Um, they did that, at least in the U.S. It's a perfect case of the cure being worse than the condition.
The law Congress passed, called CAN-SPAM Act, was pretty quickly called the "YOU CAN SPAM Act" and for good reason. It has so many loopholes and outright legitimizations of spam that it's basically worse than useless.
As a bonus, as if greenlighting spam at the Federal level weren't enough, when they passed it they invalidated all the state laws that were tougher on spam, and also prevented any state from passing tougher laws in the future. Nice, eh? I hope the spammers -- oops, I mean direct marketers, because they're legit now -- got their money's worth.
And that, kids, is what you get for asking for help from the government.
The legal definition of "spam", at least on the Federal level, was crafted with help from spammers themselves (oh, I'm sorry, they're "mass marketers" now). Good thing nobody cares: they're still spammers in the eyes of God and the Internet. Those 'mass marketers' using their CAN-SPAM-approved "free shot" on everyone's email address? Spammers. You know it, I know it, the people who write spam filters know it; hell, even the spammers themselves probably know it.
The fact that the U.S. Congress -- a pretty thoroughly corrupt organization even on its better days (and CAN-SPAM was not a 'better day') -- slapped the rubber-stamp of approval on some behaviors doesn't make them right, or for that matter even acceptable in polite society.
It's a huge mistake to hand over the definition of "spammer" to a bunch of people who don't have the faintest clue how the Internet even works. They may make the laws, but they don't have one iota of credibility when it comes to talking about what's reprehensible behavior and what's not.
Humm... San Francisco Packet Radio... with a Colorado mailing address. Somehow I don't think so.
It looks like what they did was just register a company with a similar-sounding name to a defunct organization that had an old/16. Then they went to ARIN and got control of it on the strength of the similar name, including getting themselves listed in WHOIS. (Which, when you think about it, isn't that hard -- there's no real authentication mechanism for proving you're the "real" San Francisco Packet Radio.)
Then they had another front company obtain an AS number and provide routing, and suddenly they have lots of IPs from which to send spam.
The even-creepier part is that it looks like they have another block stolen through similar means (currently registered to a P.O. box in NYC) and possible connections to Russian spammers, which means basically the Russian mafia.
Here's hoping that when the whole thing falls apart, the Russian mob comes calling for this guy's head. Ironically they're the best chance for this guy getting the slow, painful death he so richly deserves.
Peers include Cogent, XO, Level3, and 360Networks.
IMO, it's the networks peering with JKS that need to pull the plug, rather than having every sysop on the net blacklist either the ASN or the IP address range.
I think those only appear on links to the spammer's site. It's a little weird but the investigation page has a couple of links that point to pages that immediately redirect to the spammer's site.
I don't know if he's doing that to avoid giving them the link or what. (Seems to me he'd be better just not linking at all, but what do I know.)
But the site that pops up that weird disclaimer and requires you to agree before you can get to the actual site -- that's the site for the spammer's front company that provides the routing to the stolen IP ranges (JKS Media).
From what I can tell the scheme is a little more involved than that.
The spammers set up a front corporation in Nevada with a name that's basically identical to the now-defunct Ham radio club that got the block back in 1989. Then they just took control of it using that name; to a casual observer -- and apparently ARIN didn't bother to look too closely -- they looked like the legitimate owner. It's basically a social engineering exploit.
And because of the way the ARIN's rules are set up, they don't pay anything in fees because it's a "grandfathered" block. Not bad if you can get it.
Then, they set up a second shell corporation (JKS Media) to announce the routes -- probably because any halfway-legitimate ISP would have caught on to the fact that they really weren't a San Francisco-based Amateur Radio club. This second shell corp obtained an AS number and advertised all the routes to the hijacked IP range, and on paper looked like a separate company. But it's pretty clear on closer inspection that it's just a front for the spammers.
> So what? There's enough internet to go around â" do we really need any of the stuff that ARIN doesn't have control over?
Huh? There certainly isn't enough "internet", if that includes IPv4 address space. We definitely don't have enough space if every jackass in the universe runs out and squats in the first/16 they decide to use.
I agree that paper balloting systems aren't immune to abuse, but calling them "the easiest method of creating fradulent votes ever" is silly.
It's significantly more difficult to tamper with a paper system. For starters, if you want to forge ballots, you need a shitload of paper ballots. You can't just walk up to a container of ballots, fiddle with it for a few seconds, and change ballots marked for one candidate into ballots marked for the other. You have to physically move paper around. Lots of election shenanigans has been caught over the years because of the difficult inherent in working with (especially in destroying or concealing) large volumes of paper. Bits are ephemeral at best.
The police -- and people in general -- are well-attuned due to personal experience to signs of low-tech crime. Have you seen the average age of poll workers? Physical theft, forgery, and ballot-stuffing are all easy-to-understand concepts, and the safeguards against them follow logically. Electronic security measures are only logical if you understand electronic systems, which many people don't, and are very much non-obvious otherwise.
For instance, with paper ballot boxes, it doesn't really matter if you store the empty boxes in an insecure location on the morning of the election. Any idiot can open up the box before voting begins and make sure the thing is empty. But if you do that with an electronic system, you've just created the perfect opportunity for someone to sabotage the machine with new firmware that will tamper with the votes being cast. That's a trivial example but there are lots of others.
Electronic voting systems might be a fine choice once we have a few generations of people around who have grown up intimately involved with high technology, people who fundamentally understand and are as familiar with computer systems as today's adults and senior citizens are with paper. Until that happens, it's totally inappropriate to replace paper. The electronic systems are simply not mature enough. Give them another century or so, and in the meantime we'll stick with what we know works.
There's simply no compelling reason to switch from paper to electronic systems, unless you're looking for a way to rig an election without any pesky paper trail.
> Since no one had stepped up to the plate before now, I'm betting against anyone doing so in the future.
This doesn't make sense. There's a clear reason why nobody stepped up before: Hans Reiser. The guy was clearly a bit of a nutbag, however competent he may be at designing filesystems, and I surely wouldn't have wanted to wage a very public and protracted battle with him over his pet project.
There are lots of projects that can use programmers and leadership. One that has nobody running it is a lot more attractive to take over than one where the original creator is going to be lurking hatefully in the background, looking for an opportunity to stab you in the back. (Figuratively; but perhaps in Reiser's case, literally.)
> If there's a microphone in the room, then meeting in person probably isn't much better.
I think people are ignoring the real issue here. By meeting in person, the lawyer gets to charge a living shitload of money to fly over there, and bill all his travel expenses, etc.
That's nice work if you can get it.
It doesn't matter whether GPG would suffice; I doubt the lawyer would suggest that to his client, if the client is ponying up for First Class tickets and isn't looking at the expense receipts too closely... why would he? If the client wants to be paranoid and can afford it, it's their money to burn. If that's how they're most comfortable, that's their business.
Although there aren't the privacy implications, I've dealt with similar issues working as a consultant. There are lots of times when it would be entirely possible to conduct a presentation over video or audio teleconference. But if the client's willing to pay just to see my smiling face in person, I'm not going to argue. Just as long as I don't have to fly coach.
Outlook is the keystone of Microsoft's total IT infrastructure dominance of many small- to medium-size businesses. It's the thing that gets them hooked, and from there they become an all-MS shop.
If you could replace Outlook/Exchange with something else -- anything else, regardless of whether it's open or closed -- it would be bad for Microsoft and good for open source.
Sure, it would be best if the Outlook/Exchange replacement were open-source itself, but it doesn't need to be. (And really, I don't see anything in the FOSS world that can really compete on its merits with the Exchange stack, at least not yet.) As long as it's not a Microsoft product, you've broken the single-vendor monopoly and increased the chance that the organization will look at non-Microsoft products in other areas (web server, database server, authentication/directory server, etc.) where Linux and open source really shine. But if they get hooked on Windows and Microsoft from the get-go with Exchange, they'll probably never even consider Linux when it comes time to choose directory, database, or web services. They'll already be too far down the road to easily change. The process Deviant described above is pretty cunning on MS's part; you let them in the door for email and collaboration and a few years later you're paying a massive annual tithe for licenses and you have an IT staff that doesn't know anything else.
Furthermore, even IBM's proprietary products tend to be better than Microsoft's; my experience is that IBM typically at least pays lip service and a certain amount of attention to standards-compliance and interoperability. Many of their core products are really open-source under the hood (e.g. the "IBM HTTP Server" is really Apache), many are platform-agnostic, and in general they seem to have learned their lesson and cleaned up their vendor-lock-in ways to an extent that Microsoft clearly has not.
It's a known issue with preview; it's a lot less aggressive about escaping than the actual code that generates the posts, I guess.
I noticed it a while back both with emdashes and smartquotes (which can be an issue if you copy/paste from an application that actually changes the normal quote character to the Unicode directional quote characters), so I don't think it's a result of the new Ajaxy goodness. It's just "Preview" not really 'previewing'.
> Some banks here (Austria) provide a one time password list. You have to just that, take a list with you and cross out each one as you have used it.
That's pretty nice. Given how long s/key has been around for, and how low-tech it is compared to other one-time-password options, I've always been a bit disappointed more websites don't let you use it as an option. I think it stems from too many site designers writing off their users as too stupid to understand it, too quickly.
Although I'm as guilty as anyone of engaging in some 'stupid luser' humor now and then (retractable cupholder!), I've found that a lot of technical people underestimate the capabilities of what average users can understand and will do, if it's been explained in a clear manner -- and most important, if the reason they ought to care is made plain.
In this case, a way of securely logging in from a webcafe or friend's computer (using nothing but say a pre-printed wallet card of passwords -- one that's otherwise unmarked!) is pretty clearly beneficial. It's too bad the banks aren't all as forward-thinking as your Austrian one.
I thought about that a little when I was writing the initial post and dismissed it, thinking that it wouldn't be possible to log into websites that require passwords (online banking, Slashdot, whatever) without revealing them to the untrusted system.
However on second thought I suppose you could just let the browser on the trusted/remote machine cache all your passwords, and then log in this way... assuming you're comfortable letting any browser cache your online-banking passwords. It would do for sites like Slashdot though (especially Slashdot, because it has long persistent logins via cookies anyway).
The reason I've never wanted to do that is because I think it would just be too easy, once you have that browser window open, to run across a login page and type in a password without thinking. But I guess if you're careful, X forwarding would definitely work (assuming your hypothetical untrusted machine has an xserver running).
Ah yes, under that assumption, what did he do about the password needed to log on to ssh? This is a solved problem. You use a one-time password system, like s/key, or one of its many variants.
The only caveat with s/key is that you can't run the generator program (which takes your secret passphrase and tosses out a bunch of new one-time passwords) on an untrusted system. If you do, you've just blown the whole business.
So if you're going to be traveling and won't have access to any computer that you can trust, even a disconnected one, you need to generate a lot of passwords and write them down, and then cross each one off the list as you use it. (But hey, I think this lends a very nice cloak-and-dagger feel to computing that you just don't get very often.) Although I see that now somebody has whipped up a Java version of the s/key generator that will run on your cellphone, so it's not terribly likely that you wouldn't be able to run it.
I think SSH+skey is probably the most secure way of working from untrusted systems. The only downside is that it restricts you to working in a text shell, and you still have issues with websites, but at least you can do email and IM without worrying too much.
> I'm not sure why people are worried about backing up their music and movies, that stuff can be easily replaced.
"Easily" sure, but "cheaply"? No.
I recently saw the burned-out wreckage of a car sitting on the side of the road. It was some early-90s Honda; basically a beater. But in the back seat there was the immolated remains of what looked like a binder of CDs.
Now, I'm not sure what was in there, but it looked like one of the big binders, one that could probably store 500 CDs easily. If we assume each one would cost around $13, and it was full, that's $6500. Probably significantly more than the car it was sitting in was worth. (Even more if you figure they were purchased over time, when $13 was worth more than it is now.)
Even if the replacement value, using Half.com or similar, wouldn't be quite the full $6500, it's still substantially more than a portable hard drive would cost.
Plus, having all those CDs backed up on a computer makes them more useful than just as CDs (you can use them on an iPod, make mixes, etc.). So it's not as if the time spent importing them, little though it is, is necessarily wasted or only well-spent if the originals are lost.
Although items that definitely can't be recreated (photos, home videos), or can be recreated only through immense effort (source code, original manu/typescripts), take precedence in the hierarchy of things that deserve to be backed up, commercial music and videos represent a substantial investment if they were legally acquired, and ought to be protected as well.
> I still got pictures from back then, Europe got bombed to a shell, yet that album survived, amusing, no?
While that's definitely great that it survived, a whole lot of stuff -- including, I'd imagine, a whole lot of family photo albums -- didn't survive. And it doesn't take a world war to do it; I suspect there are a lot of people down on the Gulf Coast who lost a lot of important (sentimental or otherwise) stuff if they just couldn't put their hands on it when they were bugging out. And even today, houses burn down occasionally. Your insurance will replace the house, furniture, and material goods, but at the end of it all, nobody's going to replace lost photos that you were planning on passing along to your children.
There are lots of rare books and manuscripts that have survived centuries, only to meet their ends in relatively banal ways -- a broken sprinkler pipe, an electrical fire, too much humidity followed by mold, whatever.
While I'd definitely never suggest that anyone only keep their data stored digitally, destroying the human-readable, analog versions, there are distinct advantages to having data stored digitally. The ability to make multiple copies in many locations seems to me to be the greatest.
Fundamentally I think that digital and paper/analog media address two different risks. Paper and other analog media are good for long-term storage, since they don't rely on having a functional 'reader' to access the data. But they're fragile and difficult to copy. Digital media can be copied and stored in ways that are safe from all but civilization-ending catastrophe, but suffer from the risk that you may not be able to access them down the road, if the format becomes extinct.
I think the best solution for most data is to digitize but keep the originals in as safe a place as possible. There's no reason to only do one or the other, because neither one is clearly superior.
You may be right, but if civilization collapses to the point where the survivors don't even have electricity, much less high technology, how much data that's currently stored in digital form is going to be of interest to them?
Most of the information I think would be of interest to people in such a situation is already printed out in paper form, in books. (Basic mathematics/physics/engineering texts; other stuff you'd need to try and bootstrap society back to an mid-20th-century level.)
I suspect that the great majority of stuff stored in databases -- with a few exceptions, like Project Gutenberg -- is stuff that's less-than-relevant if you're squatting in the wreckage of a ruined civilization. Most big corporate databases hold lots of frankly banal data: telephone bills, bank statements, insurance claims, etc. (You'd have to be a pretty sad cargo cult to be worshipping the great god Aflac.)
Are you willing to live with the fact that the results will cost 100x as much and be 1/10th the speed? The government has been there and done that, at least for some sorts of components, and decided it couldn't afford to. Now, they might be wrong, but they might not be. I guess it was implicit in my earlier post that no, I don't think they're right about that. I think they're really, really wrong, and I think the litany of security breaches we've seen in the public sector over the past few years, and the ones I expect to see in the future, are an indictment of the dominant mindset in government IT procurement.
If we want to take advantage of electronic information-processing technologies, we need to find ways of making them secure. If we can't do that, then we shouldn't use the technology. Security shouldn't be optional: either it's feasible to do something securely, or it's too expensive, in which case the system shouldn't be constructed and alternatives should be considered, including not automating at all.
I would quite frankly rather see large sections of the government switch back to using paper, which at least the average member of the civil service has a clue about securing, than use electronic systems that aren't secure -- and worse than that, that the users don't realize aren't secure.
It might be cheaper and easier to attempt to make the commercial gear secure, realize that won't completely work, and deal with the occasional problem -- even at a national security level. You're right, it might be. But how do you quantify a potential national-security risk? It's possible to try and come up with after-the-fact estimates, but even then they're subject to a lot of guesswork. [1] Even something not normally considered to be a 'secure' system -- stuff like contracts-management, procurement, or contractor payroll -- could be used to effectively shut down or render ineffective large swaths of the government by an adversary who was interested in exploiting it.
These costs need to be weighed very, very carefully, and I can tell you from first-hand experience that they aren't. Not even close. It's pants-shittingly bad in some cases, and the decisions are being made by people who are (in addition to frequently being just plain incompetent) so far down the chain of responsibility that they only consider the impact that a particular decision might have to their fiefdom. There is precious little in the way of coordination, and the sooner that changes, the better.
I'm not holding my breath, though.
[1] Just as an example, how would you go about trying to quantify 9/11? You could come up with the direct costs of the increased airline security, the DHS, the wars in Iraq and Afghanistan, but how do you quantify the lives lost? The economic damage? The people who decided not to get on planes, or the time spent waiting in longer lines? Then after that, you'd get into arguments about whether the event could be linked to the dollar's slide, or if that's totally independent, which might be another cost. The point being: it's difficult to quantify even afterwards what the costs of a particular event are; how are you going to quantify them for a potential event?
You're correct, and this is what I was trying to get at, although I should have been more clear.
The NSA (or whomever) wouldn't need to write the whole compiler chain themselves, they would just need to audit it. At some points in the chain it might be easier to just write them from scratch rather than auditing existing code, but at some higher level of complexity I assume that would change.
Although it would be a substantial effort, I suspect it may be something that's been done already. (I assume that the NSA probably has systems that only run audited code from the bare metal on up, so the low-level bootstrapping would already be done.) But they probably wouldn't need to essentially duplicate GCC; being open source, they would just need to find people capable of stepping through the code and understanding it, and then compiling that code on a system that's been audited.
What I see as the biggest challenge wouldn't be the technical one, it would be organizational. The current everybody-for-themselves patchwork approach to security just isn't working, and there needs to be an overhaul. Security needs to be built into the infrastructure from the ground up, and that requires changing how people think of and deploy it. Doing that without just pasting an additional layer of bureaucracy onto what we have now would be a challenge (and to be blunt, I think it has zero chance of happening before there's some major crisis), but I think the stakes are too high not to start working on it.
Oh I agree. But the political pressure -- and I think money as well -- behind the counterfeit-interdiction efforts (at least in the U.S.) is coming from high-end brands. They're using the drugs as a ruse to get attention, but then insisting that inspectors waste time looking for faux Rolexes and handbags.
Fake drugs, aircraft and machine parts, and to a lesser extent IT infrastructure components, are all serious issues. I didn't mean to understate the seriousness of any of them. But there is a huge difference between a counterfeit drug that's actually poison, and a counterfeit handbag that's made without the permission of the trademark-holder. The first represents a clear and obvious danger; the latter is a vague intellectual-property crime at worst. I'm very concerned that enforcement efforts spurred by the former are actually being used for the latter.
> This is going to keep a lot of people awake at night.
As well it should, because they never should have allowed the production of critical national-security infrastructure components to be outsourced in the first place. Now that they've dug themselves into an impossibly deep hole, they're going to start complaining that the view sucks.
I think the first thing that needs to happen, is that some agency (the NSA seems the most suited) needs to create and bootstrap 'reference platforms' for various architectures. Create a secure compiler chain from the ground up, auditing code the whole way. There's no other way to be sure that you're not just compiling in backdoors, otherwise.
Then with that accomplished -- and it would need to be done for every architecture that needs to be secured -- they'd at least have a secure toolset and compiler chain to vet COTS code with. (It goes without saying that any product that doesn't come with source code, and which can't be compiled on a secure compiler and then have that object code loaded in and run, should be immediately removed from the secure infrastructure. It's beyond broken.)
It would be a major effort, and probably a large shift in scope for the agency put in charge of it, but I think the problem is too important to do anything less. The economic, political, and military security of nations is going to rest firmly on electronic infrastructure, and we need to make the trustworthiness of that infrastructure a national priority.
> The fact that the financial loss they claim is mostly due to fake Rolexes, Channel stuff and the like doesn't help. I mean, how many people who buy a fake Rolex could afford a real one?
That's not the point. The reason the brand owners get their panties in so much of a bunch over the counterfeits isn't because the plebes buying the fakes could actually afford to buy a real one, if they weren't wearing a fake... it's exactly the opposite. When the flunky working the counter at Blockbuster is wearing a good-as-real Rolex, suddenly the brand isn't worth quite as much, and if you're some hotshot looking to make a statement about exactly how much disposable income you have, maybe you'll go buy something else -- something more difficult to fake, something with more intrinsic value -- instead. That's the real worry for high-end brands. It's not the lost sales, it's the damage to the brand that inevitably occurs when average folks get their grubby little McDonalds-covered paws on them.
Which really just makes those "counterfeits kill" ads all the more ironic; the people those ads are being marketed to are essentially the high-end marketer's enemy. They're the ones who must be denied access to the high-end brands; who must be made to covet without actually being able to possess.
They want to sell Skype because they have no clue what to do with it. (Yeah, they probably should have thought about that earlier, but that's what's called a 'sunk cost' at this point.)
He has to talk about how profitable it is, or else nobody will buy it. Who'd want it otherwise? He's pretty much required to say all that stuff.
Slashdot Mirror
Um, they did that, at least in the U.S. It's a perfect case of the cure being worse than the condition.
The law Congress passed, called CAN-SPAM Act, was pretty quickly called the "YOU CAN SPAM Act" and for good reason. It has so many loopholes and outright legitimizations of spam that it's basically worse than useless.
As a bonus, as if greenlighting spam at the Federal level weren't enough, when they passed it they invalidated all the state laws that were tougher on spam, and also prevented any state from passing tougher laws in the future. Nice, eh? I hope the spammers -- oops, I mean direct marketers, because they're legit now -- got their money's worth.
And that, kids, is what you get for asking for help from the government.
The legal definition of "spam", at least on the Federal level, was crafted with help from spammers themselves (oh, I'm sorry, they're "mass marketers" now). Good thing nobody cares: they're still spammers in the eyes of God and the Internet. Those 'mass marketers' using their CAN-SPAM-approved "free shot" on everyone's email address? Spammers. You know it, I know it, the people who write spam filters know it; hell, even the spammers themselves probably know it.
The fact that the U.S. Congress -- a pretty thoroughly corrupt organization even on its better days (and CAN-SPAM was not a 'better day') -- slapped the rubber-stamp of approval on some behaviors doesn't make them right, or for that matter even acceptable in polite society.
It's a huge mistake to hand over the definition of "spammer" to a bunch of people who don't have the faintest clue how the Internet even works. They may make the laws, but they don't have one iota of credibility when it comes to talking about what's reprehensible behavior and what's not.
Humm ... San Francisco Packet Radio ... with a Colorado mailing address. Somehow I don't think so.
/16. Then they went to ARIN and got control of it on the strength of the similar name, including getting themselves listed in WHOIS. (Which, when you think about it, isn't that hard -- there's no real authentication mechanism for proving you're the "real" San Francisco Packet Radio.)
It looks like what they did was just register a company with a similar-sounding name to a defunct organization that had an old
Then they had another front company obtain an AS number and provide routing, and suddenly they have lots of IPs from which to send spam.
The even-creepier part is that it looks like they have another block stolen through similar means (currently registered to a P.O. box in NYC) and possible connections to Russian spammers, which means basically the Russian mafia.
Here's hoping that when the whole thing falls apart, the Russian mob comes calling for this guy's head. Ironically they're the best chance for this guy getting the slow, painful death he so richly deserves.
They have what looks like a front company with an ASN that advertises routes to the stolen address space.
It's "JKS Media" and they have ASN 32311.
Peers include Cogent, XO, Level3, and 360Networks.
IMO, it's the networks peering with JKS that need to pull the plug, rather than having every sysop on the net blacklist either the ASN or the IP address range.
I think those only appear on links to the spammer's site. It's a little weird but the investigation page has a couple of links that point to pages that immediately redirect to the spammer's site.
I don't know if he's doing that to avoid giving them the link or what. (Seems to me he'd be better just not linking at all, but what do I know.)
But the site that pops up that weird disclaimer and requires you to agree before you can get to the actual site -- that's the site for the spammer's front company that provides the routing to the stolen IP ranges (JKS Media).
From what I can tell the scheme is a little more involved than that.
The spammers set up a front corporation in Nevada with a name that's basically identical to the now-defunct Ham radio club that got the block back in 1989. Then they just took control of it using that name; to a casual observer -- and apparently ARIN didn't bother to look too closely -- they looked like the legitimate owner. It's basically a social engineering exploit.
And because of the way the ARIN's rules are set up, they don't pay anything in fees because it's a "grandfathered" block. Not bad if you can get it.
Then, they set up a second shell corporation (JKS Media) to announce the routes -- probably because any halfway-legitimate ISP would have caught on to the fact that they really weren't a San Francisco-based Amateur Radio club. This second shell corp obtained an AS number and advertised all the routes to the hijacked IP range, and on paper looked like a separate company. But it's pretty clear on closer inspection that it's just a front for the spammers.
More information here:
http://www.47-usc-230c2.org/chapter2.html
> So what? There's enough internet to go around â" do we really need any of the stuff that ARIN doesn't have control over?
/16 they decide to use.
Huh? There certainly isn't enough "internet", if that includes IPv4 address space. We definitely don't have enough space if every jackass in the universe runs out and squats in the first
I agree that paper balloting systems aren't immune to abuse, but calling them "the easiest method of creating fradulent votes ever" is silly.
It's significantly more difficult to tamper with a paper system. For starters, if you want to forge ballots, you need a shitload of paper ballots. You can't just walk up to a container of ballots, fiddle with it for a few seconds, and change ballots marked for one candidate into ballots marked for the other. You have to physically move paper around. Lots of election shenanigans has been caught over the years because of the difficult inherent in working with (especially in destroying or concealing) large volumes of paper. Bits are ephemeral at best.
The police -- and people in general -- are well-attuned due to personal experience to signs of low-tech crime. Have you seen the average age of poll workers? Physical theft, forgery, and ballot-stuffing are all easy-to-understand concepts, and the safeguards against them follow logically. Electronic security measures are only logical if you understand electronic systems, which many people don't, and are very much non-obvious otherwise.
For instance, with paper ballot boxes, it doesn't really matter if you store the empty boxes in an insecure location on the morning of the election. Any idiot can open up the box before voting begins and make sure the thing is empty. But if you do that with an electronic system, you've just created the perfect opportunity for someone to sabotage the machine with new firmware that will tamper with the votes being cast. That's a trivial example but there are lots of others.
Electronic voting systems might be a fine choice once we have a few generations of people around who have grown up intimately involved with high technology, people who fundamentally understand and are as familiar with computer systems as today's adults and senior citizens are with paper. Until that happens, it's totally inappropriate to replace paper. The electronic systems are simply not mature enough. Give them another century or so, and in the meantime we'll stick with what we know works.
There's simply no compelling reason to switch from paper to electronic systems, unless you're looking for a way to rig an election without any pesky paper trail.
> Since no one had stepped up to the plate before now, I'm betting against anyone doing so in the future.
This doesn't make sense. There's a clear reason why nobody stepped up before: Hans Reiser. The guy was clearly a bit of a nutbag, however competent he may be at designing filesystems, and I surely wouldn't have wanted to wage a very public and protracted battle with him over his pet project.
There are lots of projects that can use programmers and leadership. One that has nobody running it is a lot more attractive to take over than one where the original creator is going to be lurking hatefully in the background, looking for an opportunity to stab you in the back. (Figuratively; but perhaps in Reiser's case, literally.)
> If there's a microphone in the room, then meeting in person probably isn't much better.
... why would he? If the client wants to be paranoid and can afford it, it's their money to burn. If that's how they're most comfortable, that's their business.
I think people are ignoring the real issue here. By meeting in person, the lawyer gets to charge a living shitload of money to fly over there, and bill all his travel expenses, etc.
That's nice work if you can get it.
It doesn't matter whether GPG would suffice; I doubt the lawyer would suggest that to his client, if the client is ponying up for First Class tickets and isn't looking at the expense receipts too closely
Although there aren't the privacy implications, I've dealt with similar issues working as a consultant. There are lots of times when it would be entirely possible to conduct a presentation over video or audio teleconference. But if the client's willing to pay just to see my smiling face in person, I'm not going to argue. Just as long as I don't have to fly coach.
Outlook is the keystone of Microsoft's total IT infrastructure dominance of many small- to medium-size businesses. It's the thing that gets them hooked, and from there they become an all-MS shop.
If you could replace Outlook/Exchange with something else -- anything else, regardless of whether it's open or closed -- it would be bad for Microsoft and good for open source.
Sure, it would be best if the Outlook/Exchange replacement were open-source itself, but it doesn't need to be. (And really, I don't see anything in the FOSS world that can really compete on its merits with the Exchange stack, at least not yet.) As long as it's not a Microsoft product, you've broken the single-vendor monopoly and increased the chance that the organization will look at non-Microsoft products in other areas (web server, database server, authentication/directory server, etc.) where Linux and open source really shine. But if they get hooked on Windows and Microsoft from the get-go with Exchange, they'll probably never even consider Linux when it comes time to choose directory, database, or web services. They'll already be too far down the road to easily change. The process Deviant described above is pretty cunning on MS's part; you let them in the door for email and collaboration and a few years later you're paying a massive annual tithe for licenses and you have an IT staff that doesn't know anything else.
Furthermore, even IBM's proprietary products tend to be better than Microsoft's; my experience is that IBM typically at least pays lip service and a certain amount of attention to standards-compliance and interoperability. Many of their core products are really open-source under the hood (e.g. the "IBM HTTP Server" is really Apache), many are platform-agnostic, and in general they seem to have learned their lesson and cleaned up their vendor-lock-in ways to an extent that Microsoft clearly has not.
It's a known issue with preview; it's a lot less aggressive about escaping than the actual code that generates the posts, I guess.
I noticed it a while back both with emdashes and smartquotes (which can be an issue if you copy/paste from an application that actually changes the normal quote character to the Unicode directional quote characters), so I don't think it's a result of the new Ajaxy goodness. It's just "Preview" not really 'previewing'.
> Some banks here (Austria) provide a one time password list. You have to just that, take a list with you and cross out each one as you have used it.
That's pretty nice. Given how long s/key has been around for, and how low-tech it is compared to other one-time-password options, I've always been a bit disappointed more websites don't let you use it as an option. I think it stems from too many site designers writing off their users as too stupid to understand it, too quickly.
Although I'm as guilty as anyone of engaging in some 'stupid luser' humor now and then (retractable cupholder!), I've found that a lot of technical people underestimate the capabilities of what average users can understand and will do, if it's been explained in a clear manner -- and most important, if the reason they ought to care is made plain.
In this case, a way of securely logging in from a webcafe or friend's computer (using nothing but say a pre-printed wallet card of passwords -- one that's otherwise unmarked!) is pretty clearly beneficial. It's too bad the banks aren't all as forward-thinking as your Austrian one.
I thought about that a little when I was writing the initial post and dismissed it, thinking that it wouldn't be possible to log into websites that require passwords (online banking, Slashdot, whatever) without revealing them to the untrusted system.
... assuming you're comfortable letting any browser cache your online-banking passwords. It would do for sites like Slashdot though (especially Slashdot, because it has long persistent logins via cookies anyway).
However on second thought I suppose you could just let the browser on the trusted/remote machine cache all your passwords, and then log in this way
The reason I've never wanted to do that is because I think it would just be too easy, once you have that browser window open, to run across a login page and type in a password without thinking. But I guess if you're careful, X forwarding would definitely work (assuming your hypothetical untrusted machine has an xserver running).
The only caveat with s/key is that you can't run the generator program (which takes your secret passphrase and tosses out a bunch of new one-time passwords) on an untrusted system. If you do, you've just blown the whole business.
So if you're going to be traveling and won't have access to any computer that you can trust, even a disconnected one, you need to generate a lot of passwords and write them down, and then cross each one off the list as you use it. (But hey, I think this lends a very nice cloak-and-dagger feel to computing that you just don't get very often.) Although I see that now somebody has whipped up a Java version of the s/key generator that will run on your cellphone, so it's not terribly likely that you wouldn't be able to run it.
I think SSH+skey is probably the most secure way of working from untrusted systems. The only downside is that it restricts you to working in a text shell, and you still have issues with websites, but at least you can do email and IM without worrying too much.
> I'm not sure why people are worried about backing up their music and movies, that stuff can be easily replaced.
"Easily" sure, but "cheaply"? No.
I recently saw the burned-out wreckage of a car sitting on the side of the road. It was some early-90s Honda; basically a beater. But in the back seat there was the immolated remains of what looked like a binder of CDs.
Now, I'm not sure what was in there, but it looked like one of the big binders, one that could probably store 500 CDs easily. If we assume each one would cost around $13, and it was full, that's $6500. Probably significantly more than the car it was sitting in was worth. (Even more if you figure they were purchased over time, when $13 was worth more than it is now.)
Even if the replacement value, using Half.com or similar, wouldn't be quite the full $6500, it's still substantially more than a portable hard drive would cost.
Plus, having all those CDs backed up on a computer makes them more useful than just as CDs (you can use them on an iPod, make mixes, etc.). So it's not as if the time spent importing them, little though it is, is necessarily wasted or only well-spent if the originals are lost.
Although items that definitely can't be recreated (photos, home videos), or can be recreated only through immense effort (source code, original manu/typescripts), take precedence in the hierarchy of things that deserve to be backed up, commercial music and videos represent a substantial investment if they were legally acquired, and ought to be protected as well.
> I still got pictures from back then, Europe got bombed to a shell, yet that album survived, amusing, no?
While that's definitely great that it survived, a whole lot of stuff -- including, I'd imagine, a whole lot of family photo albums -- didn't survive. And it doesn't take a world war to do it; I suspect there are a lot of people down on the Gulf Coast who lost a lot of important (sentimental or otherwise) stuff if they just couldn't put their hands on it when they were bugging out. And even today, houses burn down occasionally. Your insurance will replace the house, furniture, and material goods, but at the end of it all, nobody's going to replace lost photos that you were planning on passing along to your children.
There are lots of rare books and manuscripts that have survived centuries, only to meet their ends in relatively banal ways -- a broken sprinkler pipe, an electrical fire, too much humidity followed by mold, whatever.
While I'd definitely never suggest that anyone only keep their data stored digitally, destroying the human-readable, analog versions, there are distinct advantages to having data stored digitally. The ability to make multiple copies in many locations seems to me to be the greatest.
Fundamentally I think that digital and paper/analog media address two different risks. Paper and other analog media are good for long-term storage, since they don't rely on having a functional 'reader' to access the data. But they're fragile and difficult to copy. Digital media can be copied and stored in ways that are safe from all but civilization-ending catastrophe, but suffer from the risk that you may not be able to access them down the road, if the format becomes extinct.
I think the best solution for most data is to digitize but keep the originals in as safe a place as possible. There's no reason to only do one or the other, because neither one is clearly superior.
Well, you know, RAID is cool but having a bunch of hard drives is kind of a pain ... so you just partition the one drive and then RAID the partitions!
Works great!
You may be right, but if civilization collapses to the point where the survivors don't even have electricity, much less high technology, how much data that's currently stored in digital form is going to be of interest to them?
Most of the information I think would be of interest to people in such a situation is already printed out in paper form, in books. (Basic mathematics/physics/engineering texts; other stuff you'd need to try and bootstrap society back to an mid-20th-century level.)
I suspect that the great majority of stuff stored in databases -- with a few exceptions, like Project Gutenberg -- is stuff that's less-than-relevant if you're squatting in the wreckage of a ruined civilization. Most big corporate databases hold lots of frankly banal data: telephone bills, bank statements, insurance claims, etc. (You'd have to be a pretty sad cargo cult to be worshipping the great god Aflac.)
If we want to take advantage of electronic information-processing technologies, we need to find ways of making them secure. If we can't do that, then we shouldn't use the technology. Security shouldn't be optional: either it's feasible to do something securely, or it's too expensive, in which case the system shouldn't be constructed and alternatives should be considered, including not automating at all.
I would quite frankly rather see large sections of the government switch back to using paper, which at least the average member of the civil service has a clue about securing, than use electronic systems that aren't secure -- and worse than that, that the users don't realize aren't secure. It might be cheaper and easier to attempt to make the commercial gear secure, realize that won't completely work, and deal with the occasional problem -- even at a national security level. You're right, it might be. But how do you quantify a potential national-security risk? It's possible to try and come up with after-the-fact estimates, but even then they're subject to a lot of guesswork. [1] Even something not normally considered to be a 'secure' system -- stuff like contracts-management, procurement, or contractor payroll -- could be used to effectively shut down or render ineffective large swaths of the government by an adversary who was interested in exploiting it.
These costs need to be weighed very, very carefully, and I can tell you from first-hand experience that they aren't. Not even close. It's pants-shittingly bad in some cases, and the decisions are being made by people who are (in addition to frequently being just plain incompetent) so far down the chain of responsibility that they only consider the impact that a particular decision might have to their fiefdom. There is precious little in the way of coordination, and the sooner that changes, the better.
I'm not holding my breath, though.
[1] Just as an example, how would you go about trying to quantify 9/11? You could come up with the direct costs of the increased airline security, the DHS, the wars in Iraq and Afghanistan, but how do you quantify the lives lost? The economic damage? The people who decided not to get on planes, or the time spent waiting in longer lines? Then after that, you'd get into arguments about whether the event could be linked to the dollar's slide, or if that's totally independent, which might be another cost. The point being: it's difficult to quantify even afterwards what the costs of a particular event are; how are you going to quantify them for a potential event?
You're correct, and this is what I was trying to get at, although I should have been more clear.
The NSA (or whomever) wouldn't need to write the whole compiler chain themselves, they would just need to audit it. At some points in the chain it might be easier to just write them from scratch rather than auditing existing code, but at some higher level of complexity I assume that would change.
Although it would be a substantial effort, I suspect it may be something that's been done already. (I assume that the NSA probably has systems that only run audited code from the bare metal on up, so the low-level bootstrapping would already be done.) But they probably wouldn't need to essentially duplicate GCC; being open source, they would just need to find people capable of stepping through the code and understanding it, and then compiling that code on a system that's been audited.
What I see as the biggest challenge wouldn't be the technical one, it would be organizational. The current everybody-for-themselves patchwork approach to security just isn't working, and there needs to be an overhaul. Security needs to be built into the infrastructure from the ground up, and that requires changing how people think of and deploy it. Doing that without just pasting an additional layer of bureaucracy onto what we have now would be a challenge (and to be blunt, I think it has zero chance of happening before there's some major crisis), but I think the stakes are too high not to start working on it.
Oh I agree. But the political pressure -- and I think money as well -- behind the counterfeit-interdiction efforts (at least in the U.S.) is coming from high-end brands. They're using the drugs as a ruse to get attention, but then insisting that inspectors waste time looking for faux Rolexes and handbags.
Fake drugs, aircraft and machine parts, and to a lesser extent IT infrastructure components, are all serious issues. I didn't mean to understate the seriousness of any of them. But there is a huge difference between a counterfeit drug that's actually poison, and a counterfeit handbag that's made without the permission of the trademark-holder. The first represents a clear and obvious danger; the latter is a vague intellectual-property crime at worst. I'm very concerned that enforcement efforts spurred by the former are actually being used for the latter.
> This is going to keep a lot of people awake at night.
As well it should, because they never should have allowed the production of critical national-security infrastructure components to be outsourced in the first place. Now that they've dug themselves into an impossibly deep hole, they're going to start complaining that the view sucks.
I think the first thing that needs to happen, is that some agency (the NSA seems the most suited) needs to create and bootstrap 'reference platforms' for various architectures. Create a secure compiler chain from the ground up, auditing code the whole way. There's no other way to be sure that you're not just compiling in backdoors, otherwise.
Then with that accomplished -- and it would need to be done for every architecture that needs to be secured -- they'd at least have a secure toolset and compiler chain to vet COTS code with. (It goes without saying that any product that doesn't come with source code, and which can't be compiled on a secure compiler and then have that object code loaded in and run, should be immediately removed from the secure infrastructure. It's beyond broken.)
It would be a major effort, and probably a large shift in scope for the agency put in charge of it, but I think the problem is too important to do anything less. The economic, political, and military security of nations is going to rest firmly on electronic infrastructure, and we need to make the trustworthiness of that infrastructure a national priority.
> The fact that the financial loss they claim is mostly due to fake Rolexes, Channel stuff and the like doesn't help. I mean, how many people who buy a fake Rolex could afford a real one?
... it's exactly the opposite. When the flunky working the counter at Blockbuster is wearing a good-as-real Rolex, suddenly the brand isn't worth quite as much, and if you're some hotshot looking to make a statement about exactly how much disposable income you have, maybe you'll go buy something else -- something more difficult to fake, something with more intrinsic value -- instead. That's the real worry for high-end brands. It's not the lost sales, it's the damage to the brand that inevitably occurs when average folks get their grubby little McDonalds-covered paws on them.
That's not the point. The reason the brand owners get their panties in so much of a bunch over the counterfeits isn't because the plebes buying the fakes could actually afford to buy a real one, if they weren't wearing a fake
Which really just makes those "counterfeits kill" ads all the more ironic; the people those ads are being marketed to are essentially the high-end marketer's enemy. They're the ones who must be denied access to the high-end brands; who must be made to covet without actually being able to possess.
They want to sell Skype because they have no clue what to do with it. (Yeah, they probably should have thought about that earlier, but that's what's called a 'sunk cost' at this point.)
He has to talk about how profitable it is, or else nobody will buy it. Who'd want it otherwise? He's pretty much required to say all that stuff.