You don't have to "earn" the right to be treated like a human being and a member of society. It's a duty of everyone to help with that.
Exactly. And an essential part of being treated as a human being and a member of society is having the right to keep and use your own property, the product of your own labor and voluntary trade.
What you are advocating is a war of all against all, where no one can be secure in their own person and property, which is incredibly destructive to civilized society and the exact opposite of treating others as human beings.
Most modern distros require you to enter the root password before giving you a root shell in single-user mode. A more realistic attack would be editing the kernel command-line parameters in the bootloader to run a shell directly (init=/bin/sh), or booting from removable media. Those have been known issues for a long time now, however, and anyone interested in local security will have disabled alternate boot devices and set passwords on both the BIOS and the bootloader.
Of course, anyone with unmonitored physical access to the machine can reset, or even replace, the BIOS, and thus do pretty much whatever they want.
Redundancy isn't always economically efficient, but we have to do it anyway...
If it's not economically efficient then we shouldn't do it, since by definition the costs outweigh the benefits. What you probably meant is that it takes a longer-term view of investment than is common these days -- but that's what you get from driving interest rates through the floor: investment is punished, and consumption rewarded.
Yes, but when using perfect materials to teach basic concepts it's important to limit their use to situations where the differences between theory and practice are insignificant. Your attempt to describe a means of FTL communication applies perfect materials to a situation where the differences fundamentally influence the result.
In theory it is possible to create a system that transmits informations faster than the speed of light.... It is however obviously impossible to make those perfect materials, thus we're bound to sub-c communications.
I don't think it's accurate to says that FTL communication is possible, even in theory, if the materials the theory would require are themselves impossible.
Install I2P, change the proxy settings of your browser to localhost:4444 or whatever is configured after you start the service. You'll notice that you can, via randomly chosen exit nodes, access any HTTP URL. Now do a remote host lookup to confirm where your exit node is.
Port 4444 is nothing more than a basic I2C tunnel to the sole I2P outproxy, false.i2p, as you can see for yourself if you take a look at the I2C configuration files. This proxy may route through multiple public IPs, but the proxy itself, in terms of ownership and I2P address, is not randomly chosen as it is in Tor.
See, Tor can (and does) route SSL traffic transparently between your target webserver and your browser. There is no technical reason I2P cannot do the same and I'm guessing that they simply haven't gotten around to coding that feature yet.
Indeed, there is no technical reason why you can't do the same over I2P as it exists right now. It's not that they haven't coded the feature; it's simply that no one has chosen to host an HTTPS proxy as of yet.
So far as I2P itself is concerned, there are no exit nodes. Everything you can contact via the I2P protocol is internal to I2P (similar to Tor's.onion domains). Contrary to Tor, the I2P client software does not provide any outproxy service, by default or otherwise. Some people choose to run ordinary proxy servers which accept connections from I2P hosts and forward them to the public Internet. There are a very small number of these at the moment; I only know of one (false.i2p). They could just as easily proxy HTTPS if someone wanted to set up an HTTPS outproxy. There's nothing in the protocol that prevents it.
Anyway, the original comment you were replying to was specifically conditioned on the destination site being within I2P. In that context HTTPS would, in fact, be redundant. If you connect to a public Internet site via an outproxy then you are no longer operating within I2P, and a different set of trust issues arise, issues which may justify the use of HTTPS.
They didn't build exit node functionality into I2P; the outproxies (actually, the one outproxy currently active, false.i2p) are ordinary servers which you can access via the I2P network, the same as any internal webserver or e-mail host. If anyone wanted to run an HTTPS outproxy they could set one up; the I2P network supports that already without modification.
For those who primarily want to access sites on the public Internet, the I2P developers explicitly recommend Tor over I2P.
This is I2P, not Tor. There are no exit nodes. The destination server is inside the I2P network. As stated in your own quote, the encryption truly is end-to-end, and HTTPS would consequently be redundant.
It wouldn't even help for authentication, since these sites don't exist on the public Internet (they use a private.i2p TLD), and no certification authorities exist for such domains. What benefit you could get from a self-signed key is inherent in the I2P network itself, as endpoints are identified by their encryption keys.
Machines tend to measure byte counts. People can't do that.
Yeah, like people naturally measure their water use in gallons, or their electricity use in kilowatt-hours. Wait, people can't do that either. That's what tools are for. Tools like ISP web pages that display how much data you've transferred in the current billing period.
There's no such thing as "under taxed". Anyway, just how much more do you think they could raise taxes without suffering a decrease in their ill-gotten revenues? Total taxes are already at or above 50% for many individuals; there's not much slack left. Even if they did happen to see an increase you know they'd just spend it; having displayed no tendency toward financial solvency in the past, there's no reason to expect them to change any time soon.
If Congress had the will to balance the budget they could do at the current tax levels. For that matter, they could do it at the tax levels we had a century ago, which were less than half of what they are now. They have clearly demonstrated that they lack the will to curtail spending, and as such one would have to be certifiably insane to suggest trusting them with yet more funding.
There's no need to get the government involved. Last-mile natural monopolies (roads, power, water, communication) are among the few cases where co-ops happen to be ideal. They have all the advantages of local democratic control over infrastructure, and lack the ethical quandaries inherent in government due to the legitimization of force.
Many existing utilities, most notably electricity, are already managed in large part via co-ops. The trick is to recognize that the co-op is there to own the shared infrastructure and provide oversight, not to run the day-to-day operations. Co-ops are useful when properly applied, but are otherwise inefficient compared to other organizational models.
It is a condition of the Prisoner's Dilemma scenario that the two prisoners cannot communicate. Ergo, they cannot form a team.
It is also a condition of the Prisoner's Dilemma that the goal is to minimize one's own prison sentence.
It may be interesting to change these condition and see how it affects the prisoners' rational choices, but if you do that then you're not talking about the Prisoner's Dilemma problem any more.
The problem is that they're using encryption when they should be using a one-way hash function. It shouldn't be possible to reverse the data received from the pin pad to get the PIN itself, short of brute-forcing a very large search space. If you add in a challenge block you can protect against replay attacks as well, all without any need for encryption or digital signatures.
(Naturally you would want to encrypt and sign the actual transaction data, but that's a separate issue from authentication. I would also question whether the card number alone--about 50 bits if uniformly distributed, less otherwise--is enough to thwart a serious brute-force attack. Combined with the PIN, that's only about the equivalent of an unsalted 10-character alphanumeric password.)
It's nice to know that they're using 3DES, PK crypto, and digital signatures, but sometimes the ways in which they're used make them seem more like a checklist intended to impress people than any real attempt at end-to-end security.
The PIN keyspace is so small (10000 possibility) that hashing it or doing nothing is nearly the same.
So just include a large "salt" field on the card itself. That way brute-forcing becomes impractical, and you need both the PIN and the data from the card to construct the hash.
That won't help much if an exploit allows arbitrary code to execute from RAM. In addition, the read-only nature of the code would make it very difficult to repair the flaw.
In terms of running malicious code, the safest OS is the one incapable of running from RAM (having either no RAM on the system, or separate instruction and data buses). That still leaves the possibility of security flaws in the built-in software.
The term "sin tax" refers to a ban on any presumed-deviant action -- meaning any behavior which a majority of politicians and their constituents won't admit to. It rarely has anything to do with morality or ethics, much less the religious concept of "sin" for which it's named.
For what it's worth, I agree with you. The GPL was intended (according to its authors) to simply counter the effects of copyright, but in my opinion it goes somewhat beyond that mandate--as do BSD and all the other "free" licenses--which is why all my own released code is in the public domain.
Still, given the stated purpose of the GPL as a "copyleft" license, designed to turn copyright against itself, I still think it's possible to be pro-GPL and anti-copyright without contradiction, while perhaps holding a few reservations in regard to the details of the license.
So long as copyright exists, no license, whether public domain, BSD, GPL, or "other", can completely counter its effects. Whether GPL or public domain brings us closer to the ideal copyright-free state is open to debate. In a practical sense, GPL probably comes closer to the ultimate goal[1], whereas public domain has the advantage in ideological purity. Neither is an entirely unreasonable choice for the anti-copyright software developer.
---- [1] Although I question whether it can actually achieve that goal. Movements which employ methods they claim to fight against tend to run aground when it comes to actually winning, and thus giving them up. See also attempts to achieve a libertarian society through politics, or to achieve peace by means of war.
All that said, it's ridiculous how many people would scream bloody murder over a GPL violation, while they're downloading someone else's content without the publisher's permission.
Two problems with this line of reasoning: 1) They may not be--and most likely aren't--the same people most of the time; Slashdot isn't some sort of group mind; and 2) Most GPL violations are carried out by organizations which otherwise vocally support copyrights, patents, and the like; even if one does not support these concepts oneself, it is still legitimate to judge others' actions by their own rules.
One final thought: The GPL was created in opposition to existing copyright law; its purpose is to take advantage of copyright schemes endorsed by others and so unwisely formulated into law to create a sort of "walled garden" where copyright, to a greater or lesser extent, does not apply. It is thus perfectly consistent to be both anti-copyright and pro-GPL, to the extend that copyright does exist in the law.
That assumes that Eldred vs. Ashcroft wasn't itself an incorrect judgment. Even USSC judges aren't fallible, after all, and they're hardly impartial when it comes to the scope of the government's legislative, executive, and judicial powers.
Personally, I've always thought the legitimacy of a court which derives its powers from the Constitution defining the meaning of that Constitution to be highly suspect. The Constitution is supposed to be an agreement between the government and the people, after all; in what other circumstance would it be deemed acceptable for one party to an agreement to have exclusive control over that agreement's interpretation? Particularly when that party is the agent, not the principal?
If you buy some copyright work, you are essentially saying "having your product is worth more than the money I'm spending for it".
Obviously, but that wasn't the point. Just as with all other subsidies, the over-production and expense to society are both relative to the situation which would exist without the artificial restrictions, not the case where consumers choose to go without entirely.
To pick an obvious example, if a law were passed which made it illegal to acquire water from unauthorized distributors, most people would pay whatever these authorized distributors charged, as the alternative is death. The water is clearly worth whatever they are willing to pay for it. The exclusivity is also an clear incentive to the distributors to produce drinking water, and to promote an increase in its use, since supplying it has suddenly become much more profitable. However, the law does not (and cannot) create wealth out of nothing; the extra profit made by the distributors is no greater than the loss endured by everyone else in the form of higher prices, even when one ignores the inestimable value of the freedoms the law curtails.
The same is true of copyright. In the absence of copyright creators have to find ways to get paid for their actual labor, or for the service of publishing the results; they can't release something to the public at large and expect to retain a monopoly on its distribution. (This is clearly not the same as "forcing creators to act like charities." If they choose to work for free, knowingly or under irrational expectations, that is entirely their own fault.) With copyright, non-aggressive actions of the public--duplication and distribution--are curtailed by law. Naturally, this gives creators a far better bargaining position than they otherwise would have. The benefit and incentive this group receives in the form of banished competition and higher prices is no greater than the losses suffered by buyers due to the same increase in price--again, ignoring the inestimable value of the freedoms the law infringes upon.
Simply put, whenever the law intervenes to favor the bargaining power of one party or another--even if the bargain still takes place, demonstrating that both sides benefit somewhat from the exchange--the benefit to the favored party can never be greater than the loss to the disfavored one. Furthermore, the intervention itself is an infringement upon the freedom of the disfavored party, with an unmeasurable but substantial cost of its own.
It's reasonable for an artist to expect to be able to profit from their work for a period of time.
Revenue is the result of offering something that others are willing to buy from you rather than going without or turning to one of your competitors. Profit, in turn, results from finding a way to make that revenue exceed your opportunity costs.
It is not reasonable to expect to profit merely by performing work, without meeting the other requirements. Why should artists be singled out for special treatment?
Copyright is just an incentive system, nothing more. Like all incentive systems it results only in driving over-production of the subsidized goods, at great expense to everyone in terms of actual wealth.
Slashdot Mirror
You don't have to "earn" the right to be treated like a human being and a member of society. It's a duty of everyone to help with that.
Exactly. And an essential part of being treated as a human being and a member of society is having the right to keep and use your own property, the product of your own labor and voluntary trade.
What you are advocating is a war of all against all, where no one can be secure in their own person and property, which is incredibly destructive to civilized society and the exact opposite of treating others as human beings.
Most modern distros require you to enter the root password before giving you a root shell in single-user mode. A more realistic attack would be editing the kernel command-line parameters in the bootloader to run a shell directly (init=/bin/sh), or booting from removable media. Those have been known issues for a long time now, however, and anyone interested in local security will have disabled alternate boot devices and set passwords on both the BIOS and the bootloader.
Of course, anyone with unmonitored physical access to the machine can reset, or even replace, the BIOS, and thus do pretty much whatever they want.
Redundancy isn't always economically efficient, but we have to do it anyway...
If it's not economically efficient then we shouldn't do it, since by definition the costs outweigh the benefits. What you probably meant is that it takes a longer-term view of investment than is common these days -- but that's what you get from driving interest rates through the floor: investment is punished, and consumption rewarded.
Yes, but when using perfect materials to teach basic concepts it's important to limit their use to situations where the differences between theory and practice are insignificant. Your attempt to describe a means of FTL communication applies perfect materials to a situation where the differences fundamentally influence the result.
In theory it is possible to create a system that transmits informations faster than the speed of light.... It is however obviously impossible to make those perfect materials, thus we're bound to sub-c communications.
I don't think it's accurate to says that FTL communication is possible, even in theory, if the materials the theory would require are themselves impossible.
Install I2P, change the proxy settings of your browser to localhost:4444 or whatever is configured after you start the service. You'll notice that you can, via randomly chosen exit nodes, access any HTTP URL. Now do a remote host lookup to confirm where your exit node is.
Port 4444 is nothing more than a basic I2C tunnel to the sole I2P outproxy, false.i2p, as you can see for yourself if you take a look at the I2C configuration files. This proxy may route through multiple public IPs, but the proxy itself, in terms of ownership and I2P address, is not randomly chosen as it is in Tor.
See, Tor can (and does) route SSL traffic transparently between your target webserver and your browser. There is no technical reason I2P cannot do the same and I'm guessing that they simply haven't gotten around to coding that feature yet.
Indeed, there is no technical reason why you can't do the same over I2P as it exists right now. It's not that they haven't coded the feature; it's simply that no one has chosen to host an HTTPS proxy as of yet.
So far as I2P itself is concerned, there are no exit nodes. Everything you can contact via the I2P protocol is internal to I2P (similar to Tor's .onion domains). Contrary to Tor, the I2P client software does not provide any outproxy service, by default or otherwise. Some people choose to run ordinary proxy servers which accept connections from I2P hosts and forward them to the public Internet. There are a very small number of these at the moment; I only know of one (false.i2p). They could just as easily proxy HTTPS if someone wanted to set up an HTTPS outproxy. There's nothing in the protocol that prevents it.
Anyway, the original comment you were replying to was specifically conditioned on the destination site being within I2P. In that context HTTPS would, in fact, be redundant. If you connect to a public Internet site via an outproxy then you are no longer operating within I2P, and a different set of trust issues arise, issues which may justify the use of HTTPS.
They didn't build exit node functionality into I2P; the outproxies (actually, the one outproxy currently active, false.i2p) are ordinary servers which you can access via the I2P network, the same as any internal webserver or e-mail host. If anyone wanted to run an HTTPS outproxy they could set one up; the I2P network supports that already without modification.
For those who primarily want to access sites on the public Internet, the I2P developers explicitly recommend Tor over I2P.
This is I2P, not Tor. There are no exit nodes. The destination server is inside the I2P network. As stated in your own quote, the encryption truly is end-to-end, and HTTPS would consequently be redundant.
It wouldn't even help for authentication, since these sites don't exist on the public Internet (they use a private .i2p TLD), and no certification authorities exist for such domains. What benefit you could get from a self-signed key is inherent in the I2P network itself, as endpoints are identified by their encryption keys.
Machines tend to measure byte counts. People can't do that.
Yeah, like people naturally measure their water use in gallons, or their electricity use in kilowatt-hours. Wait, people can't do that either. That's what tools are for. Tools like ISP web pages that display how much data you've transferred in the current billing period.
There's no such thing as "under taxed". Anyway, just how much more do you think they could raise taxes without suffering a decrease in their ill-gotten revenues? Total taxes are already at or above 50% for many individuals; there's not much slack left. Even if they did happen to see an increase you know they'd just spend it; having displayed no tendency toward financial solvency in the past, there's no reason to expect them to change any time soon.
If Congress had the will to balance the budget they could do at the current tax levels. For that matter, they could do it at the tax levels we had a century ago, which were less than half of what they are now. They have clearly demonstrated that they lack the will to curtail spending, and as such one would have to be certifiably insane to suggest trusting them with yet more funding.
There's no need to get the government involved. Last-mile natural monopolies (roads, power, water, communication) are among the few cases where co-ops happen to be ideal. They have all the advantages of local democratic control over infrastructure, and lack the ethical quandaries inherent in government due to the legitimization of force.
Many existing utilities, most notably electricity, are already managed in large part via co-ops. The trick is to recognize that the co-op is there to own the shared infrastructure and provide oversight, not to run the day-to-day operations. Co-ops are useful when properly applied, but are otherwise inefficient compared to other organizational models.
It is a condition of the Prisoner's Dilemma scenario that the two prisoners cannot communicate. Ergo, they cannot form a team.
It is also a condition of the Prisoner's Dilemma that the goal is to minimize one's own prison sentence.
It may be interesting to change these condition and see how it affects the prisoners' rational choices, but if you do that then you're not talking about the Prisoner's Dilemma problem any more.
The problem is that they're using encryption when they should be using a one-way hash function. It shouldn't be possible to reverse the data received from the pin pad to get the PIN itself, short of brute-forcing a very large search space. If you add in a challenge block you can protect against replay attacks as well, all without any need for encryption or digital signatures.
(Naturally you would want to encrypt and sign the actual transaction data, but that's a separate issue from authentication. I would also question whether the card number alone--about 50 bits if uniformly distributed, less otherwise--is enough to thwart a serious brute-force attack. Combined with the PIN, that's only about the equivalent of an unsalted 10-character alphanumeric password.)
It's nice to know that they're using 3DES, PK crypto, and digital signatures, but sometimes the ways in which they're used make them seem more like a checklist intended to impress people than any real attempt at end-to-end security.
The PIN keyspace is so small (10000 possibility) that hashing it or doing nothing is nearly the same.
So just include a large "salt" field on the card itself. That way brute-forcing becomes impractical, and you need both the PIN and the data from the card to construct the hash.
That won't help much if an exploit allows arbitrary code to execute from RAM. In addition, the read-only nature of the code would make it very difficult to repair the flaw.
In terms of running malicious code, the safest OS is the one incapable of running from RAM (having either no RAM on the system, or separate instruction and data buses). That still leaves the possibility of security flaws in the built-in software.
The term "sin tax" refers to a ban on any presumed-deviant action -- meaning any behavior which a majority of politicians and their constituents won't admit to. It rarely has anything to do with morality or ethics, much less the religious concept of "sin" for which it's named.
if they were doing well, why would they try to cut costs?
To improve their profit margins, obviously. There's plenty of incentive to cut costs, even when you're doing well.
For what it's worth, I agree with you. The GPL was intended (according to its authors) to simply counter the effects of copyright, but in my opinion it goes somewhat beyond that mandate--as do BSD and all the other "free" licenses--which is why all my own released code is in the public domain.
Still, given the stated purpose of the GPL as a "copyleft" license, designed to turn copyright against itself, I still think it's possible to be pro-GPL and anti-copyright without contradiction, while perhaps holding a few reservations in regard to the details of the license.
So long as copyright exists, no license, whether public domain, BSD, GPL, or "other", can completely counter its effects. Whether GPL or public domain brings us closer to the ideal copyright-free state is open to debate. In a practical sense, GPL probably comes closer to the ultimate goal[1], whereas public domain has the advantage in ideological purity. Neither is an entirely unreasonable choice for the anti-copyright software developer.
----
[1] Although I question whether it can actually achieve that goal. Movements which employ methods they claim to fight against tend to run aground when it comes to actually winning, and thus giving them up. See also attempts to achieve a libertarian society through politics, or to achieve peace by means of war.
All that said, it's ridiculous how many people would scream bloody murder over a GPL violation, while they're downloading someone else's content without the publisher's permission.
Two problems with this line of reasoning: 1) They may not be--and most likely aren't--the same people most of the time; Slashdot isn't some sort of group mind; and 2) Most GPL violations are carried out by organizations which otherwise vocally support copyrights, patents, and the like; even if one does not support these concepts oneself, it is still legitimate to judge others' actions by their own rules.
One final thought: The GPL was created in opposition to existing copyright law; its purpose is to take advantage of copyright schemes endorsed by others and so unwisely formulated into law to create a sort of "walled garden" where copyright, to a greater or lesser extent, does not apply. It is thus perfectly consistent to be both anti-copyright and pro-GPL, to the extend that copyright does exist in the law.
That assumes that Eldred vs. Ashcroft wasn't itself an incorrect judgment. Even USSC judges aren't fallible, after all, and they're hardly impartial when it comes to the scope of the government's legislative, executive, and judicial powers.
Personally, I've always thought the legitimacy of a court which derives its powers from the Constitution defining the meaning of that Constitution to be highly suspect. The Constitution is supposed to be an agreement between the government and the people, after all; in what other circumstance would it be deemed acceptable for one party to an agreement to have exclusive control over that agreement's interpretation? Particularly when that party is the agent, not the principal?
Double nothing is still nothing.
If you buy some copyright work, you are essentially saying "having your product is worth more than the money I'm spending for it".
Obviously, but that wasn't the point. Just as with all other subsidies, the over-production and expense to society are both relative to the situation which would exist without the artificial restrictions, not the case where consumers choose to go without entirely.
To pick an obvious example, if a law were passed which made it illegal to acquire water from unauthorized distributors, most people would pay whatever these authorized distributors charged, as the alternative is death. The water is clearly worth whatever they are willing to pay for it. The exclusivity is also an clear incentive to the distributors to produce drinking water, and to promote an increase in its use, since supplying it has suddenly become much more profitable. However, the law does not (and cannot) create wealth out of nothing; the extra profit made by the distributors is no greater than the loss endured by everyone else in the form of higher prices, even when one ignores the inestimable value of the freedoms the law curtails.
The same is true of copyright. In the absence of copyright creators have to find ways to get paid for their actual labor, or for the service of publishing the results; they can't release something to the public at large and expect to retain a monopoly on its distribution. (This is clearly not the same as "forcing creators to act like charities." If they choose to work for free, knowingly or under irrational expectations, that is entirely their own fault.) With copyright, non-aggressive actions of the public--duplication and distribution--are curtailed by law. Naturally, this gives creators a far better bargaining position than they otherwise would have. The benefit and incentive this group receives in the form of banished competition and higher prices is no greater than the losses suffered by buyers due to the same increase in price--again, ignoring the inestimable value of the freedoms the law infringes upon.
Simply put, whenever the law intervenes to favor the bargaining power of one party or another--even if the bargain still takes place, demonstrating that both sides benefit somewhat from the exchange--the benefit to the favored party can never be greater than the loss to the disfavored one. Furthermore, the intervention itself is an infringement upon the freedom of the disfavored party, with an unmeasurable but substantial cost of its own.
It's reasonable for an artist to expect to be able to profit from their work for a period of time.
Revenue is the result of offering something that others are willing to buy from you rather than going without or turning to one of your competitors. Profit, in turn, results from finding a way to make that revenue exceed your opportunity costs.
It is not reasonable to expect to profit merely by performing work, without meeting the other requirements. Why should artists be singled out for special treatment?
Copyright is just an incentive system, nothing more. Like all incentive systems it results only in driving over-production of the subsidized goods, at great expense to everyone in terms of actual wealth.
Exactly. There are no damages in either case, and copyright is wrong whether it's preventing commercial or non-commercial use.