The user is someone off the street, heavily pre-interviewed to fit various target demographics of experience or workstyles.
I don't know what exactly they are doing, but I would expect that their target demographic is office workers who currently use windows (poorly). This will exclude virtually everyone slashdot or open source cares about (experenced programmers and unix users) AND the demographic Mac went after (people who do not currently use a computer).
There is a very good reason that Mac still beats windows for inexperenced computer users.. Mac was interested in inexperenced people liking the Mac.. Microsoft is interested in bosses forcing their people to use windows. I should say that I really don't like Macs or Windows. I like unix, but I accept the fact that unix is a system of traditions where the first person to write a cool enough program to get all the sysadmins to install it sets the standard. (If your a sysadmin you should really like the idea of software by sysadmins for sysadmins)
Anyway, "user friendly" is almost totally realitive to your choice of users. Microsoft made an intelegent choice based on marketing, Mac made a noble but economically stupid choice, Gnome and KDE probable don't really understand that their is a choice (like most X based GUI's before them).
Personally, I'm not interested in a user interface being easy to use for office workers, grandparents, or even myself. I'm want to see people do the creative ivorey tower side of user interface research, i.e. stuff that has never been done before. Hint: if it has pull down menus or middle of the screan dialog boxes then it dose not qualify. (Personally, I think any "academic" who is doing user interface resarch and still talking about pull down menus or dialog boxes is a fraud) I don't care that such sustems would be hard to use since they would be intersting and show us possible new future directions. Plan9 made a reasonable attempt at such research.. and it was inspiring.
Your not necissarily correct. Microsoft could just sell a seperate developer version of windows with the option, but all the normal windows versions would require the person to run signed applications.
..is consider it to be normal game play, but still keep things fair. Specifically, the majority of cheats seem to be improvements to the user interface. These "cheats" should be a standard part of the game.
Anyway, I think the best way to fight online cheating is to give the game a scripting langauge to make cheating easy, but with the following constraints:
1) The scripting langauge will not give you access to informtion you should not have, i.e. behind the fog of war. This information limitation factor is essentially what seperates a "good" (user interface) cheat from a "bad" (defing the spirit of the game) cheat.
2) The game will "keep things fair" by sharing all your scripts with your opponent during network play.
Clearly, there will be people who write cheats to disable these two features, but there is a LOT which can be done to protect these two features since they are internal (i.e. you can not just write a program to figure out what is going on from the screen and click for you). Plus, it seems likely that information cheats will take MUCH longer to write then scripts and that better scripts would be more effective then information cheats. It's worth mentioning that just having a persons scripts will not give you much of an advantage in the short run since you would need to learn how to use them effectivly (this means that disabling the sharing of scripts might not really buy you as much as writing a few significantly better scripts).
Anywho, the point is to let the people who play the game improve on it's user interface. This will not keep the user interface simple, but it will be a very interesting game to play.
You can not trust the bar code and the human readable output to be the same. Actually, you cna not trust ANY specific machine to report the proper value for the bar code.
I would say that you should only print the human readable form, but use a very OCR friendly font. A really OCR friendly font would not be any worse then a bar code for a computer to read.
Also, there is no reason to allow people to leave with a recipt which states their vote unless you want to try and to weird recounts, but there are big problems with letting a person leave with.a recipt, i.e. they can get paid to have voted a specific way. Now, if you really want to do the weird recount / limited revote then you can give someone a recipt which is linked to their vote, but I think this is really unnecissary.
Yes, the computer voting booth is pretty good if you see it print out a paper ballot in front of you, but it seems unlikely that the ballot implementors will be that paranoid. BTW, one of the biggest electronic voting corperations is run by a guy who has beenm convicted of falsifing th vote twice before and his company's software is very closed source (i don't know if they only do internet voting or electronic voting booths too). Anywho, the point is that I would expect a lot of vote rigging when electronic systems are installed since they woil not have the simple security systems like making a printout for the voter.
This is a very bad idea. You do not want individuals to be able to "prove" that they voted for a specific candidate. Your bosses and parents will try to force you to vote for their guy and there will be lots of people saing "I'll pay you $100 for a vote for candidate X."
Now, all internet voting allows this kind of abuse, but there are a few possible solutions like allowing you to change your internet vote a the polling station.
Re:voting from the comfort of your own home -bad
on
eLection '04
·
· Score: 1
These are very serious problems, but there is a partial solution: Your password which allowed you to vote will also allow you to cancel your vote (at a real polling place perhaps). This can still maintain anonymous voting since the password will not be tied to you, just your vote. We can also make it a very serious crime to try to bribe/coerce a voter. The vast majority of corperations will back off if life in prison for the perople involved and mandatory decorperation regardless of stock holder involvment were the standard penalties for coercing emploies to vote a specific way.
Now, the bigger problem is what do you do to prevent pay offs where the vote buyer dose not plan on 100% returns on his investment, i.e. I could give a bum a beer to vote how I wqanted him to vote and then be assured that he is too lazy to change it.
Re:The problems are...
on
eLection '04
·
· Score: 2
No, anonyimity without fraud is trivial to solve for electronic voting since you have public key cryptosyustems which no one would use traditionally. Specifically, you should be able to create systems where the government dose not know how you vote, you can only vote once, and you can change your own vote at a polling place (if you try to vote electronically and discover that someone has voted for you). There are two VERY serious problems with online voting, but anonymous authentication is not one of them.
The first serious problem is that a thrid party can verify how you vote, i.e. a company can pay you to vote a specific way and then check to make shure that you do it or a family member can force you to vote a specific way. Clearly, we should make it a veryu serious crime to do these things, but we need a way to make it unprofitable too. The only ideas I have to fix this are a "plausable deniablilty" system which allows you to replace your old votes and a system which allows you to replace your online vote by going to the poling place.
The second problem with online voting is that it's now easy for a smaller mainority to rig an election. I think the CEO of one of the major online voting software shops has been convicted of tring to rig elections twice in the past (note: his company is producing very closed sourse software). Actually, it's worse then just giving more power to fewer people since fewer people understand how the technology works. I would say that online voting shopuld require multiple vote counting sites and open source software.
Most AV software has some sort of CPU emulator to deal with self-encrypted code
Wow! I had no idea that people had really gone so far with these things. The last virus source code I looked at was one of the first ones which used self encryption. I have to admit that I'm supprised that anyone has been tricky enough to write a decryption function which can it's self be hidden/mutated.
Anyway, it dosn't seem like it would be hard to make a virus which hid deep inside a program instead of in the RTS code. Wouldn't this make it impossible to find the virus by running the RTS code to the programs on the system in a safe enviroment? The "do not reinfect" flag could just use the +/- 5 generations idea to be immune to current virus scanners. Personally, I think the hardest pert of this is making the virus's decryption code immune to patern matching.
Virus scanners should not be using executables anyway since there are very efficent algorithms for looking for a match from a list of patterns. Now, there are viruses which require code to identify, but people can wait for software updates to find these viruses. Also, it's worth pointing out that someone could trick your virus scanner by sending out a piece of pattern microsoft windows as an update. This would effectivly make everyone think that they were infected and need to reinstall windows.
Actually, it's always astounded me that virus writers did not "seek diversity" and force virus scanners to scan with code instead of pttern matching algorithms. You could potentially make it impossible to scan for viruses by forcing the scanners to do to much work, but it would take a lot of viruses.
I suppose a better idea would be to have a mutating "do not reinfect" flag, but only remember the flag for the last 5 generation and the future 5 generations, i.e. each generation would randomly creat the "do not reinfect flag" for it's children 5 generations down the line nd forget the "do not reinfect" of it's grandparents 5 generations removed. This would mean that the virus would eventually reinfect the same files, but it would take a while.. and it would mean that the virus's distant children would not be vulnerable to the same virus scanner (assuming that the decryption code it's self mutated and could not be used as a pattern for a virus scanner).
Maybe it's just me, but RMS seems as psycho as Bill Gates most of the time.... Everything is not going to owned by MS and closed source, but everything will not be "Free" either. And everything shoudln't fall into either category.
RMS is not a Bill Gates counter part. He is an idealist and a reminder that we should fight for freedom and personal control over technology. Clearly, RMS says some prety stupid things, but he also says some pretty importent things that no one else notices. It's our job to figure out which is which.
Anyway, you should always lissen carefully to RMS and think about what he says, but not necissarily take his advice. Instead you should make compramizes when you feal that it's not something that's really importent, but you really need to think about it to figure out what is importent.
No one can think for you (sertonly not RMS), but there are people like RMS who can give you a good list of things to think about.
Actually, I think RMS's mistakes are pretty importent too. Linux is a perfect example, i.e. allow lots of proprietary stuff to get more people to use Linux, but keep the core free and push out the proprietary stuff once you have people hooked.
The big picture surrounding RMS's point is that Technology has a profound influence on "freedom," i.e. I can enslave you by controlling your access to tools. This is a very importent point and we should all give it serious consideration. I'm not saing that every scrap of software we write or use should be free. It's true that we need to make compramizes, but we need to think about it a LOT.. and we need to keep ourselves from becoming slaves.
Anyway, my point is that RMS's viewpoint is not "just as circumspect" as Microsofts. Microsoft is a corperation out to make money, i.e. philosophy is irrelevent. RMS is an idealist who's message we should all respect *without* necissarilly following it all the time. We just need to undestand the spirit of what RMS is saing and try to figure out the importent times when we should follow his advice.
Personally, I feal that this is a perfect example of "ignoring RMS" being the best possible way to "forward the aims of Free software." Specifically, it is possible to use the NDA to write an run time linked object module which provides the necissary functionallity to a piece of free software. The majority of users using the software will not have this specific piece of hardware, so they will still be runnning strictly free software. The few who are using the hardware will be running mostly free software which still improves their lives more then any non-free software would.
Anyway, RMS is not the opposition and he is not "just as bad as Microsoft." He is a "philosopher" and there have been few/no philosophers who should not be taken with a grain of practicallity, but it is still very importent that we lissen to him. He he will fequently remind us of things we are doing to give up our freedoms. We need to be reminded of these things and we need to think about them for ourselves.
Bill Joy is really not the kind of person I'd want to see involved in these sort of orginisations. His recent rants about biotechnology imply that he wants to take biotechnology (and technology in general) away from the individuals and open research institutions and give it to corperations. Specifically, he seems to see the corperate intelectual property secracy (which allows things like terminator genes) as a good thing because it keeps people in other countries ignorant about technology. His justification for this possition seems to be fear or terrorism, but it's really a totally unjustifiable possition. It's just plain stupid to keep the public and the rest of the world ignorant for a little extra security.
Anywzy, all the "bad" things that biotechnology has allowed to happen so far, i.e. terminator genes, have been the work of corperations. Clearly, we should be fighting for more open technology and tring to prevent the corprate intelectual property laws from exploiting people.. the exact opposite of what Bill Joyu seems to be working towards.
Th funniest thing about the whole censorware debate is that censorware is nearly useless for libraries and school. Think about it:
(1) A library or a school wants to catch the people DLing porn. How will installing easy to circumvent protections which mearly train the porn user to circumvent these protections help? Now, some censorware for libraries dose use an alarm, but the bad block rate means that about once a week some little girl is tramatized by screaming alarms and kicked out of the library for looking at a feminist website.
(2) No reasonable adult really carres about another adult viewing porn onlie. they mearly want to prevent people from leaving open netscape windows containing porn and to prevent kids from changing the background as a prank. No censorware dose anything to prevent these sort of mistakes and/or pranks.
What is the solution? Place the computers in a realitivly poblic place and have librarians walk past them periodically. If the problem persists then have a computer which only the librarians see do a slide show of the JPGs in the netscape cache directories. The librarians can go have a look at all the various computer users when they see porn flash past.
These systems are cheap, simple, discreate, adaptable, adhears to community standards, and will produce almost no bad blocks. Why do we not see the AFA spending many thousands of dollars advocating these sorts of more effective blocking procedures? Simple, the AFA & friends do not give a shit about porn. They are only interested in blocking access of young people to feminist, gay, AIDS, safe-sex, liberal web sites.
I have not heard about specific examples of the U.S. killing a U.S. citizen within ?U.S. borders, but there are some pretty clear cut cases of the U.S. doing things to U.S. citizens who opposed Pinochet's coup in Chile. I don't think that U.S. troops really killed U.S. citizens, but the state department ordered the U.S. ambasador to leave U.S. citizens in Pinochet's custody to be killed. the French ambasador (for example) simply asked for the return of the French citizens and Pinochet's people complied. The following sources do not really talk about this, but they should give you the names of the people involved:
Anyway, there are going to be lots of situations where the U.S. aidded a foreign power (maybe just promissing to not investigate) in murdering a U.S. citizen who was active in another country (there have been a few in the middle east too), but I do not know about any off the top of my head where U.S. troops actually murdered U.S. citizens because of something they were doing in another country.
Yes, it is a crime to make threats and it would e nice to be able to enforce that law on the internet too, but there are many many legitimate uses for anonymity (like people in repressive countries who want to run a website in the U.S. --- the U.S. government has been known to harass and even kill U.S. citizens as a favor to some U.S. friendly dictator).
Personally, I think that anonymous threats are a small enough problem that we should sacrafice being able to enforce them to enshure that we have real anonyimity when we need it, but I'm not exactly running an abortion clinic, so I don't advocate this that strongly.
The truth of the matter is that we will always need to work to be truely anonymous (this just influences how hard we must work), so we should try to make shure that the "good people" know how to be anonymous.
Example: If an ISP is contacted by a group who want anonymous hosting and deserves it then they ISP should do the following: Do not let the people who want to run the site tell ANYONE atthe ISP who they are. The ISP should go find some U.S. citizen who is willing to pay for the site, so this can not be traced to the site. The ISP should set up a way for the site to be maintained without making any logs. Finally, the ISP needs to set up some sort of dead man switch where the people who run the site will know if an investigation begins. Now, the ISP can get in trouble for letting the site maintainers know that their site is being watched, but it may be worth it to protect the maintainers. This is not perfect, but it goes a LONG way towards truely anonymous hosting.
Actually, your idea is not as crazy as it sounds. The key point people need to notice is that censorware is a placebo that dose not solve the major problems people want solved. Specifically, people do not want the back ground changed to porn and do not want kids to notice someone else watching porn. Censorware blocks such a small precentage of sites that it totally fails at these goals. The real solution is based around you grandmother idea. Specifically, the threat of getting caught.
First, you need to ask yourself "dose this library have a problem?" (i.e. do lots of people currently watch porn here) There are two solutions depending on your answer:
(no) Congradulations, you have no problem at all. You should move your computers to a high traffic area with little privacy to discurage porn view, but that's about all you need to do.
(yes) Ok, you need to do a little more work. First, DO NOT INSTALL CENSORWARE. You want to catch these people.. not make them better at hiding. You need to set up a system where the most recent images from the netscape cache directories are displayed on a system which only the librarians see. Now, when a librarian notices a porn picture they can go for a walk and stop the person. The advantage here is that they will catch porn the person left in open netscape windows or on the desktop.. somehting no censorware can hope to prevent.
No, a utility to manage your/etc/hosts file would be near useless. We need to consider diffrent more public systems. A top level DNS with voting for conflict resolution would be interesting. I suppose anyone who was registered for a domain name could bring a case, advocate, end up on a jurry, or metamoderation of jurrors (i.e. making shure that jurrors who vote on a dispute give a good reasons for there vote). There would not be any protection of trademarks or IP. It would just be a vote for who you like system, so microsoft.com would probable belong to microshit.com.
Anyway, thats one idea, but there are lots more ideas. We should have compeating top level domains to try these things out.
No, DNA based identification is a good *part* to a security / identification system, but it dose have some limitations. These limitations are actually more serious in the criminal justice system the in normal security applicqations. Specifically, DNA has a low rate of false positive matchesm, but when you make a lot of comparisons the chances become high.
Example: Lets assume that DNA matches give a false positive once every million attempts, but that a false positive on a search is enough to convict someone. Let say that every police detective requests 100 DNA searchs per year. Lets say that there are 100,000 police detectives in the U.S. this means that we falsely convict 10 people per year.
Clearly, allowing DNA evidence which is used in a search is just as stupid as pretending that 8 character passwords are good enough when a hacker can launch a script to try 128^16 account & password combinations per week/month without being noticed.
The solution is to require more diffrent kind of identification, i.e. if the cops use a DNA search to find the guy then they may not use any DNA evidence in court period. Simillarly, if they use a finger print search to find the guy then they should not be allowed to use finger print evidence in court.
Actually, they should look at what happened when some countries banned violent games. The graphs of ciminal age for those countries durring those years should not be falling as fast as prior to banning games (or should be increasing). This is still just corrolational evidence, but it's more convincing.
Also, it's possible that the "training" and desencitisation kids get from violent video games is exactly what they need to prevent violence. Simply, practice improves your critical thinking during violent situations which leads to a better understanding of the advantages of a nonviolent solution, i.e. kids learn to minimize the effects of adrinolin and/or the violent situation on their judgement processes.
Actually, that would be an interesting studdy. Do kids who play violent video games manage to get out of more fights without violence. If the result's were positive then it would go a long way towards showing that violent video games really do decrease violence among kids.
Plus, just adding a statute of limitations for email dose not mean that corperations can not use old emails as an excuse to harass a worker.
It would be a lot easier to make a program which emailed a person a program to connect via SSL with your system to read the real email, but did not allow them to cut and paste out of the program. Your system would delete the email after they read it once, i.e. a this message will self destruct type thing.
Clearly, a clever persn could still save the email (screen shot), but most windows users are not that clever. A bigger problem is that it would not work under Linux since Linux mail readers actually have some basic security (not executing code from email), but most Linux users are smart enough to use a screen shot, so it would not do any good anyway. Regardless, it would provide some encryption and security when sending obnoxious emails to stupid windows users.. a good thing.
Yes, we should be careful, but Bill Joy is a moron. He wants gov. and corps. to have all the control over technology (specifically biotechnology).
I'm quite happy risking all the bad things that might happen during random haphazard development of technology, but I am not wiling to risk the bad things that *will* happen when corperate and national security interests control our future, i.e. I do not trust Bill Joy's vision of the future. Today, the bigest problems we have had with biotechnology have been terminator genes. It's the people who made the terminator genes who Bill Joy wants to give more power too (by preventing their competition from creating terminator gene free enhancments).
Anyway, we have very little to fear from what most people will do with technology, i.e. Linux, funny or anti-corperate websites, etc.. We have a lot to fear from orginisations which control market share and powerful people which influence technology, i.e. Microsoft, DoubleClick, Monsanto, etc.
Yes, they *could* implement a man-in-the-middle attack for any specific key exchange system, but people will notice man-in-the middle attacks when they move outside the system. Now, out side the system dose not mean physically transporting a floppy. It means using a data transfer procedure which carnivore would not know t intercept.
This means a MitM attack aginst many people would be notice very quickly, but a MitM attack against only a few people would be hard to detect. If you are one of the few people who really should worry about MitM attacks then you should use a variety of ways to transport your keys and diff the results! We need the people they actually are watching to check for MitM attacks.
Yes, specilized courts like tax courts are evil. The solution to things like the DeCSS case is really to (a) make conflict of intrest a much bigger crime (and make it easy to convict a judge like Kaplan of conflict of interest) and (b) make going to industry lobing seminars a conflict of interest.
I would say a judge making a decission like Kaplans should be tried for conflict of interest for mearly having been to several seminars which can be shown to have been intended to influence his opinion. now, he would not be convicted untill the content of those seminars was fully examined (i.e. did the experence create an "interest"), but the fact that he would need to stand trial should prevent many problems.
I would say we also need some kind of anti-matching fund for lobists or a lobist tax to limit the effectivness of spending large ammounts of money on lobing judges and representitives. If your corperate lobists spend $1 million dollars then their oposing lobists (like consumer activists or enviromentalists) recieve $100,000 (10%) of that money to spend on countering your expendatures. This would help keep the lobists plaing field even, so representitives would hear all the diffrent opinions that they need to hear.
SDMI must die. We really need a serious campaign to raise public awairness and boycot SDMI products. Actually, I'd like to see a way to order stickers online which said "WARNING: This product uses SDMI to limit your music lissening options, limit your ability to share your music with your friends, etc." We could all order these stickers and go stick them on SDMI device that are sold in stores to warn the customers about the dangers of this standard.
Slashdot Mirror
The user is someone off the street, heavily pre-interviewed to fit various target demographics of experience or workstyles.
I don't know what exactly they are doing, but I would expect that their target demographic is office workers who currently use windows (poorly). This will exclude virtually everyone slashdot or open source cares about (experenced programmers and unix users) AND the demographic Mac went after (people who do not currently use a computer).
There is a very good reason that Mac still beats windows for inexperenced computer users.. Mac was interested in inexperenced people liking the Mac.. Microsoft is interested in bosses forcing their people to use windows. I should say that I really don't like Macs or Windows. I like unix, but I accept the fact that unix is a system of traditions where the first person to write a cool enough program to get all the sysadmins to install it sets the standard. (If your a sysadmin you should really like the idea of software by sysadmins for sysadmins)
Anyway, "user friendly" is almost totally realitive to your choice of users. Microsoft made an intelegent choice based on marketing, Mac made a noble but economically stupid choice, Gnome and KDE probable don't really understand that their is a choice (like most X based GUI's before them).
Personally, I'm not interested in a user interface being easy to use for office workers, grandparents, or even myself. I'm want to see people do the creative ivorey tower side of user interface research, i.e. stuff that has never been done before. Hint: if it has pull down menus or middle of the screan dialog boxes then it dose not qualify. (Personally, I think any "academic" who is doing user interface resarch and still talking about pull down menus or dialog boxes is a fraud) I don't care that such sustems would be hard to use since they would be intersting and show us possible new future directions. Plan9 made a reasonable attempt at such research.. and it was inspiring.
Your not necissarily correct. Microsoft could just sell a seperate developer version of windows with the option, but all the normal windows versions would require the person to run signed applications.
..is consider it to be normal game play, but still keep things fair. Specifically, the majority of cheats seem to be improvements to the user interface. These "cheats" should be a standard part of the game.
Anyway, I think the best way to fight online cheating is to give the game a scripting langauge to make cheating easy, but with the following constraints:
1) The scripting langauge will not give you access to informtion you should not have, i.e. behind the fog of war. This information limitation factor is essentially what seperates a "good" (user interface) cheat from a "bad" (defing the spirit of the game) cheat.
2) The game will "keep things fair" by sharing all your scripts with your opponent during network play.
Clearly, there will be people who write cheats to disable these two features, but there is a LOT which can be done to protect these two features since they are internal (i.e. you can not just write a program to figure out what is going on from the screen and click for you). Plus, it seems likely that information cheats will take MUCH longer to write then scripts and that better scripts would be more effective then information cheats. It's worth mentioning that just having a persons scripts will not give you much of an advantage in the short run since you would need to learn how to use them effectivly (this means that disabling the sharing of scripts might not really buy you as much as writing a few significantly better scripts).
Anywho, the point is to let the people who play the game improve on it's user interface. This will not keep the user interface simple, but it will be a very interesting game to play.
You can not trust the bar code and the human readable output to be the same. Actually, you cna not trust ANY specific machine to report the proper value for the bar code.
.a recipt, i.e. they can get paid to have voted a specific way. Now, if you really want to do the weird recount / limited revote then you can give someone a recipt which is linked to their vote, but I think this is really unnecissary.
I would say that you should only print the human readable form, but use a very OCR friendly font. A really OCR friendly font would not be any worse then a bar code for a computer to read.
Also, there is no reason to allow people to leave with a recipt which states their vote unless you want to try and to weird recounts, but there are big problems with letting a person leave with
Yes, the computer voting booth is pretty good if you see it print out a paper ballot in front of you, but it seems unlikely that the ballot implementors will be that paranoid. BTW, one of the biggest electronic voting corperations is run by a guy who has beenm convicted of falsifing th vote twice before and his company's software is very closed source (i don't know if they only do internet voting or electronic voting booths too). Anywho, the point is that I would expect a lot of vote rigging when electronic systems are installed since they woil not have the simple security systems like making a printout for the voter.
This is a very bad idea. You do not want individuals to be able to "prove" that they voted for a specific candidate. Your bosses and parents will try to force you to vote for their guy and there will be lots of people saing "I'll pay you $100 for a vote for candidate X."
Now, all internet voting allows this kind of abuse, but there are a few possible solutions like allowing you to change your internet vote a the polling station.
These are very serious problems, but there is a partial solution: Your password which allowed you to vote will also allow you to cancel your vote (at a real polling place perhaps). This can still maintain anonymous voting since the password will not be tied to you, just your vote. We can also make it a very serious crime to try to bribe/coerce a voter. The vast majority of corperations will back off if life in prison for the perople involved and mandatory decorperation regardless of stock holder involvment were the standard penalties for coercing emploies to vote a specific way.
Now, the bigger problem is what do you do to prevent pay offs where the vote buyer dose not plan on 100% returns on his investment, i.e. I could give a bum a beer to vote how I wqanted him to vote and then be assured that he is too lazy to change it.
No, anonyimity without fraud is trivial to solve for electronic voting since you have public key cryptosyustems which no one would use traditionally. Specifically, you should be able to create systems where the government dose not know how you vote, you can only vote once, and you can change your own vote at a polling place (if you try to vote electronically and discover that someone has voted for you). There are two VERY serious problems with online voting, but anonymous authentication is not one of them.
The first serious problem is that a thrid party can verify how you vote, i.e. a company can pay you to vote a specific way and then check to make shure that you do it or a family member can force you to vote a specific way. Clearly, we should make it a veryu serious crime to do these things, but we need a way to make it unprofitable too. The only ideas I have to fix this are a "plausable deniablilty" system which allows you to replace your old votes and a system which allows you to replace your online vote by going to the poling place.
The second problem with online voting is that it's now easy for a smaller mainority to rig an election. I think the CEO of one of the major online voting software shops has been convicted of tring to rig elections twice in the past (note: his company is producing very closed sourse software). Actually, it's worse then just giving more power to fewer people since fewer people understand how the technology works. I would say that online voting shopuld require multiple vote counting sites and open source software.
Most AV software has some sort of CPU emulator to deal with self-encrypted code
Wow! I had no idea that people had really gone so far with these things. The last virus source code I looked at was one of the first ones which used self encryption. I have to admit that I'm supprised that anyone has been tricky enough to write a decryption function which can it's self be hidden/mutated.
Anyway, it dosn't seem like it would be hard to make a virus which hid deep inside a program instead of in the RTS code. Wouldn't this make it impossible to find the virus by running the RTS code to the programs on the system in a safe enviroment? The "do not reinfect" flag could just use the +/- 5 generations idea to be immune to current virus scanners. Personally, I think the hardest pert of this is making the virus's decryption code immune to patern matching.
Virus scanners should not be using executables anyway since there are very efficent algorithms for looking for a match from a list of patterns. Now, there are viruses which require code to identify, but people can wait for software updates to find these viruses. Also, it's worth pointing out that someone could trick your virus scanner by sending out a piece of pattern microsoft windows as an update. This would effectivly make everyone think that they were infected and need to reinstall windows.
Actually, it's always astounded me that virus writers did not "seek diversity" and force virus scanners to scan with code instead of pttern matching algorithms. You could potentially make it impossible to scan for viruses by forcing the scanners to do to much work, but it would take a lot of viruses.
I suppose a better idea would be to have a mutating "do not reinfect" flag, but only remember the flag for the last 5 generation and the future 5 generations, i.e. each generation would randomly creat the "do not reinfect flag" for it's children 5 generations down the line nd forget the "do not reinfect" of it's grandparents 5 generations removed. This would mean that the virus would eventually reinfect the same files, but it would take a while.. and it would mean that the virus's distant children would not be vulnerable to the same virus scanner (assuming that the decryption code it's self mutated and could not be used as a pattern for a virus scanner).
Maybe it's just me, but RMS seems as psycho as Bill Gates most of the time. ... Everything is not going to owned by MS and closed source, but everything will not be "Free" either. And everything shoudln't fall into either category.
RMS is not a Bill Gates counter part. He is an idealist and a reminder that we should fight for freedom and personal control over technology. Clearly, RMS says some prety stupid things, but he also says some pretty importent things that no one else notices. It's our job to figure out which is which.
Anyway, you should always lissen carefully to RMS and think about what he says, but not necissarily take his advice. Instead you should make compramizes when you feal that it's not something that's really importent, but you really need to think about it to figure out what is importent.
No one can think for you (sertonly not RMS), but there are people like RMS who can give you a good list of things to think about.
Actually, I think RMS's mistakes are pretty importent too. Linux is a perfect example, i.e. allow lots of proprietary stuff to get more people to use Linux, but keep the core free and push out the proprietary stuff once you have people hooked.
The big picture surrounding RMS's point is that Technology has a profound influence on "freedom," i.e. I can enslave you by controlling your access to tools. This is a very importent point and we should all give it serious consideration. I'm not saing that every scrap of software we write or use should be free. It's true that we need to make compramizes, but we need to think about it a LOT.. and we need to keep ourselves from becoming slaves.
Anyway, my point is that RMS's viewpoint is not "just as circumspect" as Microsofts. Microsoft is a corperation out to make money, i.e. philosophy is irrelevent. RMS is an idealist who's message we should all respect *without* necissarilly following it all the time. We just need to undestand the spirit of what RMS is saing and try to figure out the importent times when we should follow his advice.
Personally, I feal that this is a perfect example of "ignoring RMS" being the best possible way to "forward the aims of Free software." Specifically, it is possible to use the NDA to write an run time linked object module which provides the necissary functionallity to a piece of free software. The majority of users using the software will not have this specific piece of hardware, so they will still be runnning strictly free software. The few who are using the hardware will be running mostly free software which still improves their lives more then any non-free software would.
Anyway, RMS is not the opposition and he is not "just as bad as Microsoft." He is a "philosopher" and there have been few/no philosophers who should not be taken with a grain of practicallity, but it is still very importent that we lissen to him. He he will fequently remind us of things we are doing to give up our freedoms. We need to be reminded of these things and we need to think about them for ourselves.
Bill Joy is really not the kind of person I'd want to see involved in these sort of orginisations. His recent rants about biotechnology imply that he wants to take biotechnology (and technology in general) away from the individuals and open research institutions and give it to corperations. Specifically, he seems to see the corperate intelectual property secracy (which allows things like terminator genes) as a good thing because it keeps people in other countries ignorant about technology. His justification for this possition seems to be fear or terrorism, but it's really a totally unjustifiable possition. It's just plain stupid to keep the public and the rest of the world ignorant for a little extra security.
Anywzy, all the "bad" things that biotechnology has allowed to happen so far, i.e. terminator genes, have been the work of corperations. Clearly, we should be fighting for more open technology and tring to prevent the corprate intelectual property laws from exploiting people.. the exact opposite of what Bill Joyu seems to be working towards.
Th funniest thing about the whole censorware debate is that censorware is nearly useless for libraries and school. Think about it:
(1) A library or a school wants to catch the people DLing porn. How will installing easy to circumvent protections which mearly train the porn user to circumvent these protections help? Now, some censorware for libraries dose use an alarm, but the bad block rate means that about once a week some little girl is tramatized by screaming alarms and kicked out of the library for looking at a feminist website.
(2) No reasonable adult really carres about another adult viewing porn onlie. they mearly want to prevent people from leaving open netscape windows containing porn and to prevent kids from changing the background as a prank. No censorware dose anything to prevent these sort of mistakes and/or pranks.
What is the solution? Place the computers in a realitivly poblic place and have librarians walk past them periodically. If the problem persists then have a computer which only the librarians see do a slide show of the JPGs in the netscape cache directories. The librarians can go have a look at all the various computer users when they see porn flash past.
These systems are cheap, simple, discreate, adaptable, adhears to community standards, and will produce almost no bad blocks. Why do we not see the AFA spending many thousands of dollars advocating these sorts of more effective blocking procedures? Simple, the AFA & friends do not give a shit about porn. They are only interested in blocking access of young people to feminist, gay, AIDS, safe-sex, liberal web sites.
I have not heard about specific examples of the U.S. killing a U.S. citizen within ?U.S. borders, but there are some pretty clear cut cases of the U.S. doing things to U.S. citizens who opposed Pinochet's coup in Chile. I don't think that U.S. troops really killed U.S. citizens, but the state department ordered the U.S. ambasador to leave U.S. citizens in Pinochet's custody to be killed. the French ambasador (for example) simply asked for the return of the French citizens and Pinochet's people complied. The following sources do not really talk about this, but they should give you the names of the people involved:
c h1905.htm
9 7_hrp_report/chile.html
http://www.tni.org/campaigns/pinochet/watch/wat
http://www.lonelyplanet.com/dest/sam/chile.htm
http://www.state.gov/www/global/human_rights/19
Anyway, there are going to be lots of situations where the U.S. aidded a foreign power (maybe just promissing to not investigate) in murdering a U.S. citizen who was active in another country (there have been a few in the middle east too), but I do not know about any off the top of my head where U.S. troops actually murdered U.S. citizens because of something they were doing in another country.
Yes, it is a crime to make threats and it would e nice to be able to enforce that law on the internet too, but there are many many legitimate uses for anonymity (like people in repressive countries who want to run a website in the U.S. --- the U.S. government has been known to harass and even kill U.S. citizens as a favor to some U.S. friendly dictator).
Personally, I think that anonymous threats are a small enough problem that we should sacrafice being able to enforce them to enshure that we have real anonyimity when we need it, but I'm not exactly running an abortion clinic, so I don't advocate this that strongly.
The truth of the matter is that we will always need to work to be truely anonymous (this just influences how hard we must work), so we should try to make shure that the "good people" know how to be anonymous.
Example: If an ISP is contacted by a group who want anonymous hosting and deserves it then they ISP should do the following: Do not let the people who want to run the site tell ANYONE atthe ISP who they are. The ISP should go find some U.S. citizen who is willing to pay for the site, so this can not be traced to the site. The ISP should set up a way for the site to be maintained without making any logs. Finally, the ISP needs to set up some sort of dead man switch where the people who run the site will know if an investigation begins. Now, the ISP can get in trouble for letting the site maintainers know that their site is being watched, but it may be worth it to protect the maintainers. This is not perfect, but it goes a LONG way towards truely anonymous hosting.
Actually, your idea is not as crazy as it sounds. The key point people need to notice is that censorware is a placebo that dose not solve the major problems people want solved. Specifically, people do not want the back ground changed to porn and do not want kids to notice someone else watching porn. Censorware blocks such a small precentage of sites that it totally fails at these goals. The real solution is based around you grandmother idea. Specifically, the threat of getting caught.
First, you need to ask yourself "dose this library have a problem?" (i.e. do lots of people currently watch porn here) There are two solutions depending on your answer:
(no) Congradulations, you have no problem at all. You should move your computers to a high traffic area with little privacy to discurage porn view, but that's about all you need to do.
(yes) Ok, you need to do a little more work. First, DO NOT INSTALL CENSORWARE. You want to catch these people.. not make them better at hiding. You need to set up a system where the most recent images from the netscape cache directories are displayed on a system which only the librarians see. Now, when a librarian notices a porn picture they can go for a walk and stop the person. The advantage here is that they will catch porn the person left in open netscape windows or on the desktop.. somehting no censorware can hope to prevent.
No, a utility to manage your /etc/hosts file would be near useless. We need to consider diffrent more public systems. A top level DNS with voting for conflict resolution would be interesting. I suppose anyone who was registered for a domain name could bring a case, advocate, end up on a jurry, or metamoderation of jurrors (i.e. making shure that jurrors who vote on a dispute give a good reasons for there vote). There would not be any protection of trademarks or IP. It would just be a vote for who you like system, so microsoft.com would probable belong to microshit.com.
Anyway, thats one idea, but there are lots more ideas. We should have compeating top level domains to try these things out.
No, DNA based identification is a good *part* to a security / identification system, but it dose have some limitations. These limitations are actually more serious in the criminal justice system the in normal security applicqations. Specifically, DNA has a low rate of false positive matchesm, but when you make a lot of comparisons the chances become high.
Example: Lets assume that DNA matches give a false positive once every million attempts, but that a false positive on a search is enough to convict someone. Let say that every police detective requests 100 DNA searchs per year. Lets say that there are 100,000 police detectives in the U.S. this means that we falsely convict 10 people per year.
Clearly, allowing DNA evidence which is used in a search is just as stupid as pretending that 8 character passwords are good enough when a hacker can launch a script to try 128^16 account & password combinations per week/month without being noticed.
The solution is to require more diffrent kind of identification, i.e. if the cops use a DNA search to find the guy then they may not use any DNA evidence in court period. Simillarly, if they use a finger print search to find the guy then they should not be allowed to use finger print evidence in court.
Actually, they should look at what happened when some countries banned violent games. The graphs of ciminal age for those countries durring those years should not be falling as fast as prior to banning games (or should be increasing). This is still just corrolational evidence, but it's more convincing.
Also, it's possible that the "training" and desencitisation kids get from violent video games is exactly what they need to prevent violence. Simply, practice improves your critical thinking during violent situations which leads to a better understanding of the advantages of a nonviolent solution, i.e. kids learn to minimize the effects of adrinolin and/or the violent situation on their judgement processes.
Actually, that would be an interesting studdy. Do kids who play violent video games manage to get out of more fights without violence. If the result's were positive then it would go a long way towards showing that violent video games really do decrease violence among kids.
Plus, just adding a statute of limitations for email dose not mean that corperations can not use old emails as an excuse to harass a worker.
It would be a lot easier to make a program which emailed a person a program to connect via SSL with your system to read the real email, but did not allow them to cut and paste out of the program. Your system would delete the email after they read it once, i.e. a this message will self destruct type thing.
Clearly, a clever persn could still save the email (screen shot), but most windows users are not that clever. A bigger problem is that it would not work under Linux since Linux mail readers actually have some basic security (not executing code from email), but most Linux users are smart enough to use a screen shot, so it would not do any good anyway. Regardless, it would provide some encryption and security when sending obnoxious emails to stupid windows users.. a good thing.
Yes, we should be careful, but Bill Joy is a moron. He wants gov. and corps. to have all the control over technology (specifically biotechnology).
I'm quite happy risking all the bad things that might happen during random haphazard development of technology, but I am not wiling to risk the bad things that *will* happen when corperate and national security interests control our future, i.e. I do not trust Bill Joy's vision of the future. Today, the bigest problems we have had with biotechnology have been terminator genes. It's the people who made the terminator genes who Bill Joy wants to give more power too (by preventing their competition from creating terminator gene free enhancments).
Anyway, we have very little to fear from what most people will do with technology, i.e. Linux, funny or anti-corperate websites, etc.. We have a lot to fear from orginisations which control market share and powerful people which influence technology, i.e. Microsoft, DoubleClick, Monsanto, etc.
Yes, they *could* implement a man-in-the-middle attack for any specific key exchange system, but people will notice man-in-the middle attacks when they move outside the system. Now, out side the system dose not mean physically transporting a floppy. It means using a data transfer procedure which carnivore would not know t intercept.
This means a MitM attack aginst many people would be notice very quickly, but a MitM attack against only a few people would be hard to detect. If you are one of the few people who really should worry about MitM attacks then you should use a variety of ways to transport your keys and diff the results! We need the people they actually are watching to check for MitM attacks.
Yes, specilized courts like tax courts are evil. The solution to things like the DeCSS case is really to (a) make conflict of intrest a much bigger crime (and make it easy to convict a judge like Kaplan of conflict of interest) and (b) make going to industry lobing seminars a conflict of interest.
I would say a judge making a decission like Kaplans should be tried for conflict of interest for mearly having been to several seminars which can be shown to have been intended to influence his opinion. now, he would not be convicted untill the content of those seminars was fully examined (i.e. did the experence create an "interest"), but the fact that he would need to stand trial should prevent many problems.
I would say we also need some kind of anti-matching fund for lobists or a lobist tax to limit the effectivness of spending large ammounts of money on lobing judges and representitives. If your corperate lobists spend $1 million dollars then their oposing lobists (like consumer activists or enviromentalists) recieve $100,000 (10%) of that money to spend on countering your expendatures. This would help keep the lobists plaing field even, so representitives would hear all the diffrent opinions that they need to hear.
SDMI must die. We really need a serious campaign to raise public awairness and boycot SDMI products. Actually, I'd like to see a way to order stickers online which said "WARNING: This product uses SDMI to limit your music lissening options, limit your ability to share your music with your friends, etc." We could all order these stickers and go stick them on SDMI device that are sold in stores to warn the customers about the dangers of this standard.