Athlon XP 2100+ (technically a 1.73GHz processor) and my office desktop is a 2.2GHz P4, so that sounds about right to me.
Incidentally, the work machine was just passed over for an upgrade in the annual tech audit: it's towards the lower edge of what's deemed acceptable for a developer's machine these days, but it'll probably be next year before I get a new one. I'm not in the IT group, but I work for a US corp big enough to have deals directly with Microsoft, so I'm guessing it's a pretty typical corporate policy.
IOWs, if Vista won't run on this sort of tech or something very close to it, Microsoft are on a loser. No-one in my office has a machine much over 3GHz, including those who just got upgraded.
At the last count, they were planning something like 3 levels of graphical funkiness, depending on your hardware. It was something like 64+MB AGP4x cards, 32MB cards, and lowest common denominator (i.e., Win2K clone). There's probably something about it if you can face clicking through the five billion links in TFA.
They certainly don't work reliably enough, that's for sure.
Lack of reliability is one of the big reasons behind the first objection I listed (not bringing the claimed benefits). This, combined with the ability to trawl the database for suspects any time any biometric information is found near a crime scene, is also a major cause of objection 4 (the NIR is subject to abuse).
What's wrong with the PC BIOS anyway? Give or take a few gremlins when new technologies are first introduced, the basic tech seems to have adapted remarkably well for a very long time. Since flashable BIOS technology is now routine, even the early adopter problems don't seem like that great an issue. What's the replacement supposed to offer as an advantage over tried-and-tested, apart from a few buzzwords?
On a more sinister note, there's no mention in TFA of DRM and the idea of "trusted" computing, but I can't help wondering whether this isn't one of the main aims behind the scenes, given who's supporting this new organisation.
Of course, the Conservative Party actually won the popular vote in England at the last election. Tony Blair's Labour were returned to government by a tiny majority of the popular vote across the UK as a whole, relying on their stronger support in the other countries to keep them in, yet have wound up with an absolute majority in parliament thanks to our wonderful first-past-the-post system.
This system is more wonderful than ever, because most of those other countries in the UK now have devolved governments that they elect independently. Consequently, unlike England, they often don't suffer the results of votes in the UK parliament directly, leading to the absurd position that Labour can force through legislation on universities that is widely opposed in England, with the support of their Scottish MPs whose own universities won't be adversely affected by it!
What really turns my stomach is when Labour happily argue that since they won the election, they now have a mandate to implement measures in their manifesto, even though more than 2/3 of the votes went to candidates who do not support those measures. Still, this is the government that introduced the term "spin" into common vocabulary, so what do we expect?
Our government system was never ideal, but the handling of devolution and the House of Lords has made it even more corrupt than ever since New Labour came to power. I'd say vote them out, but we did that, and yet they're still there.
OK, let's get this straight right from the start, because while no doubt well-intentioned, the parent post is Just Plain Wrong on several counts.
I won't presume to speak for everyone, but here are some of the main objections to the specific plans currently being advocated by the Labour government in the UK.
Several of the claims in the parent post (mandatory carry, exempt from individual access) have been explicitly denied by the government at the present time. Such rules would certainly be even more unwelcome, and are definitely a cause for concern, but perhaps we should concern ourselves more with the damage that may be done by the proposals the government is actively and publicly supporting already?
Hmm... This is looking like the UK's infamous Godfrey vs. Demon case all over again, but now with the ISP giving up the should-have-been-common-sense defence Demon tried.
For those who don't know, this was a landmark UK legal ruling from the mid-90s. Godfrey was defamed in newsgroup postings, and sued Demon, a major UK ISP, for hosting those postings. Demon's defence was basically that the postings were made by an unknown individual who wasn't a Demon customer, and they were simply providing access to content accessible to anyone on the Internet, and so shouldn't be held responsible. Essentially, though I don't know whether UK law uses the same term, they were arguing that it was unreasonable for a common carrier to be held responsible for the information they carry.
Demon famously lost, but they lost on the basis that having been told about the defamatory content they should have removed it from their systems, not on the basis that they shouldn't have been hosting it in the first place. This opened up a huge legal can of worms, because it put all ISPs within the jurisdiction in a position of having to remove any offensive content in the face of any complaint or risk being sued, yet then acting as courts and censoring material without giving the source so much as a right to reply. AFAIK, the resulting legal minefield remains unsafe to this day, and ISPs get shaky at the very mention of the case. On the flip side, the case also seems to confirm that ISPs are not to be treated as publishers, with publishers' liabilities for content, just for providing access to material: the "common carrier" principle appears to be respected here.
In today's Canadian version, however, it seems the ISP has already given up any pretense of being a mere provider of access to globally available information. If an active decision was made to kill access to a particular web site, it's hard to see how they didn't just make themselves liable by default for every site they allow access to that contains defamation, kiddie porn, or any other $OFFENSIVE_CONTENT.
How this move was approved by their lawyers, I can't imagine...
Blockquoth the AC:
What happened to freedom coming with responsibility attached? Do you believe that you can have a free society, yet not hold anyone accountable for their actions?
Ah, a few more lovely quotes from an AC to annihilate. I needed some entertainment on a Sunday night, so here goes...
You jump too readily to a false confusion. I do not view any of those people as an authority over me; on the contrary, they provide benefits to me, and I choose to benefit from their services/employment rather than another's. In fact, a handful of colleagues and myself forced our employer to rewrite several pages of its new employment contract for the entire UK staff base because we objected on principle to some of the terms they wanted, and were prepared to resign over it. Authoritize that.
No, the examples I gave are authorities only in the sense we're discussing: they may need to authenticate someone who comes to them, in order to determine whether they can use the service, and if so to ascertain necessary information about how (e.g., dental records, reference number to co-ordinate salary deductions with the tax office).
Please, do. I actually laughed out loud when I read some of your claims (though not as much as my girlfriend, when I told her someone thought I was a sheep who viewed my employer as an authority!).
How is my employer going to abuse any information they have about me if I find they're misbehaving and blow the whistle on them?! Does this have anything to do with the kind of identity technologies we're discussing at all?
Please, do tell. But before you do, be aware that I spent considerable time working for a mobile telecomms company. I've heard all the horror stories about trusting your comms service provider, and I know pretty well which ones have some truth to them and which ones are the tinfoil brigade having a laugh.
Are you claiming that doctors and dentists are disclosing patients' confidential health records? I'd love to see any proof you have of that; certainly here in the UK, that would equate to "career dead" within a matter of days.
Really? How so? My bank certainly can't disclose thinks like my account balance and who I give money to and receive it from. Again, if that got as far as the Office of the Information Commissioner over here, the bank would be as good as toast.
I don't think like a sheep. On the contrary, as hopefully the above comments demonstrate well enough, I am very well informed about what various organisations can and cannot do with the personal information about me that they hold, and quite prepared to stand up for my rights and bring others along with me.
None of that changes the fact that, since some groups do require personal information about me in order to fulfil their part of our relationship. Contrary to your flippant comment, everyone on the list I gave does require some information about
...Says the AC, while adopting the standard "I should be completely anonymous and have no responsibility for my actions because They will get me" position.
We're talking about a more general concept of identity and authorisation here than everyone you deal with being able to identify you by name and address etc. However, if you want to restrict it to that particular application, here are a few examples of people who have confirmed various information about me including my name and address, for legitimate reasons, and to my knowledge have never abused that information:
Those are just the first few who come to mind. In each case, they had a legitimate reason to know various things about who I was, and to the best of my knowledge that information has never been abused. My employer doesn't get to see my health records just because my doctor does. My bank and investment funds know who the money they hold belongs to and where he lives, but my mobile phone provider only knows where to send the bill each month and can't adjust their rates upwards for higher-earning customers. My employer can't find out where I went on my day off from my mobile phone service provider.
It is in everyone's interests for secure, minimal-data identification systems to exist for use by those people or organisations they deal with who have a legitimate need to confirm information about them. AFAICS, that is all this article is promoting.
(This is pretty much orthogonal to the idea that in order to use certain kinds of services, you should be required to provide enough information to identify you as an individual, and this information should then be accessibile according to due process in the event that it provides evidence that you have committed a crime. It just happens that such an arrangement would have advantages of its own, and would necessitate the introduction of some form of identity scheme to support it.)
Please save the 1984 references for when they're applicable. Crying "Big Brother is coming!" in the face of any discussion of privacy and identification technology, regardless of its potential merits for both individuals and society, does not make a compelling argument, and serves only to dampen useful discussion. The last thing we want on a subject as important as this is to stop people thinking and discussing new ideas, and wait for events to take care of things for us in whatever knee-jerk reactionary way they see fit.
To address your specific example, the invasive telescreens in 1984 monitored private behaviour in an individual's own home, amongst other things. Neither the article nor my posts advocate any such intrusion. This is a completely different concept to requiring individuals to be accountable for their behaviour on public networks where other people can be affected. This simple obligation to society in general is the basis of any legal system.
The Internet has had a free pass so far because the technology and legal framework haven't been up to dealing with much of the abusive behaviour. Look what's resulted: viruses, spam, phishing, and all the rest of it. This is what happens when you allow anyone access to a powerful, public service, without any responsibility for their actions.
I don't get this. I've had lots of replies in the past 24 hours that make similar comments, but where in either TFA or any of my posts is there any advocacy of some global authority that knows everything about you and makes all the rules? The main point here is that in order to use a service, it's not unreasonable to require you to provide sufficient information to confirm that you're entitled to use that service, and possibly to allow remedies if you abuse it. That doesn't imply giving your name, address, DoB, government-issued ID numbers, etc. to everyone you deal with. Nor does it imply some central organisation, government or commercial, needs to know everything you're doing.
Having said that, we do operate with authorities that make the rules (legislative branch of government), enforce those rules (executive branch of government) and hold you accountable if you break them (judicial branch of government). We've been doing this since long before computers and the Internet, it generally works pretty well, and I've yet to hear any compelling reason why using some sort of technology should exempt you from any responsibility for your actions, even if they are harmful to others in society. Courts can order all kinds of information to be disclosed about you from all kinds of source, if it's important to a trial and necessary to secure a just verdict. I don't have a problem with that, and I question to motives of anyone who does. But this is only a single, limited aspect of the more general principles under discussion here.
But that will result in two things happening:
Given a sensible framework for blocking reported abusive senders -- perhaps a short block to start with, increasing in length every time they're reported again shortly after being reactivated -- this would cause less disruption to most people than the existing worm attacks, since they'll all automatically come back on-line after a brief period of disconnection. If they haven't patched their systems by then, of course, they'll get booted again, but that's their problem: unpatched systems have no automatic right to be on the Internet and disrupt everyone else!
And of course, it would also put the emphasis back on not connecting up to the Internet if you can't keep a computer secure, and put a lot of pressure on software developers not to allow compromises via their software. Customers who find themselves repeatedly disconnected because their machine is owned are likely to start looking for alternative, more reliable software.
I fail to see how any of this is a bad thing.
Software development will involve bugs, because no-one yet knows how to write completely bug free software. So, here are a few things that could happen if you make software companies responsible for any failing in their software:
Would you like to guess which ones will happen, and which ones won't, in the majority of cases?
I'm not quite sure what you think the article was proposing, but obviously we've read it different ways. My understanding was that the article wasn't proposing concrete measures, but rather a set of constraints that any concrete measure will probably have to satisfy in order to become successful.
As for Slashdot, please don't put words into my fingers. I didn't say Slashdot's approach was universally good; in fact, I specifically noted that it was possible for someone to fake being me by grabbing my password. I don't have a problem with the use of a unique user name and password, but the way it's handled is not exactly secure, is it? Anyone with any number of kindergarten cracks in their toolbox could fake me and pretend to be me if they had some reason to bother doing so.
That's all very well on a forum like this, where there is little value in faking being someone else other than to irritate them. It's hardly suitable for more general use where basic security is required. At that point, you need a verifiable version, and that's what the article is all about.
Much the same is true of the banking web site example. It's all very well saying that a browser should display accurate URLs today -- nice dig at IE, I'm surprised you didn't pimp Firefox while you were at it -- but also utterly irrelevant. What if you went to a financial site you belonged to, and it was going to redirect you to another company for a particular service. You have no idea what the correct URL would be, though presumably you trust the service that's directing you there. Displaying dubious URLs properly won't help you here, but a form of trust-based verifiable identity will ensure that once you've been there from a trusted source, anything you come across later that claims to be the same company can be verified -- and all without any need for information on your part, incidentally.
And how exactly is any of that going to happen under anything remotely resembling the idea I described, if you weren't sending that stuff in e-mails to people who didn't want it? And if you were, too bad, you deserve to be blocked. Maybe you shouldn't have been sending unsolicited content to people who'd find it offensive?
Of course it is. But how is an untrustworthy web site going to convince you that it's really your bank when your browser pops up a flashing red warning sign all over your screen the the claimed identity can't be verified the instant you visit it? The identity concept cuts both ways.
Why?
Slashdot only knows that I am the real Anonymous Brave Guy (or someone who ripped his password, at least) and the e-mail address I supplied at sign-up. It doesn't know my real life address, nor need to, in order to understand that I can post here with this identity attached to my writing.
You keep writing as if there's some sort of centralised authority that would have to manage all of this stuff. I don't see where that assumption comes from, or why any system based on the principles in TFA would have to work that way.
This imposes a large burden on government, though: to avoid your bank ever seeing your information, or linking you with anything other than the bank's own activities, the government would have to issue separate identity numbers with verified real world identities for every service that any citizen signed up to where government access might also be required. Now you've got a single point of failure, which is one of the big dangers of a system like this.
Sure, there will always be loopholes, but today, it seems like a significant amount of the really damaging stuff is done by script kiddies who don't really know anything, just because they can by downloading some tool from astalavista.
Something like this has been on the cards for e-mail for a long time. Ultimately, to get something onto the Internet, you need a connection via a relatively small and well-identified set of ISPs. If every e-mail must come with a validated chain of headers indicating where it really came from, and any ISP not maintaining such a chain is simply bounced by the first compliant ISP the mail reaches, bingo, 95% of spam just disappeared.
Sure, you can still get a spammer signing up for a new account, doing it once, and then going away, but at least you can shut them down quickly and effectively. You could almost automate it: if x% of recipients of mail from verified address spammer@spammers.com click the "I think this is spam" button in their mail client within a brief period, the system just shuts down any further propagation of mail from that address. (That naive an approach is probably unworkable, but you get the idea.)