this is what's always bothered me about spam. I mean who is actually viwing a spam email or chat message ans daying "yea yea..i got buy that or goto that web page?"
apparently someone is... but who?
That's the dirty little secret of spam-software companies: Spam doesn't work. It gets you kicked off your ISP, it gets you tons of flame mail, it may even get you sued. In the beginning there was spam, and it was only a couple of messages a week at most, and newbies who didn't know what it was figured it must be legit. Now even most newbies know better, and if not they learn fast.
Where the only real money in spam is, is in selling spam software and services to people who think spam is the answer to their marketing woes... and there are fewer people that gullible every day.
Ultimately spam is going to kill what little effectiveness it actually has (yes, there are people who are so desperately in debt, or impotent, or whatever, that they'll even try something that came to them out of a spammer's noxious droppings), just like banner ads have done: precisely because they're so ubiquitous. Like static on your TV screen, you learn to just filter it out (both electronically and mentally), which is why banner ad clickthroughs are a tiny fraction of a fraction of a percent these days.
When I did ISP admin work I dealt twice with a local chickenboner (as nanae calls small-time spammers), and he fit every stereotype you ever heard in the net-abuse groups: sleazy, shady, nearly bankrupt and desperate to make a quick buck any way he could, besides having a persecution complex bordering on clinical paranoia. Ultimately he ended up being profiled by a local paper because of his other failed ventures.
About half this piece was scare-mongering about employers "spying" on employees at work. But it's long been an established principle that when you use your employer's gear, the employer has ultimate and absolute authority over how that equipment is used. You aren't allowed to just unilaterally "borrow" the company van to go visit Aunt Mabel in Pocatello, even if your employer lets you take it home at night because you're a roving repairman and it's silly for you to come all the way to the office just to change vehicles and leave again every day. The same principle has been applied for years to company phones -- employees making excessive personal calls, even if they're just local calls, are in danger of being reprimanded.
In short, dictatorial employer control over employer-owned resources is nothing new or even especially heinous, in my opinion. The most I'd say is that employers who monitor things like phones or Net traffic should be required to notify employees, like we do with drug testing. Anything beyond that, that limits the employer's right to control their property, lessens an employer's right of ownership. Here in the States at least, "life, liberty and property" is a big catch phrase in our scheme of government.
I don't like being watched any more than anyone else, but at the same time there are situations where my employer has rights too.
Canada is one hell of a lot more accessible than the Antarctic, but it's still pretty remote and one of the more Mars-like environments on earth. Antarctica has all this ice that Mars lacks, for one.
I'm intrigued by the environmental-containment requirements. On the Moon you have to have a seal because there's hard vacuum out there. On Mars the same will be true, but in addition to the low-pressure unbreathable atmosphere, there's the possibility of Martian microbes. And of course it would be a shame if we got all excited over Martian "life" only to find that it was Earth microbes that had escaped and multiplied in a pristine environment.
Sagan's Cosmos has some interesting speculations on what we might find, based on "Mars jars" experiments and the inconclusive Viking data. At this point we still can't even exclude the possibility of multicellular life (simple lichens or slime molds, maybe even things as complex as moss should be able to survive on Mars).
I never thought I'd see Jon Katz argue against scientific research, which is essentially what this is. Sure bad things will come of it. So will good things.
Every technology has both good and bad applications. The internal combustion engine revolutionized transportation and also revolutionized warfare. Germ theory provided us with a powerful weapon against disease -- and against each other.
There is no technology so good it can't be applied to destructive ends. Nor is there any technology (I believe) so destructive that there are no positive applications. By the logic Katz uses here, we should immediately stop all biological, chemical and medical research.
I don't see why you should be opposed to filtering software. After all, it is just a way to let people choose automatically what they want themselves and their dependents/customers to see.
I don't oppose the sale of filtering software. I think it's a silly, even stupid way to "raise" a child, but I'm all for allowing people to use it if they so choose.
I'm opposed to mandated filtering. I am also opposed to the anti-child hysteria that's whipped up every time some politician wants to push his agenda. And I'm really opposed to manipulating that hysteria to run what is essentially a patent-nostrum scam on an unsuspecting public.
Yes. The pixies from the magic fairyland should pay for installing those machines and paying the insurance, maintenence, and infrastructure costs. They can use the resources from the money trees to pay for them.
You misunderstand. I'm not advocating passing laws. I'm simply saying I wish consumers would wake up and realize that every time they use an ATM it's a net savings for the bank (tellers are expensive). Why should I pay for the privilege of saving my bank money?
Some banks get you coming and going. You go to the ATM, you pay a fee. Stand in line for a teller inside, and... you still get hit with a fee. Now given that the bank exists because they're making a profit off the money I deposit with them, where do they get off charging me to get access to my money? IMO there should always be a no-charge method to make a withdrawal -- it is, after all, my money.
It's a lucrative scam I'm sure, but just because banks have become dependent on it doesn't make it right.
All it will take is one big bank saying "Guess what? We're not going to charge ATM fees, at all" and people will flock to them. Eventually price pressure by itself will eliminate ATM fees naturally, but I sure wouldn't mind if the banks hurried up about it.
I agree with your sentiments...but what about the limitations already on speech (yelling "fire" in a theater)? Does that single limitation mean we do not have free speech?
I've heard someone argue that slander laws, etc. should be struck down, yes. I don't know if I buy it myself. It's a position I can probably argue myself around to in time, but I still have reservations about a position that extreme.
Basically if we can find other reasons for prosecuting what we now call slander or the "fire!" thing, I'd be OK with it.
So, you're basically saying you have the right to ram your sexual content down the throat of anybody who dares log onto the net, that it's not their right to choose for themselves.
No, I'm saying it is their right to choose. Nobody is forcing you to visit alt.sex.cute.little.bunnies. Your neighbor visiting http://www.hotteensluts.com/ doesn't affect you in any way, unless he's doing something like taping printouts to your car window.
"Moral standards" (or at least, your moral standards) restrict my right to choose whether I want to view that kind of thing or not. It's also a common principle that morality means nothing if you have no choice.
The 'free speech' referenced in the US Constitution was never about jiggling tits. You don't have a leg to stand on.
Sorry, it was, and I do. Any power not specifically granted to the government in the Constitution is forbidden to it. Any right not specifically forbidden the people is granted to them. The Bill of Rights specifically grants freedom of speech and does not restrict that freedom in any way.
"Acceptable free speech" is an oxymoron. Speech is free or it is not. Once you start imposing limitations on what I can print or say or depict, you don't have free speech any more.
Remember, Katz, just because we're Geeks , that doesn't mean that we like all of the new-fangled e-commerce hoopla.
There's little I can stand less than the "magic bullet" attitude of so many businesses to e-commerce. Let's face it: If your business sucks, taking it online just means you get to suck that much more publicly. Jamie Zawinski once wrote "Open source does work, but it is most definitely not a panacea," and the same is true here.
Personally I don't think e-commerce will really take off until it starts generating benefits for non-Internet users. Things like:
Going to an ATM -- any ATM -- without paying a surcharge.
Being able to use ATMs for bill-payment like they do in other countries. Europeans laugh at our silly backward bill-paying system when all they do is hit the ATM during lunch to pay all their bills. It's a lot more convenient than the Internet, even for most Internet users.
Being able to do bank drafts as easily as using a credit card. This is happening with check-debit and ATM cards, but it's still not as convenient.
A cash-card. This would be a card that's just like cash. No ID, no signature, nothing like that needed. Sure, if you lose it, you're hosed. But that's true of cash too. We already do this with phone cards.
I remember speculation about filtering web content by checking the skin-tone levels of images as far back as 1996. At the time everybody more or less decided it was too impractical and gave up on the idea. The standard points about non-flesh fleshtoned objects and large amounts of non-pornographic flesh were made then too.
This is a particularly disgusting (to me at least) instance of the "for the children!" canard. Now instead of politicians using it to achieve their aims, which is bad enough, we've got a company using it to bilk panicked consumers out of their money.
And of course, just as with the quality of our politicians, we Americans have only ourselves to thank for this. If people weren't so damn gullible, companies like this would never sell a dime of product (of course in this case it's questionable whether what they have constututes a "product", but the point stands...)
What's needed is people willing to stand up and say "Yes, damn it, I do support porn on the Internet, and the easy availability of information on things like bomb-making and lock-picking, and if you don't like the speech I support, TOUGH SHIT. You don't get to pick and choose. If you want free speech, you got it. If you don't want it, go start your own damn country and LEAVE MINE ALONE."
...will Cindy Crawford try to stop people from skinning her likeness into Panty Raider? Will Heston want his face skinned behind the gun of some new games as a promotional thing? Will the guy who incessantly bombards us with "Whassssuup!" sue to keep his face off of the targets?
Actually, the parallels here to Napster are staggering. It's already well-established in American law that you can't commercially exploit a famous person's likeness without permission (there's fair use, like Celebrity Slugfest, but commercial use doesn't ever intersect with fair-use that I know of).
So, what we have is a game (Quake) provided by a company that built in functionality that could be used for illegal purposes, and doesn't restrict or even attempt to restrict use of said functionality.
Obviously, the RIAA and MPAA should sue iD Software and give them lists of Quake users who might be using the software in such a manner (i.e. all of them), then demand that their access to online Quake be cut off.
(This is a test of the Slashdot Sarcasm System. In the event of a real opinion, you will be subpoenaed and arrested by hired thugs. This is only a test. Beeeeeeeeeeeeeeeeep.)
Seems like security methods are second only to management as the subject of quick changes in "fashion". First it was plain old passwords, followed by access cards. Then fingerprint scanners. Then it was voice-printing. Lately we're seeing retinal scanners and stuff like this, and few people are paying attention to actually designing systems and facilities to be secure.
Part of this is expense. The most secure building that's still useful is one with one door and no windows. But that's an emergency-evacuation and traffic-control disaster waiting to happen, as well as a workplace-standards tragedy, so you add a freight dock, a rear entrance, a bunch of windows in the Managers' offices, a skylight with louvers that close automatically at sunset (oops, pardon me, too much MI:2...)
Now you have to secure all these potential access points (windows count too, unless they're built like arrow-slits) and sheer numbers work against you -- the first time somebody leaves a window unlatched when the room is empty the probability wave of an undetected intrusion starts to spike.
(You can think of intrusions in a quantum fashion -- given how long that access point was left unguarded, and the configuration of the facilities, and the traffic patterns, what is the probability that someone had access to various points and no one's noticed yet? Los Alamos take note...)
The rules for system security much resemble those for facility security in many ways:
Don't have open access points you don't need. (closing off access to ports with ipfilter/ipchains and other such tools)
Keep the ones you do have under close surveillance (logwatch, iptraf and such)
Don't assume your perimeter is unbreachable. (keeping up with what binaries are setuid, who has which sudo permissions, etc.)
Anyway, that's just rambling on a bit. The dominant paradigm of strong security is "something you have, something you know, and something you are". Any security system where one of these is sufficient to grant access is inherently insecure. Any system where all three are required in a specific form is probably very secure, but probably also very annoying to its users.
A system where you have to satisfy, say, two of the three in one of various ways is probably going to be OK for most purposes. Say you can use a voice-print, retinal scan or fingerprint scan plus your electronic access card, or you can show another form of ID to the guard (there better be a guard) and he can optionally clear you in manually if the other check is passed. Filling out your I-9 form for Immigration (to prove you are allowed to work in the US) works sort of like this. Note also that by this method ordinary shell password authorization is very insecure, (right, we knew that) while the SSH model of key + password is relatively secure (unless you set your ssh up to authenticate solely off the key, in which case you should now go back to grinding out code for IIS you sick little monkey!)
But real security takes real thinking and real money, and most companies don't want to expend either if they can help it. They'd rather have something that looks cool so they can brag about it. In this case they're not only using a single fallible authentication method, they're using one that, as pointed out before, has so much inherent noise in it that it's easy to defeat and thus nearly useless.
The article doesn't say whether you're typing a set sample text or a user-selected passphrase. The "right" (well, not right, but at least better) way to do this is to have the software try to verify the user through both a passphrase (something you know) and the typing biometric (something you are). If they both match, fine. If either one matches perfectly and the other is close, that should by default allow use, not restrict it (which is to say, the system should "fail open" like an emergency door).
First off, what does ipchains have to do with decentralizing the Internet?
Second, the Internet became commercialized when BBN (Bolt, Beranek and Newman) was created (if I remember correctly) specifically to sell NSFnet to. BBN was the first commercial backbone. Everybody else got blocks assigned by IANA and either built their own or leased from BBN. Nobody "chose" that format, it just grew that way.
I remember a few years ago the screaming when the big boys announced that they would begin refusing to peer with smaller networks. It makes sense if you think about it -- you have to draw a line somewhere. There comes a point below which you aren't big enough for big backbones like UUNet or AT&T to care if they lose all your traffic.
The flip side of this is, big sites like eBay or Yahoo have leverage because everybody wants access to them. There's opportunity for them to leverage their popularity into lower or no connection fees if they're savvy enough to manipulate it.
And really big sites like AOL are now backbones in their own right, to the point where magazines like BoardWatch rate AOL's network as a backbone provider.
This is where it seems that the last loosely organized anti-status-quo uprising, the hippies, differ from what is going on. Then, they were going off over lack of love, lack of freedom of their own lives, how we abuse our environment, how we kill each other. They were doing so specifially. Pull out of Vietnam. Stop deforestation. Now, it's more like fuck corporatism.
-----
That's exactly what I meant.
So few any more seem to have a specific goal or a way to go about it. "OK, so you think the IMF is bad. We'll take that as given. Now what do you do about it? Disband IMF? Force them to change their policies? Force them to forgive outstanding debts and start over?"
It's my king-for-a-day question, and I get a lot of indignant responses when I put people on the spot with it. One went so far as to say, during an argument with me over the necessity of the military, that it wasn't fair for me to ask her what her solution was (I think the question was "if you were drafted, would you go?")
Something about that attitude of "I don't have an answer myself, but I think yours sucks" just bothers me.
I have yet to see anything the WTO has done so far, or tried to do so far, that wasn't meant to bring more wealth to those who already have enough.
There's that word again.
"Enough". What is "enough" wealth? Where do you draw the lines between "not enough" and "enough", or between "enough" and "too much"? The idea of categorizing somebody as "too wealthy" strikes me as a potentially dangerous one.
Is $8 an hour enough? Around here that number is the center of the "living wage" campaign targeted at UVa. Should everybody who makes more than $8 an hour have their "excess" confiscated to supplement the income of those working below the poverty line? How about $20 an hour? $100 an hour?
The underlying assumption implicit in your statement is that economics is a zero-sum game. It's not. The more money banks have, the more they can loan. Sure they get their interest, but it's still money you wouldn't have been able to use at all otherwise, which equates to a house you wouldn't be living in or a car you wouldn't be driving otherwise.
Big earners spend big, as a rule. On average, that's good for everyone, not just them, even if their spending is aimed at accumulating even more wealth.
So you're saying that it's not enough that people have a basic understanding that too much power in the hands of a few is a bad thing, each individual involved must grasp all aspects ofevery issue involved...
More specifically, that they at least try. You better believe that whoever you happen to be fighting knows exactly how to play to the media, and if your movement is full of uninformed insta-protesters they're going to play that angle to the hilt. We see it every day with the "Linux kiddies" who don't know much about issues of open-source vs. proprietary software; they just know "Microsoft is bad, Linux is good!"
It doesn't take a genius or an eloquent, articulated speaker to understand that WAY too much power is consolidating into too few hands.
If it doesn't take a genius to understand, it doesn't take a genius to articulate the underlying issues either. If it comes down to it make up flyers for your protestors to copy and give people. At least then they can take an active role in spreading the message instead of passively chanting catchy slogans.
But seriously, enjoy your elitism and sneer at people less intelligent than you all you want. It's helping the situation immensely.
Actually, you seem to be the one sneering at others. I like to believe that everyone is capable of understanding the basics of the issues involved in even fairly esoteric debates. I don't ask that people be geniuses. I ask that they put forth an honest effort before succumbing to the lure of zombie-like "populism".
This sort of mindless unconcern for the details of the issues is why those few people have that much power in the first place.
That's so much like what I realized after the WTO protests: A lot of the protest sympathizers I talked to didn't actually know what they were protesting against.
"Big corporations are bad!"
"Why?"
"Ummm... cause they do bad things!"
"Like what?"
"Ummm... like... umm..."
To my mind there's a couple of very large, very bad generalizations going on. We've gone from "These big corporations sometimes do bad things" gradually to "These big corporations are bad" and then rapidly from there to "All big corporations are bad!" And that reduces to a snappy slogan like "Down with Corporatism!" that you can chant like the idiot savant activist so many seem to be. Let's face it, "stop [big corporation] from [doing evil thing]" just doesn't spread as well in a crowd and individual companies don't make nearly as enticing targets as a single big "corporatist" organization.
The worst thing you can do to a movement is join it (or found it) and then unthinkingly parrot the party line, ignoring all criticism or open discussion of your motives and ideals. If you do, you're not a protester or part of a movement. You're a cult member.
All that said, there are big companies that do bad things; we all know the backstory of Erin Brockovich or A Civil Action. They do need to be stopped. But what we don't need is people unthinkingly slamming some vaguely-defined concept of evil while they chow down on their McDonald's slop and then go outside to use the AT&T pay phone to call Mom and remind her to go down the street to the (Royal Dutch) Shell station and fill up their car with gas so it'll be ready to go out and watch the latest Hollywood offerings that night.
(If you're serious enough to protest, at least be serious enough to boycott.)
Others have mentioned treaties and redundant connections. Do you think there is a chance to play superpowers off each other for long-term stability? In some cases it might be prohibitively expensive to lay lines to, say, Russia and the US, but on a smaller scale you could do France, the UK and Spain with say a satellite link to India. Is there a possibility of playing the game not (just) with superpower nations, but supercorps?
Also, the statement "no sources, so not for linux" is incorrect - just because you have source doesn't mean it's for linux.
You've got it backwards. You should be saying "just because it's for linux, doesn't mean you have source." The negation of "A implies B" is "not-B doesn't imply not-A".
In more familiar terms, the original poster said "no white feathers, so not a duck." You responded "Just because you have white feathers doesn't mean you're a duck." The logical negation would be "Not all ducks have white feathers."
Ok, ok, a more realistic danger: not caring about security. It's one thing to say, "yeah, we're secure," just because you don't think you've ever been hacked. It's something completely different to actually have someone look around for exploits to use against your site or products...
More often security is perceived to be "costly". Companies that are slaves to the accounting department see what looks like a lot of money spent on a non-revenue source, so the budget gets cut.
Then the admin(s) don't have the manpower and/or tools to do the job properly, so when something bad happens the finger gets pointed at them as "inefficient" and they're fired en masse.
Then a whole new crop of freshly-minted "security experts" come in, with no idea where the grue in the system is lurking and waiting to eat the unwary who insist on pressing ahead into the darkness.
(This is obviously an extreme case, but companies run by beancounters do essentially this kind of stuff all the time.)
Then something really nasty happens and the company gets a lot of bad press over it, after which the severed heads end up stacked chest-deep at the main gates and the drains are clogged with the blood of the accounting department. OK, the last part never really happens, no matter how much the original team wishes it would.
An alternate scenario is a company whose marketing department or top management is actively antagonistic to strong security, perceiving it as a stumbling block to customers or themselves, respectively.
And sometimes you get management who, despite having zero actual knowledge of security practices, think their rank in the organization translates into authority to set security policy. This is a recipe for disasters that make the other two possibilities look like playtime on Romper Room.
...as seen all the time in movies where intruders gain access to the military compound by barking orders and threatening to call superior officers. See also the recent reports of "high security" government installations that were penetrated by a security task force purely through social-engineering their way through the front door.
A friend of mine claims to have had a lot of fun during "interview day" on his college's campus. He was wearing a blue suit and the interview hall was right next to the Naval ROTC building. Apparently NROTC middies (?) don't take chances -- when some guy in a blue suit says "Drop and give me 50!" they figure better safe than sorry.
Half of social engineering is attitude. If you act like you belong there, people will usually assume you do. It's just taking advantage of most people's fundamental desire not to cause trouble. Conversely, running across the office's cranky senior staffer, who's had a bad day and is looking for a reason to take it out on someone, can be really bad news for a would-be penetrator.
Even today, people send spam to AOL customers asking for the user's name and password "so we can repair damage to your account that occurred during a server upgrade" and net thousands of logins, giving them access to that many credit cards, despite the text at the top of the AOL mail window that says "REMINDER: AOL staff will never ask for your password or billing information."
As long as there are newbies, there will be trouble with social engineering. The best you can do is make sure that anybody who administers a system you're dependent on understands the concept of verifying identity.
That all said, social engineering isn't really an "exploit" in the classic sense -- it's merely overly lax granting of access rights, akin to leaving your root account passwordless.
My favorite examples of overly permissive systems were the RS/6000's at UVa, on which all the tty's were permissioned -rw--w--w- (I think this was AIX 3.2 - they upgraded to 4.0 later on with a new crop of boxen and I don't know what they're up to now). That's right, anybody could write to any terminal. I didn't do anything truly damaging with it, just pranked a friend into thinking he was getting a talk request from another person who wasn't logged on at the time...
Sure, but don't tell me it's not inconvenient to hold down the mouse button for about a second, or alternatively to hold down one of the mod-keys, in order to get the context menu in Netscape, or to spell-check in Word.
Well, in my opinion context-menus were a bad idea to begin with. Steve Jobs did a lot to suck up to Microsoft and I put contextual menus in that category. Most of the context-menus are location-independent -- a better solution, in my opinion, would be a floating collapsible palette that you could dock with the master menubar (it would then become the "Quick Tasks" menu, say). The palette/menu would change according to what's considered appropriate at the time, in the way contextual menus do now. You sacrifice a little real estate, but not much.
Context menus are what happens when the Mac tries to imitate its imitators. I pray that the OS X team will not fall into this trap.
As for Word, it's always been an MS product even on non-MS platforms. To make Word 6 for the Mac they actually ported the zillion DLLs that Word uses and made them MacOS Extensions. Word has rarely followed the Mac's Human Interface Guidelines and that's one reason many Mac users hate it with such a passion. For crying out loud, Word doesn't even follow the Windows interface standards (such as they are) half the time.
They are building their laptops to be sleek (well, I liked the black G3's.... I dunno about the new power books) and completely wireless. C'mon...that's just plain cool. And speaking of wireless... the whole idea of the Airport is cool.
Believe it or not, Apple didn't invent wireless Ethernet. An AirPort is just an IEEE 802.11 wireless Ethernet hub and the built-in wireless networking in the iBooks is just an 802.11 transceiver.
All credit to Apple for being the first to push it as a "consumer" tech, but let's not go overboard.
I still find it amusing that at the same time consumer PCs were discovering SCSI, Apple was moving from SCSI to IDE in its low-end and mid-range Macs. Today I think it's even a non-standard option on the beefy G4s.
And as far as mouse-button chauvinism, if you design for two buttons, you'll find you need two buttons. Or three. Or six. Designing the system for a single button makes a lot more sense in a way, because it's much easier for software add-ons to do things with more than one button, than it is to have a system that's crippled because you need two buttons and only have one available.
Also, the original usability studies said two buttons would lead to confusion. If you've ever worked tech support for Windows users, you know this has come to pass, with a vengeance.
Slashdot Mirror
this is what's always bothered me about spam. I mean who is actually viwing a spam email or chat message ans daying "yea yea..i got buy that or goto that web page?"
apparently someone is... but who?
That's the dirty little secret of spam-software companies: Spam doesn't work. It gets you kicked off your ISP, it gets you tons of flame mail, it may even get you sued. In the beginning there was spam, and it was only a couple of messages a week at most, and newbies who didn't know what it was figured it must be legit. Now even most newbies know better, and if not they learn fast.
Where the only real money in spam is, is in selling spam software and services to people who think spam is the answer to their marketing woes... and there are fewer people that gullible every day.
Ultimately spam is going to kill what little effectiveness it actually has (yes, there are people who are so desperately in debt, or impotent, or whatever, that they'll even try something that came to them out of a spammer's noxious droppings), just like banner ads have done: precisely because they're so ubiquitous. Like static on your TV screen, you learn to just filter it out (both electronically and mentally), which is why banner ad clickthroughs are a tiny fraction of a fraction of a percent these days.
When I did ISP admin work I dealt twice with a local chickenboner (as nanae calls small-time spammers), and he fit every stereotype you ever heard in the net-abuse groups: sleazy, shady, nearly bankrupt and desperate to make a quick buck any way he could, besides having a persecution complex bordering on clinical paranoia. Ultimately he ended up being profiled by a local paper because of his other failed ventures.
In short, dictatorial employer control over employer-owned resources is nothing new or even especially heinous, in my opinion. The most I'd say is that employers who monitor things like phones or Net traffic should be required to notify employees, like we do with drug testing. Anything beyond that, that limits the employer's right to control their property, lessens an employer's right of ownership. Here in the States at least, "life, liberty and property" is a big catch phrase in our scheme of government.
I don't like being watched any more than anyone else, but at the same time there are situations where my employer has rights too.
I'm intrigued by the environmental-containment requirements. On the Moon you have to have a seal because there's hard vacuum out there. On Mars the same will be true, but in addition to the low-pressure unbreathable atmosphere, there's the possibility of Martian microbes. And of course it would be a shame if we got all excited over Martian "life" only to find that it was Earth microbes that had escaped and multiplied in a pristine environment.
Sagan's Cosmos has some interesting speculations on what we might find, based on "Mars jars" experiments and the inconclusive Viking data. At this point we still can't even exclude the possibility of multicellular life (simple lichens or slime molds, maybe even things as complex as moss should be able to survive on Mars).
Every technology has both good and bad applications. The internal combustion engine revolutionized transportation and also revolutionized warfare. Germ theory provided us with a powerful weapon against disease -- and against each other.
There is no technology so good it can't be applied to destructive ends. Nor is there any technology (I believe) so destructive that there are no positive applications. By the logic Katz uses here, we should immediately stop all biological, chemical and medical research.
I don't see why you should be opposed to filtering software. After all, it is just a way to let people choose automatically what they want themselves and their dependents/customers to see.
I don't oppose the sale of filtering software. I think it's a silly, even stupid way to "raise" a child, but I'm all for allowing people to use it if they so choose.
I'm opposed to mandated filtering. I am also opposed to the anti-child hysteria that's whipped up every time some politician wants to push his agenda. And I'm really opposed to manipulating that hysteria to run what is essentially a patent-nostrum scam on an unsuspecting public.
[on no-fee ATMs]
Yes. The pixies from the magic fairyland should pay for installing those machines and paying the insurance, maintenence, and infrastructure costs. They can use the resources from the money trees to pay for them.
You misunderstand. I'm not advocating passing laws. I'm simply saying I wish consumers would wake up and realize that every time they use an ATM it's a net savings for the bank (tellers are expensive). Why should I pay for the privilege of saving my bank money?
Some banks get you coming and going. You go to the ATM, you pay a fee. Stand in line for a teller inside, and... you still get hit with a fee. Now given that the bank exists because they're making a profit off the money I deposit with them, where do they get off charging me to get access to my money? IMO there should always be a no-charge method to make a withdrawal -- it is, after all, my money.
It's a lucrative scam I'm sure, but just because banks have become dependent on it doesn't make it right.
All it will take is one big bank saying "Guess what? We're not going to charge ATM fees, at all" and people will flock to them. Eventually price pressure by itself will eliminate ATM fees naturally, but I sure wouldn't mind if the banks hurried up about it.
I agree with your sentiments...but what about the limitations already on speech (yelling "fire" in a theater)? Does that single limitation mean we do not have free speech?
I've heard someone argue that slander laws, etc. should be struck down, yes. I don't know if I buy it myself. It's a position I can probably argue myself around to in time, but I still have reservations about a position that extreme.
Basically if we can find other reasons for prosecuting what we now call slander or the "fire!" thing, I'd be OK with it.
So, you're basically saying you have the right to ram your sexual content down the throat of anybody who dares log onto the net, that it's not their right to choose for themselves.
No, I'm saying it is their right to choose. Nobody is forcing you to visit alt.sex.cute.little.bunnies. Your neighbor visiting http://www.hotteensluts.com/ doesn't affect you in any way, unless he's doing something like taping printouts to your car window.
"Moral standards" (or at least, your moral standards) restrict my right to choose whether I want to view that kind of thing or not. It's also a common principle that morality means nothing if you have no choice.
The 'free speech' referenced in the US Constitution was never about jiggling tits. You don't have a leg to stand on.
Sorry, it was, and I do. Any power not specifically granted to the government in the Constitution is forbidden to it. Any right not specifically forbidden the people is granted to them. The Bill of Rights specifically grants freedom of speech and does not restrict that freedom in any way.
"Acceptable free speech" is an oxymoron. Speech is free or it is not. Once you start imposing limitations on what I can print or say or depict, you don't have free speech any more.
Remember, Katz, just because we're Geeks , that doesn't mean that we like all of the new-fangled e-commerce hoopla.
There's little I can stand less than the "magic bullet" attitude of so many businesses to e-commerce. Let's face it: If your business sucks, taking it online just means you get to suck that much more publicly. Jamie Zawinski once wrote "Open source does work, but it is most definitely not a panacea," and the same is true here.
Personally I don't think e-commerce will really take off until it starts generating benefits for non-Internet users. Things like:
So when do I get what I want?
This is a particularly disgusting (to me at least) instance of the "for the children!" canard. Now instead of politicians using it to achieve their aims, which is bad enough, we've got a company using it to bilk panicked consumers out of their money.
And of course, just as with the quality of our politicians, we Americans have only ourselves to thank for this. If people weren't so damn gullible, companies like this would never sell a dime of product (of course in this case it's questionable whether what they have constututes a "product", but the point stands...)
What's needed is people willing to stand up and say "Yes, damn it, I do support porn on the Internet, and the easy availability of information on things like bomb-making and lock-picking, and if you don't like the speech I support, TOUGH SHIT. You don't get to pick and choose. If you want free speech, you got it. If you don't want it, go start your own damn country and LEAVE MINE ALONE."
But what are the odds of that happening?
Actually, the parallels here to Napster are staggering. It's already well-established in American law that you can't commercially exploit a famous person's likeness without permission (there's fair use, like Celebrity Slugfest, but commercial use doesn't ever intersect with fair-use that I know of).
So, what we have is a game (Quake) provided by a company that built in functionality that could be used for illegal purposes, and doesn't restrict or even attempt to restrict use of said functionality.
Obviously, the RIAA and MPAA should sue iD Software and give them lists of Quake users who might be using the software in such a manner (i.e. all of them), then demand that their access to online Quake be cut off.
(This is a test of the Slashdot Sarcasm System. In the event of a real opinion, you will be subpoenaed and arrested by hired thugs. This is only a test. Beeeeeeeeeeeeeeeeep.)
Part of this is expense. The most secure building that's still useful is one with one door and no windows. But that's an emergency-evacuation and traffic-control disaster waiting to happen, as well as a workplace-standards tragedy, so you add a freight dock, a rear entrance, a bunch of windows in the Managers' offices, a skylight with louvers that close automatically at sunset (oops, pardon me, too much MI:2...)
Now you have to secure all these potential access points (windows count too, unless they're built like arrow-slits) and sheer numbers work against you -- the first time somebody leaves a window unlatched when the room is empty the probability wave of an undetected intrusion starts to spike.
(You can think of intrusions in a quantum fashion -- given how long that access point was left unguarded, and the configuration of the facilities, and the traffic patterns, what is the probability that someone had access to various points and no one's noticed yet? Los Alamos take note...)
The rules for system security much resemble those for facility security in many ways:
Anyway, that's just rambling on a bit. The dominant paradigm of strong security is "something you have, something you know, and something you are". Any security system where one of these is sufficient to grant access is inherently insecure. Any system where all three are required in a specific form is probably very secure, but probably also very annoying to its users.
A system where you have to satisfy, say, two of the three in one of various ways is probably going to be OK for most purposes. Say you can use a voice-print, retinal scan or fingerprint scan plus your electronic access card, or you can show another form of ID to the guard (there better be a guard) and he can optionally clear you in manually if the other check is passed. Filling out your I-9 form for Immigration (to prove you are allowed to work in the US) works sort of like this. Note also that by this method ordinary shell password authorization is very insecure, (right, we knew that) while the SSH model of key + password is relatively secure (unless you set your ssh up to authenticate solely off the key, in which case you should now go back to grinding out code for IIS you sick little monkey!)
But real security takes real thinking and real money, and most companies don't want to expend either if they can help it. They'd rather have something that looks cool so they can brag about it. In this case they're not only using a single fallible authentication method, they're using one that, as pointed out before, has so much inherent noise in it that it's easy to defeat and thus nearly useless.
The article doesn't say whether you're typing a set sample text or a user-selected passphrase. The "right" (well, not right, but at least better) way to do this is to have the software try to verify the user through both a passphrase (something you know) and the typing biometric (something you are). If they both match, fine. If either one matches perfectly and the other is close, that should by default allow use, not restrict it (which is to say, the system should "fail open" like an emergency door).
But what are the odds of that happening?
Second, the Internet became commercialized when BBN (Bolt, Beranek and Newman) was created (if I remember correctly) specifically to sell NSFnet to. BBN was the first commercial backbone. Everybody else got blocks assigned by IANA and either built their own or leased from BBN. Nobody "chose" that format, it just grew that way.
I remember a few years ago the screaming when the big boys announced that they would begin refusing to peer with smaller networks. It makes sense if you think about it -- you have to draw a line somewhere. There comes a point below which you aren't big enough for big backbones like UUNet or AT&T to care if they lose all your traffic.
The flip side of this is, big sites like eBay or Yahoo have leverage because everybody wants access to them. There's opportunity for them to leverage their popularity into lower or no connection fees if they're savvy enough to manipulate it.
And really big sites like AOL are now backbones in their own right, to the point where magazines like BoardWatch rate AOL's network as a backbone provider.
This is where it seems that the last loosely organized anti-status-quo uprising, the hippies, differ from what is going on. Then, they were going off over lack of love, lack of freedom of their own lives, how we abuse our environment, how we kill each other. They were doing so specifially. Pull out of Vietnam. Stop deforestation. Now, it's more like fuck corporatism.
-----
That's exactly what I meant.
So few any more seem to have a specific goal or a way to go about it. "OK, so you think the IMF is bad. We'll take that as given. Now what do you do about it? Disband IMF? Force them to change their policies? Force them to forgive outstanding debts and start over?"
It's my king-for-a-day question, and I get a lot of indignant responses when I put people on the spot with it. One went so far as to say, during an argument with me over the necessity of the military, that it wasn't fair for me to ask her what her solution was (I think the question was "if you were drafted, would you go?")
Something about that attitude of "I don't have an answer myself, but I think yours sucks" just bothers me.
I have yet to see anything the WTO has done so far, or tried to do so far, that wasn't meant to bring more wealth to those who already have enough.
There's that word again.
"Enough". What is "enough" wealth? Where do you draw the lines between "not enough" and "enough", or between "enough" and "too much"? The idea of categorizing somebody as "too wealthy" strikes me as a potentially dangerous one.
Is $8 an hour enough? Around here that number is the center of the "living wage" campaign targeted at UVa. Should everybody who makes more than $8 an hour have their "excess" confiscated to supplement the income of those working below the poverty line? How about $20 an hour? $100 an hour?
The underlying assumption implicit in your statement is that economics is a zero-sum game. It's not. The more money banks have, the more they can loan. Sure they get their interest, but it's still money you wouldn't have been able to use at all otherwise, which equates to a house you wouldn't be living in or a car you wouldn't be driving otherwise.
Big earners spend big, as a rule. On average, that's good for everyone, not just them, even if their spending is aimed at accumulating even more wealth.
So you're saying that it's not enough that people have a basic understanding that too much power in the hands of a few is a bad thing, each individual involved must grasp all aspects ofevery issue involved...
More specifically, that they at least try. You better believe that whoever you happen to be fighting knows exactly how to play to the media, and if your movement is full of uninformed insta-protesters they're going to play that angle to the hilt. We see it every day with the "Linux kiddies" who don't know much about issues of open-source vs. proprietary software; they just know "Microsoft is bad, Linux is good!"
It doesn't take a genius or an eloquent, articulated speaker to understand that WAY too much power is consolidating into too few hands.
If it doesn't take a genius to understand, it doesn't take a genius to articulate the underlying issues either. If it comes down to it make up flyers for your protestors to copy and give people. At least then they can take an active role in spreading the message instead of passively chanting catchy slogans.
But seriously, enjoy your elitism and sneer at people less intelligent than you all you want. It's helping the situation immensely.
Actually, you seem to be the one sneering at others. I like to believe that everyone is capable of understanding the basics of the issues involved in even fairly esoteric debates. I don't ask that people be geniuses. I ask that they put forth an honest effort before succumbing to the lure of zombie-like "populism".
This sort of mindless unconcern for the details of the issues is why those few people have that much power in the first place.
We don't need them to voice the arguments with eloquence or even understand the issues, we need their bodies on the street and on the tube.
I hope you're kidding.
And if not: by "bodies", do you mean "warm bodies"... or corpses?
"Big corporations are bad!"
"Why?"
"Ummm... cause they do bad things!"
"Like what?"
"Ummm... like... umm..."
To my mind there's a couple of very large, very bad generalizations going on. We've gone from "These big corporations sometimes do bad things" gradually to "These big corporations are bad" and then rapidly from there to "All big corporations are bad!" And that reduces to a snappy slogan like "Down with Corporatism!" that you can chant like the idiot savant activist so many seem to be. Let's face it, "stop [big corporation] from [doing evil thing]" just doesn't spread as well in a crowd and individual companies don't make nearly as enticing targets as a single big "corporatist" organization.
The worst thing you can do to a movement is join it (or found it) and then unthinkingly parrot the party line, ignoring all criticism or open discussion of your motives and ideals. If you do, you're not a protester or part of a movement. You're a cult member.
All that said, there are big companies that do bad things; we all know the backstory of Erin Brockovich or A Civil Action. They do need to be stopped. But what we don't need is people unthinkingly slamming some vaguely-defined concept of evil while they chow down on their McDonald's slop and then go outside to use the AT&T pay phone to call Mom and remind her to go down the street to the (Royal Dutch) Shell station and fill up their car with gas so it'll be ready to go out and watch the latest Hollywood offerings that night.
(If you're serious enough to protest, at least be serious enough to boycott.)
Is it too late to patent binary computing?
Didn't you hear? Microsoft already has.
Others have mentioned treaties and redundant connections. Do you think there is a chance to play superpowers off each other for long-term stability? In some cases it might be prohibitively expensive to lay lines to, say, Russia and the US, but on a smaller scale you could do France, the UK and Spain with say a satellite link to India. Is there a possibility of playing the game not (just) with superpower nations, but supercorps?
Also, the statement "no sources, so not for linux" is incorrect - just because you have source doesn't mean it's for linux.
You've got it backwards. You should be saying "just because it's for linux, doesn't mean you have source." The negation of "A implies B" is "not-B doesn't imply not-A".
In more familiar terms, the original poster said "no white feathers, so not a duck." You responded "Just because you have white feathers doesn't mean you're a duck." The logical negation would be "Not all ducks have white feathers."
I think.
Ok, ok, a more realistic danger: not caring about security. It's one thing to say, "yeah, we're secure," just because you don't think you've ever been hacked. It's something completely different to actually have someone look around for exploits to use against your site or products...
More often security is perceived to be "costly". Companies that are slaves to the accounting department see what looks like a lot of money spent on a non-revenue source, so the budget gets cut.
Then the admin(s) don't have the manpower and/or tools to do the job properly, so when something bad happens the finger gets pointed at them as "inefficient" and they're fired en masse.
Then a whole new crop of freshly-minted "security experts" come in, with no idea where the grue in the system is lurking and waiting to eat the unwary who insist on pressing ahead into the darkness.
(This is obviously an extreme case, but companies run by beancounters do essentially this kind of stuff all the time.)
Then something really nasty happens and the company gets a lot of bad press over it, after which the severed heads end up stacked chest-deep at the main gates and the drains are clogged with the blood of the accounting department. OK, the last part never really happens, no matter how much the original team wishes it would.
An alternate scenario is a company whose marketing department or top management is actively antagonistic to strong security, perceiving it as a stumbling block to customers or themselves, respectively.
And sometimes you get management who, despite having zero actual knowledge of security practices, think their rank in the organization translates into authority to set security policy. This is a recipe for disasters that make the other two possibilities look like playtime on Romper Room.
A friend of mine claims to have had a lot of fun during "interview day" on his college's campus. He was wearing a blue suit and the interview hall was right next to the Naval ROTC building. Apparently NROTC middies (?) don't take chances -- when some guy in a blue suit says "Drop and give me 50!" they figure better safe than sorry.
Half of social engineering is attitude. If you act like you belong there, people will usually assume you do. It's just taking advantage of most people's fundamental desire not to cause trouble. Conversely, running across the office's cranky senior staffer, who's had a bad day and is looking for a reason to take it out on someone, can be really bad news for a would-be penetrator.
Even today, people send spam to AOL customers asking for the user's name and password "so we can repair damage to your account that occurred during a server upgrade" and net thousands of logins, giving them access to that many credit cards, despite the text at the top of the AOL mail window that says "REMINDER: AOL staff will never ask for your password or billing information."
As long as there are newbies, there will be trouble with social engineering. The best you can do is make sure that anybody who administers a system you're dependent on understands the concept of verifying identity.
That all said, social engineering isn't really an "exploit" in the classic sense -- it's merely overly lax granting of access rights, akin to leaving your root account passwordless.
My favorite examples of overly permissive systems were the RS/6000's at UVa, on which all the tty's were permissioned -rw--w--w- (I think this was AIX 3.2 - they upgraded to 4.0 later on with a new crop of boxen and I don't know what they're up to now). That's right, anybody could write to any terminal. I didn't do anything truly damaging with it, just pranked a friend into thinking he was getting a talk request from another person who wasn't logged on at the time...
Sure, but don't tell me it's not inconvenient to hold down the mouse button for about a second, or alternatively to hold down one of the mod-keys, in order to get the context menu in Netscape, or to spell-check in Word.
Well, in my opinion context-menus were a bad idea to begin with. Steve Jobs did a lot to suck up to Microsoft and I put contextual menus in that category. Most of the context-menus are location-independent -- a better solution, in my opinion, would be a floating collapsible palette that you could dock with the master menubar (it would then become the "Quick Tasks" menu, say). The palette/menu would change according to what's considered appropriate at the time, in the way contextual menus do now. You sacrifice a little real estate, but not much.
Context menus are what happens when the Mac tries to imitate its imitators. I pray that the OS X team will not fall into this trap.
As for Word, it's always been an MS product even on non-MS platforms. To make Word 6 for the Mac they actually ported the zillion DLLs that Word uses and made them MacOS Extensions. Word has rarely followed the Mac's Human Interface Guidelines and that's one reason many Mac users hate it with such a passion. For crying out loud, Word doesn't even follow the Windows interface standards (such as they are) half the time.
They are building their laptops to be sleek (well, I liked the black G3's.... I dunno about the new power books) and completely wireless. C'mon...that's just plain cool. And speaking of wireless... the whole idea of the Airport is cool.
Believe it or not, Apple didn't invent wireless Ethernet. An AirPort is just an IEEE 802.11 wireless Ethernet hub and the built-in wireless networking in the iBooks is just an 802.11 transceiver.
All credit to Apple for being the first to push it as a "consumer" tech, but let's not go overboard.
I still find it amusing that at the same time consumer PCs were discovering SCSI, Apple was moving from SCSI to IDE in its low-end and mid-range Macs. Today I think it's even a non-standard option on the beefy G4s.
And as far as mouse-button chauvinism, if you design for two buttons, you'll find you need two buttons. Or three. Or six. Designing the system for a single button makes a lot more sense in a way, because it's much easier for software add-ons to do things with more than one button, than it is to have a system that's crippled because you need two buttons and only have one available.
Also, the original usability studies said two buttons would lead to confusion. If you've ever worked tech support for Windows users, you know this has come to pass, with a vengeance.