Did I say that? No. I said that I control my computer so I control what it does. Sure, I'm willing to take a free computer and free internet access in exchange for viewing more ads (hint hint Google) but that's not the point.
Depending on the ability to force someone to do something they don't want to do is a terrible long term business model. I think a lot of people who have been depending on it are angry that it's starting to fail. The worst part is that it doesn't need to be that way; those websites don't have to depend on advertising to make a profit. I deliberately start off the discussion by poking the painful truth right where it upsets people most because that's the motivation necessary to make people consider change.
In reality, I'm trying to change minds to avoid a Mexican Standoff. Both parties have veto power, the content provider can stop providing content and the consumer can stop consuming. Since I want the content providers to keep providing content, I point out their weakness so that they'll consider an alternative. If the web weren't already so filled with obtrusive advertising, I'd be trying to change minds on the other side.
You are using their computers, (servers) and so are obliged to follow their rules.
If you can use technological measures to circumvent their ads, then that's your right, but they have just as strong a right to use technological measures to counter-circumvent.
You're right. They can add whatever technical measures they think best benefit their income and I can take whatever measures I feel best benefit my access. My observation is that more aggressive tactics result in more aggressive counter tactics and the end user has the overwhelming advantage.
Don't like it? Don't use youTube. It's not like they care that much. They're not profiting from you.
Of course, if YouTube's tactics for trying to get people to view advertising become too aggressive, more and more people will just avoid it while others develop more and more sophisticated methods of bypassing it. Eventually YouTube loses on both the number of visitors and the number of visitors who work at avoiding advertising.
Google is making money from me even if they never manage to show me an ad. They offer several things I appreciate, including the opportunity to hold some of my actual money, so I really don't want them to fail. I hope they do manage to hit the sweet spot of income via advertising without crossing the line into driving away customers with irritation. I don't think this particular move crosses that line, so my comments were directed more toward the ad supported web business model in general than Google specifically.
What I see happening is a backlash against intrusive advertising and I expect Google is smart enough to make money in that climate anyway. I just hope not everyone adopts the attitude of "Don't use youTube." The end users will always win and the only hope of successfully keeping the web alive in the long run is to find balance end users will accept or change the way websites make money.
Change is hard. It's not (always anyway) about greed; it's about balance. The advertising funded web business model is starting to fail, and people who rely on it have three choices:
1. Balance successfully the amount of advertising people consume in a way they're willing to consume it.
2. Find a business model that doesn't rely on advertising so much.
People who haven't figured out how to do either of those things are rightfully scared, and some of them still think there is an option of forcing end users to accept what end users are demonstrating they won't accept. It can't work and that makes people mad. I get it, but really, all the power is in the hands of the end user, which makes the choice even starker:
My computer, my rules. Don't like it, buy me a computer, pay my electricity bill and internet bill. I'm totally down with that. Otherwise, too bad. Or better yet, if you don't like people doing what they like with their computers because your site wants them to do something they refuse to, take your site down. Please do that. Hilarious.
Here's the thing, I control what my computer does and the more irritating the advertising is, the more effort I'm willing to put into making sure it stops. My computer, my control. The more advertisers try to force the issue, the more people like me will turn our attention to making sure our computer does what we want and doesn't do anything we don't want.
"The more you tighten your grip, Tarkin, the more star systems will slip through your fingers." - some chick with weird hair
It's not a new phenomena. You can only push people so hard until they rebel. In this particular war, all of the power lies with the computer owner. You can't force people to consume advertising, you can only ask them to in return for something valuable. I don't mind some advertising as long as it doesn't cross the line from interesting into irritating, but it seems like about half the sites on the internet crossed that line. So yeah, I'm blocking advertising. That doesn't mean I don't want to support the content I love. Slashdot got money from me, even though I already had the ads blocked. Pandora gets money from me. There's a handful of others I directly support, but most sites don't offer the option, even if they offer the content I'm interested in. Why not?
Want to turn a million dollars into hundreds of millions? Take my money! People like me would pay ten dollars a month (easy) to get an advertising free internet. Get the top 500 sites to tell you how much they'd charge per month to offer an advertising free version and then see how many potential customers you could get. I'm betting you'd find out there is a ton of money to be had and people happy to pay. Why isn't anyone already doing this? Won't somebody please take my money?
People will pay a huge amount to see the first live mammoth. It captures the imagination in a way elephant or mouse or bird cloning just cannot compare to. I'm all for science advancement and in favor of careful study of biomes and being cautious, but none of those things grab headlines. The money that would pour into de-extinction development for a mammoth will be huge compared to any of the suggested other projects, and that's why cloning a mammoth is such a good thing. Getting the research and testing and trials done to bring back a mammoth will make it tremendously easier to complete other projects that may have more fundamental benefit to the scientific community.
You don't send a mission to Mars or even to the moon because that's the best return on investment, you do it because it makes people care about the science in ways they never would for the fundamental research that makes it possible.
You have to deal with the public like you would a four year old child. You don't have a four year old child look forward to going to the dentist because it's good for their health, you get them to look forward to it because they get a toy and ice cream after. Likewise you don't get the public to support a scientific project to benefit the ecosystems and research that being able to clone extinct and endangered animals can offer; you get the public to support the idea of getting to see a mammoth in person.
I think it depends on where you are and what is being done. Some places have restrictions on what companies can deny responsibility for, so there is usually (not bothering to look it up this time) a clause in the EULA saying the if part of it is invalidated, the rest still applies.
"There should be a law" is, perhaps, a better starting point. I've thought on this topic for a while and have some ideas about what should happen and how and when, but I am sure I'm missing some important issues and my wording needs improvement. Feel free to take my ideas and improve on them and pass them on to the appropriate agencies. Since "Comments owned by the poster" is clearly indicated, I hereby release this post and any of my comments related specifically to this post into the public domain.
Fast changes are bad for business so I believe this first part of my suggestion for new laws should be discussed now with an intent to have the laws become binding in 2025 at a state level.
BMC software law provision one.
The state of [insert state here] shall create and fund an agency with a free and public interface so that any software which is used to provide service or sold may be reported by the buyer as having a security vulnerability with replaceable results. If the buyer submits such a vulnerability to the state agency, there will be posted a public notice that the vulnerability has been reported which the software or software service vendor must review and patch in ninety days from the date of public notice. Software and software service vendors may request automatic notice by email or letter with proof of identity, of such public notices. Should a software or software service vendor fail to patch, and offer the patch without additional cost to all users of the software or software service vendor, the state of [insert state here] shall grant a permanent license to use the software or software service to the first reporter, individual or company or organization, of the vulnerability. The software vendor who fails to offer a free upgrade to all users of the software or software service without charge, shall be required to provide the software or software service without charge to the individual who first reported the vulnerability so long a the company continues to offer that software, software service or derivations on that software or software service commercially. This requirement shall apply to all sellers and buyers who reside or are conducting business within [insert state here] with the provision that if one of the entities involved in the transaction is outside of the jurisdiction of [insert state here] then all other commercial interactions by the entity outside of the jurisdiction of [insert state here] shall be prohibited within [insert state here] until the terms of this law are fulfilled.
Ten years is plenty of time for a state government agency to be formed and for companies and software developers to adjust to their business models to the first provision of of my proposed legislation. I think with that in mind, fifteen years is enough for the second provision of my proposed laws, and I think this should be at a federal level. I'd suggest that the NSA is the appropriate agency, but I'm open to a new federal agency being created or assignment to a better suited agency.
BMC software law provision two.
The federal government shall mandate [insert agency here] to provide a publicly accessible interface for the submission of software source code in the state used for development and production of the software and replicable instructions for any binary program produced using that source code which is offered for sale or as part of a paid service, hereafter referred to as replicable programming. Any person, company or organization offering software or service utilizing software for a fee must submit the replicable programming to the [insert agency here] interfa
Right, because keeping your browsing and application-utilization habits a secret is SO important.
OMG somebody might know you look at porn! Or that you play video games! Or that you are shopping online for a new printer!!!
The horror!
Okay, mostly I agree with you, and even if 99.9% of people were aware of what's shared, almost none of them would care. Of course, in reality, I'd be surprised if even 1% of people care enough to find out.
Lets just target that tiny fragment of the population that cares and wants to protect their privacy. Maybe you know the person behind the Ashley Madison hack, or want to blow the whistle on the NSA, or maybe you found out something terrible about Microsoft and want to email somebody about it, whatever. In this scenario, you're somehow also nuts enough that you are going to pass on your bombshell using your home Windows 10 PC.
Wireshark and a few tweaks to your router and there is now nothing goes out that you don't want going out. Problem solved. (It's not going to last ten seconds in keeping your identity secret from any of those entities, but hey, it's not Windows 10's fault at least.)
But wait, you must be saying, "my PC is connected without a router!" (How?) Don't worry your pretty little head about it. A couple host file edits and you're good. But "wait" you say, (complainer!) "these apps are still connecting!" So you add a handful of specific routes with the handy command line and boom (!) problem solved again. (For another ten seconds.)
"But ancientt," you say. "I'm posting and emailing stuff all the time that could get me in trouble and I don't want Microsoft to know!" To which I reply, "Tails and VPN my child." But you ignore my advice, because of course you do. "I must secure Windows 10 permanently!" I find you irritating, but alas, I cannot resist your wiles so I offer this further guidance. Edit your registry, run your own DNS server, set the default route to localhost and only allow an IP connection to sites you've intentionally pre-configured with the route command, and now my stupid but persevering student, you have a Windows 10 configuration which will communicate with nothing undesired.
Of course it isn't Wifi that is causing the problem, but there are problems here. Taking up the court's time and spending money on the lawsuit is obviously not going to solve the real problem, but it's also obvious that the parents (at least) believe the problem is real. Imagine that your child is suffering and someone you respect tells you the problem is something that is not too hard to solve, and following that advice seems to work. It's easy to see how you could become convinced that the problem is real and that you understand the cause. Then when you try to get other people to take reasonable actions in order to accommodate your needs, pretty much everyone laughs off your problem.
I'm sure it sucks to be in their shoes too. There are so many things I interact with every day that I don't really understand that it's not hard for me to accept that I am likely completely wrong about how I think some of them work. It's even likely that there are things I'm sure I understand that I'm actually wrong about.
How do you convince someone that something they adamantly believe is wrong? If this and other forums I've seen on the internet were the sole standard, I could only believe it is impossible. I guess what I'm saying is, even while you can be certain the real problem isn't Wifi sensitivity, there is a saddening lack of empathy displayed in this discussion.
I want that too, except with an additional requirement. I don't want anything involved in controlling the car physically wired to anything networked. If I want the car controlling system to connect to a network, I want to be required to physically turn a switch to allow it.
"Oh, they're firewalled" they say, and we know that fails.
It was for the sake of this day that he had first decided to run for the Presidency, a decision which had sent waves of astonishment throughout the Imperial Galaxy -- Zaphod Beeblebrox? President? Not the Zaphod Beeblebrox? Not the President? Many had seen it as a clinching proof that the whole of known creation had finally gone bananas.... The President is always a controversial choice, always an infuriating but fascinating character. His job is not to wield power but to draw attention away from it.
Nobody's hitting me with a brick to get my password. If you can credibly threaten to, you can have it. Nothing on my phone is worth a bloody nose, let alone a broken bone or my life.
With that in mind, I would NEVER put anything on my phone that would incriminate me of a felony or give a potential blackmailer the ability to ruin my life. In fact, I stay away from scenarios where such things even could exist for the same reasons.
You're absolutely correct on all counts. I certainly hope I didn't come across as implying that there is no point in having encryption, good encryption, on devices that may have sensitive data.
The latter is hard to extract by physical examination
I'm assuming that hard to extract is a description that applies to normal tools and access. I have every expectation that it would be at least moderately easy for the NSA. Ditto for a Colombian drug lord who is willing to invest a couple hundred million into getting the ability.
If law enforcement has a good case that the phone they have taken possession of is likely to contain evidence in a murder trial, I am surprised they don't have a department that passes the warrant and request to an agency that can handle the extraction of the baked in digital key.
I encrypt my phone because I believe that my password is highly unlikely to be guessed by the thief who manages to snag it from me in a bar or on the subway. If a cop takes it, I expect it to hold out until that point they decide it is worth getting an acronym agency of your choice involved. (I expect that the HSA, CIA, FBI, NSA wouldn't have trouble getting the baked in key, but I doubt that San Diego PD has the capability.)
If a thug with a gun wants my password, I'll hand it over because nothing on my phone is worth endangering my life. If a thug with a badge wants my password, I'll resist as long as feasible on principle, but I wouldn't expect my data to last against a serious concentrated effort. If a drug kingpin decides to break into my phone, I expect my password and the keys are good enough, but not if that kingpin is willing to throw multi-million dollar investments against it.
The concern I have is that my senator will cast a deciding vote making a backdoor mandatory and then the kid hanging around the bus stop will have a black market resale value incentive to steal it, because I have no expectation that law mandated security will be secure enough to keep black hats from finding out how to take advantage of it. Is it possible that law mandated back door access could be secure against black hat access? Yes. Is it likely a senator would have a clue how to mandate that? Not in the least.
It's just the locked door debate. Good locks, strong doors and a security system stop petty criminals or hopefully at least slow them down. It doesn't stop SWAT or Ismael Zambada Garcia if they decide they want in. So it's a good idea to invest in security, but it's a bad idea to trust it absolutely.
Just for the sake of anyone who hasn't thought this through: The device's hard drive may be encrypted, that that doesn't mean you have to use the screen to enter all the possibilities or have to wait or have to worry about getting locked out.
When decrypting the hard drive (card/whatever) of a device, you pull the media out, copy it and then access it in an environment you control. So you can try a billion guesses a second if your computing resources can handle it. A phone's storage capacity is small enough that you could actually distribute a couple hundred thousand copies to a couple high end clusters and have them all trying their unique possible combinations in parallel.
Having lock-out features and delays only stops the casual criminal. The well financed criminal or government can hit your encrypted data with an unimaginable number of guesses per second. If you think your password is good enough to keep out the government or drug lord, I recommend you bear in mind that they are going to guess every possible eight digit password in under three seconds.
I vote that the legal definition of your right to airspace above your property should be "shotgun range." (I don't know who is in the moral right here, but I do think it's important to note that the man was not arrested for shooting the drone, but rather for firing a gun outside of legal limits.)
I learned the DOS command line well in the early nineties, and a surprising amount has stuck with me. I use Windows 10 at work, admin Hyper-V and Linux servers there and run Linux at home 99% of the time. This kind of review looks exactly what I'm looking for but really, since I do much of my work from the command line in both environments, I'm surprised the GUI gets so much focus. It just seems like the hard way most of the time to me.
The first thing I usually do on a Windows machine is pin cmd to the task bar, and from there, right click and run as administrator. I have a c:\bin folder where I stick all the PsTools, Sysinternals, putty/kitty and unix utils tools I need, so I usually
setx PATH "%PATH%;C:\bin\;C:\bin\usr\local\wbin\"
and then custom create a bat file or two to point to my cloud stored resources. All that works on Windows XP - Windows 10 without any special effort.
I started using Windows 10 shortly after it first came out for Windows Insiders. I noticed that some of our proprietary business software doesn't work, but it still doesn't work on Windows 8 either, so that's hardly a surprise. All my command line stuff seems to work without any effort and nearly all my normal software works, the exception being Outlook's search which seems to have been broken in 8 too. (My setup is abnormal enough that I'm not really surprised, just frustrated.) The RSAT took a couple tries to get running, but was working.... until I did a clean install of Win 10 with the official release and now can't get it to work for love or money. (Apparently that's coming out in the next couple weeks and the stuff I was using in Beta won't install in the released version.) Also the Hyper-V manager seems to have a problem with one of our servers now, but I suspect that's a problem on that server rather than with the tool. We don't reboot those things very often, so I'm optimistic the next reboot of that server will resolve the issue.
What I do like in Windows 10 is the improved command line defaults. I didn't really need it, but I like the color options making it easier to spot which command line I'm after and default equivalent to Quick Edit settings so I don't have to remember to do it myself. I'm still getting used to being able to use Ctrl+C on it. I also like the improved snap window (Windows + arrow key) settings, being able to use quarter screens easily and the prompts to choose second windows is quite nice.
I enabled Cortana and the search function improved. I expected to hate it since I only use the search for finding things already on my local computer, but that improved too. I'm not sure I like sharing everything with Microsoft but I share so much already, I'm willing to live with it in exchange for better search responses for now.
Lets say, just hypothetically, that this is implemented at a federal government level. Further, lets take as a given that this supplement makes cows healthier, happier and cheaper to feed. Additionally, lets assume that we want this enough to subsidize this for farmers to the point that they're actually paid slightly to implement it. I'd call this set of givens the ideal situation.
Even if we had such an ideal situation, there will be a lot of ranchers and farmers who don't trust the government's plan (my father will probably be one of them) and people in that group won't implement the change. Then there will undoubtedly be the "organic" beef people who demand 3NOP free labeling and some farmers and ranchers will target that market and not implement. Other countries won't necessarily follow suit. Some will, but some certainly won't.
However, knowing that some people will resist change isn't a valid reason to avoid considering whether change needs to happen. Civil rights, the abolition of slavery, freeing jews in internment camps... all are changes that every normal person now would agree needed to happen. There was resistance at the time and there are still people who don't like the changes even now, but that doesn't mean we shouldn't have put the effort in.
Change is bad. Not changing is bad. No matter how elegant and beneficial a solution is, no matter how bad the problem is, there will always be some struggle implementing the solution. Even knowing leaded gasoline is bad, and having some idea how bad, there are still quite a few engines (small planes jump to mind) which still use it. Changing to unleaded gasoline was beneficial and a struggle, and it was worth it. (Do some reading if you are unfamiliar with how significant that change was.)
My point is that we can acknowledge there will always be issues with implementing big changes without weakening the argument that change is good and needed.
I think this is the best suggestion I've seen for dealing with a drone so far. A high power washer would be ideal. I wonder if I could go into business selling "drone killers" that are legal to use in city limits.
YES. Port knocking solved this years ago. For those unfamiliar with the concept, the idea is simple enough: my computer doesn't even let you try to log in unless you first hit a specific combination of ports first. For example, your IP address gets no response to an attempt to connect to SSH unless you first try to open ports 2234, 5039, 16, 38 and 27 in that order. (You don't get a response on those either, but my computer records those attempts and when you do hit them in that order, it opens up the real SSH port to your IP address for a connection attempt.) Add on an extra layer of security by having some ports that cause an automatic ban, so hitting port 2232 or port 2235 would mean your computer wouldn't get any access even if you otherwise hit all the required ports in the right order.
The best part is that you don't need any special software to set this up. Iptables is already built in and a bash script is sufficient to process the logs created by Iptables and unblock or ban when appropriate. The client just needs to get to a web page with links to the server and ports in the right order, so nothing more sophisticated than a browser is necessary. The worst part is that your firewall will block non-standard outbound traffic if it's sophisticated enough and if you're in a corporate environment, making changes to it may not even be an option.
I don't like alternate possible suggestions either. If you put up a web page to first authenticate people before opening SSH for connections, then the web server becomes the week point and I think SSH has a better track record of being secure than any web server I can think of. If you put up a VPN to authenticate people before allowing SSH attempts, then the VPN becomes the week point, and again, I don't know if VPNs are any more likely to be secure than SSH itself.
Any time you put two layers of authentication in front of allowing access, it should be more secure than having one alone, but with zero day exploits happening on pretty much everything, I'm inclined to think the first layer should be the one most likely to be immune. If that's SSH, and I think there is a reasonable argument SSH has a better track record than most any other authentication method, then using any other piece of software that people can connect to in front of it makes the potential for a breach higher.
I'm actually in favor of layered security and I use fail2ban (as others have suggested) and I put together a script to automatically ban "evil ips" when they repeatedly try unsuccessfully to connect to my machines, but really I feel that's more for my benefit of having less logs of automated attempts than being a serious deterrent to any half brained targeted hack attempt.
Yes. Always. (What kind of fertilizer? What type of bees? What tilling method? What moon cycle was planting and harvesting done in? Did the farmer wear goatskin or cotton gloves?)
It is impossible, not to mention impractical, to require that a label should include all the information I might not know. What is possible and reasonable is to require labeling to give me information that I do need to know and make rules and laws against things that are known to be harmful.
With that background, the goal I expect from legislation is to both ensure that necessary information is included and exclude requirements to add unnecessary information.
So if I believe that GMOs are potentially dangerous, I'll take the time to find and buy foods labeled Non-GMO (still legal) or that I have researched enough to be confident I'm sure meet my personal preference.
The real issue here, as in so many recent issues, is the philosophy behind deciding: what is the purpose of law?
Law is to make society better? Legal requirements to require GMO labeling is fine. Laws to prevent labeling GMO is fine. Laws to make dogs wear sweaters is fine. Anything that makes society better, according to widely varying definitions of "better" is fine. All taxes are based on this philosophy, and generally accepted because the a lot of people have similar ideas of "better."
Law is to prevent harm? Legal requirements to require GMO labeling is fine. Laws to prevent GMO labeling is fine. People have varying ideas of what harm might might be.
Law is to maximize freedom? That's sort of all about making the best society possible for people to be maximally free, while still being about preventing harm which inhibits freedom. Freedom is individual but every freedom you give one person (freedom to kill) inhibits the freedom of another (lack of life is complete loss of freedom.) Everything is a compromise. Freedom to ensure knowledge about GMOs inhibits freedom to present products the way you prefer.
Freedom?
Yeah. Life isn't black and white. Making choices to determine what other people must or must not do, can or cannot do; that's complex but life is complex.
I've brought up a lot of potential nuance to add to the simple question of whether it should be legal to require GMO labeling or not. Given that nuance, I don't expect you, dear reader, to change your opinion since everything I've contributed can also be used to support your preconceived notions of what's appropriate. Are you asking what I think? Are you asking what someone who has both sides consideration thinks? You won't be satisfied with the answer.
I don't really know for sure. I want freedom, and I want to ensure freedom for others. I don't know which side does the best job of either. In these situations, I generally go for the approach of not legislating, but this is about a law to prevent legislating. If I don't like unnecessary laws, is it better to prevent laws using law or skip the law at all? I think the best choice is to allow legislation to happen at the most local levels, which is to say no, I don't think this is a good law, even though I don't think the idea that legislating a requirement for GMO labeling is a good idea either.
So even though I sorta have a stance, t's not strong. If you'd like me and people like me to see your side, or even support it, please give me a good reason to support your perspective. Despite everything I've read (most of the discussion so far,) I still haven't seen that.
But your clearly not familiar with how large companies do things, or even what a BACKDOOR is.
I'm familiar with both.
Also Nobody has proposed some 2 key system.
You're absolutely right. Even I'm not proposing it. I'm simply outlining how secure second party access can be managed. You and I both know that politicians don't want to go through a secure process, or have only limited access controlled by subpoenas.
If its the same key, then no that is not PKI, because i just lost the ability to revoke and renew a key without 3rd party intervention.
You're mostly right. What I described is PKI protected symmetric encryption, which isn't as secure as pure PKI, but that's what systems use now, just (hopefully) without second party access. (That's why you can change the password on your android phone or bitlocker container or truecrypt drive without it taking the time to do a full re-encryption. It can be as almost as secure, but not like I described it.) The example I gave wasn't representative of what politicians want... again, it's just one way dual access could be set up securely.
It's not wrong to say that any sort of backdoors are a bad idea, no matter how they're implemented. And you can absolutely bet that serious criminals and even geeks like me will re-encrypt with non-shared keys, so it's only effective for the kind of terrorists who don't train to fly planes into buildings.
I'm having a hard time defending even a process that could be relatively secure, because (like you) I have zero trust in the politicians calling for an end to privacy.
A spokesperson for [Big Telco] said that even though they broke the law law pertaining to maintaining government security by putting the keys into network connected system, that no phones could actually be compromised because every piece of data [Big Telco] stores is useless without the corresponding PKI private keys secured by the [Three Letter Government Agency]. The spokesperson went on to say that replacement keys had already been automatically pushed to every online phone anyway as an extra security precaution. We spoke with the lawyers of the defendants accused of breaching national security and two of them confirmed their clients were considering plea deals to avoid longer jail sentences.
I wouldn't disagree that dual key systems make security weaker, but how much weaker the security is depends an awful lot on how you do it.
I don't know if you missed the PKI component in my previous post or just aren't familiar with it, but for the sake of other readers here's the essentials of Public Key Infrastructure:
A) Anyone can encrypt a message using a public key
B) Nobody can decrypt that message except the holder of the corresponding private key
C) No, not even you, the person who encrypted the message, not even you can decrypt it
D) Because math
The thing about the process I described is that it would be impossible for the [Big Telco] to cause the actual passwords to be breached, because they would never have them. It would be impossible for the government agency to cause the actual passwords to be breached because they wouldn't have them either. Both would have to fail dramatically, and at the same time, in order to prevent corrective measures from being effective.
You and what army? Why, this army... er, where do I get an army exactly? Maybe I just need to get a bunch of smaller government types to go along with me, maybe get a bunch of states together and make our own country? Has anybody tried that? Oh. How'd that work out? Oh.
So, yay America I guess?
So... hypothetical question, exactly what do you have to post in an internet forum to get put on watch lists and no-fly etc?
Slashdot Mirror
Did I say that? No. I said that I control my computer so I control what it does. Sure, I'm willing to take a free computer and free internet access in exchange for viewing more ads (hint hint Google) but that's not the point.
Depending on the ability to force someone to do something they don't want to do is a terrible long term business model. I think a lot of people who have been depending on it are angry that it's starting to fail. The worst part is that it doesn't need to be that way; those websites don't have to depend on advertising to make a profit. I deliberately start off the discussion by poking the painful truth right where it upsets people most because that's the motivation necessary to make people consider change.
In reality, I'm trying to change minds to avoid a Mexican Standoff. Both parties have veto power, the content provider can stop providing content and the consumer can stop consuming. Since I want the content providers to keep providing content, I point out their weakness so that they'll consider an alternative. If the web weren't already so filled with obtrusive advertising, I'd be trying to change minds on the other side.
You are using their computers, (servers) and so are obliged to follow their rules.
If you can use technological measures to circumvent their ads, then that's your right, but they have just as strong a right to use technological measures to counter-circumvent.
You're right. They can add whatever technical measures they think best benefit their income and I can take whatever measures I feel best benefit my access. My observation is that more aggressive tactics result in more aggressive counter tactics and the end user has the overwhelming advantage.
Don't like it? Don't use youTube. It's not like they care that much. They're not profiting from you.
Of course, if YouTube's tactics for trying to get people to view advertising become too aggressive, more and more people will just avoid it while others develop more and more sophisticated methods of bypassing it. Eventually YouTube loses on both the number of visitors and the number of visitors who work at avoiding advertising.
Google is making money from me even if they never manage to show me an ad. They offer several things I appreciate, including the opportunity to hold some of my actual money, so I really don't want them to fail. I hope they do manage to hit the sweet spot of income via advertising without crossing the line into driving away customers with irritation. I don't think this particular move crosses that line, so my comments were directed more toward the ad supported web business model in general than Google specifically.
What I see happening is a backlash against intrusive advertising and I expect Google is smart enough to make money in that climate anyway. I just hope not everyone adopts the attitude of "Don't use youTube." The end users will always win and the only hope of successfully keeping the web alive in the long run is to find balance end users will accept or change the way websites make money.
Change is hard. It's not (always anyway) about greed; it's about balance. The advertising funded web business model is starting to fail, and people who rely on it have three choices:
1. Balance successfully the amount of advertising people consume in a way they're willing to consume it.
2. Find a business model that doesn't rely on advertising so much.
People who haven't figured out how to do either of those things are rightfully scared, and some of them still think there is an option of forcing end users to accept what end users are demonstrating they won't accept. It can't work and that makes people mad. I get it, but really, all the power is in the hands of the end user, which makes the choice even starker:
Adapt or die.
I doubt this would have the breath of impact I'm looking for, but thanks, I'm going to consider this.
My computer, my rules. Don't like it, buy me a computer, pay my electricity bill and internet bill. I'm totally down with that. Otherwise, too bad. Or better yet, if you don't like people doing what they like with their computers because your site wants them to do something they refuse to, take your site down. Please do that. Hilarious.
Here's the thing, I control what my computer does and the more irritating the advertising is, the more effort I'm willing to put into making sure it stops. My computer, my control. The more advertisers try to force the issue, the more people like me will turn our attention to making sure our computer does what we want and doesn't do anything we don't want.
It's not a new phenomena. You can only push people so hard until they rebel. In this particular war, all of the power lies with the computer owner. You can't force people to consume advertising, you can only ask them to in return for something valuable. I don't mind some advertising as long as it doesn't cross the line from interesting into irritating, but it seems like about half the sites on the internet crossed that line. So yeah, I'm blocking advertising. That doesn't mean I don't want to support the content I love. Slashdot got money from me, even though I already had the ads blocked. Pandora gets money from me. There's a handful of others I directly support, but most sites don't offer the option, even if they offer the content I'm interested in. Why not?
Want to turn a million dollars into hundreds of millions? Take my money! People like me would pay ten dollars a month (easy) to get an advertising free internet. Get the top 500 sites to tell you how much they'd charge per month to offer an advertising free version and then see how many potential customers you could get. I'm betting you'd find out there is a ton of money to be had and people happy to pay. Why isn't anyone already doing this? Won't somebody please take my money?
Money. It's about money.
People will pay a huge amount to see the first live mammoth. It captures the imagination in a way elephant or mouse or bird cloning just cannot compare to. I'm all for science advancement and in favor of careful study of biomes and being cautious, but none of those things grab headlines. The money that would pour into de-extinction development for a mammoth will be huge compared to any of the suggested other projects, and that's why cloning a mammoth is such a good thing. Getting the research and testing and trials done to bring back a mammoth will make it tremendously easier to complete other projects that may have more fundamental benefit to the scientific community.
You don't send a mission to Mars or even to the moon because that's the best return on investment, you do it because it makes people care about the science in ways they never would for the fundamental research that makes it possible.
You have to deal with the public like you would a four year old child. You don't have a four year old child look forward to going to the dentist because it's good for their health, you get them to look forward to it because they get a toy and ice cream after. Likewise you don't get the public to support a scientific project to benefit the ecosystems and research that being able to clone extinct and endangered animals can offer; you get the public to support the idea of getting to see a mammoth in person.
I think it depends on where you are and what is being done. Some places have restrictions on what companies can deny responsibility for, so there is usually (not bothering to look it up this time) a clause in the EULA saying the if part of it is invalidated, the rest still applies.
"There should be a law" is, perhaps, a better starting point. I've thought on this topic for a while and have some ideas about what should happen and how and when, but I am sure I'm missing some important issues and my wording needs improvement. Feel free to take my ideas and improve on them and pass them on to the appropriate agencies. Since "Comments owned by the poster" is clearly indicated, I hereby release this post and any of my comments related specifically to this post into the public domain.
Fast changes are bad for business so I believe this first part of my suggestion for new laws should be discussed now with an intent to have the laws become binding in 2025 at a state level.
Ten years is plenty of time for a state government agency to be formed and for companies and software developers to adjust to their business models to the first provision of of my proposed legislation. I think with that in mind, fifteen years is enough for the second provision of my proposed laws, and I think this should be at a federal level. I'd suggest that the NSA is the appropriate agency, but I'm open to a new federal agency being created or assignment to a better suited agency.
Right, because keeping your browsing and application-utilization habits a secret is SO important.
OMG somebody might know you look at porn! Or that you play video games! Or that you are shopping online for a new printer!!!
The horror!
Okay, mostly I agree with you, and even if 99.9% of people were aware of what's shared, almost none of them would care. Of course, in reality, I'd be surprised if even 1% of people care enough to find out.
Lets just target that tiny fragment of the population that cares and wants to protect their privacy. Maybe you know the person behind the Ashley Madison hack, or want to blow the whistle on the NSA, or maybe you found out something terrible about Microsoft and want to email somebody about it, whatever. In this scenario, you're somehow also nuts enough that you are going to pass on your bombshell using your home Windows 10 PC.
Wireshark and a few tweaks to your router and there is now nothing goes out that you don't want going out. Problem solved. (It's not going to last ten seconds in keeping your identity secret from any of those entities, but hey, it's not Windows 10's fault at least.)
But wait, you must be saying, "my PC is connected without a router!" (How?) Don't worry your pretty little head about it. A couple host file edits and you're good. But "wait" you say, (complainer!) "these apps are still connecting!" So you add a handful of specific routes with the handy command line and boom (!) problem solved again. (For another ten seconds.)
"But ancientt," you say. "I'm posting and emailing stuff all the time that could get me in trouble and I don't want Microsoft to know!" To which I reply, "Tails and VPN my child." But you ignore my advice, because of course you do. "I must secure Windows 10 permanently!" I find you irritating, but alas, I cannot resist your wiles so I offer this further guidance. Edit your registry, run your own DNS server, set the default route to localhost and only allow an IP connection to sites you've intentionally pre-configured with the route command, and now my stupid but persevering student, you have a Windows 10 configuration which will communicate with nothing undesired.
I will not post bail.
Of course it isn't Wifi that is causing the problem, but there are problems here. Taking up the court's time and spending money on the lawsuit is obviously not going to solve the real problem, but it's also obvious that the parents (at least) believe the problem is real. Imagine that your child is suffering and someone you respect tells you the problem is something that is not too hard to solve, and following that advice seems to work. It's easy to see how you could become convinced that the problem is real and that you understand the cause. Then when you try to get other people to take reasonable actions in order to accommodate your needs, pretty much everyone laughs off your problem.
I'm sure it sucks to be in their shoes too. There are so many things I interact with every day that I don't really understand that it's not hard for me to accept that I am likely completely wrong about how I think some of them work. It's even likely that there are things I'm sure I understand that I'm actually wrong about.
How do you convince someone that something they adamantly believe is wrong? If this and other forums I've seen on the internet were the sole standard, I could only believe it is impossible. I guess what I'm saying is, even while you can be certain the real problem isn't Wifi sensitivity, there is a saddening lack of empathy displayed in this discussion.
I want that too, except with an additional requirement. I don't want anything involved in controlling the car physically wired to anything networked. If I want the car controlling system to connect to a network, I want to be required to physically turn a switch to allow it.
"Oh, they're firewalled" they say, and we know that fails.
That phrase, "mostly harmless" rings a bell.
Yup.
Nobody's hitting me with a brick to get my password. If you can credibly threaten to, you can have it. Nothing on my phone is worth a bloody nose, let alone a broken bone or my life.
With that in mind, I would NEVER put anything on my phone that would incriminate me of a felony or give a potential blackmailer the ability to ruin my life. In fact, I stay away from scenarios where such things even could exist for the same reasons.
You're absolutely correct on all counts. I certainly hope I didn't come across as implying that there is no point in having encryption, good encryption, on devices that may have sensitive data.
I'm assuming that hard to extract is a description that applies to normal tools and access. I have every expectation that it would be at least moderately easy for the NSA. Ditto for a Colombian drug lord who is willing to invest a couple hundred million into getting the ability.
If law enforcement has a good case that the phone they have taken possession of is likely to contain evidence in a murder trial, I am surprised they don't have a department that passes the warrant and request to an agency that can handle the extraction of the baked in digital key.
I encrypt my phone because I believe that my password is highly unlikely to be guessed by the thief who manages to snag it from me in a bar or on the subway. If a cop takes it, I expect it to hold out until that point they decide it is worth getting an acronym agency of your choice involved. (I expect that the HSA, CIA, FBI, NSA wouldn't have trouble getting the baked in key, but I doubt that San Diego PD has the capability.)
If a thug with a gun wants my password, I'll hand it over because nothing on my phone is worth endangering my life. If a thug with a badge wants my password, I'll resist as long as feasible on principle, but I wouldn't expect my data to last against a serious concentrated effort. If a drug kingpin decides to break into my phone, I expect my password and the keys are good enough, but not if that kingpin is willing to throw multi-million dollar investments against it.
The concern I have is that my senator will cast a deciding vote making a backdoor mandatory and then the kid hanging around the bus stop will have a black market resale value incentive to steal it, because I have no expectation that law mandated security will be secure enough to keep black hats from finding out how to take advantage of it. Is it possible that law mandated back door access could be secure against black hat access? Yes. Is it likely a senator would have a clue how to mandate that? Not in the least.
It's just the locked door debate. Good locks, strong doors and a security system stop petty criminals or hopefully at least slow them down. It doesn't stop SWAT or Ismael Zambada Garcia if they decide they want in. So it's a good idea to invest in security, but it's a bad idea to trust it absolutely.
Just for the sake of anyone who hasn't thought this through: The device's hard drive may be encrypted, that that doesn't mean you have to use the screen to enter all the possibilities or have to wait or have to worry about getting locked out.
When decrypting the hard drive (card/whatever) of a device, you pull the media out, copy it and then access it in an environment you control. So you can try a billion guesses a second if your computing resources can handle it. A phone's storage capacity is small enough that you could actually distribute a couple hundred thousand copies to a couple high end clusters and have them all trying their unique possible combinations in parallel.
Having lock-out features and delays only stops the casual criminal. The well financed criminal or government can hit your encrypted data with an unimaginable number of guesses per second. If you think your password is good enough to keep out the government or drug lord, I recommend you bear in mind that they are going to guess every possible eight digit password in under three seconds.
I vote that the legal definition of your right to airspace above your property should be "shotgun range." (I don't know who is in the moral right here, but I do think it's important to note that the man was not arrested for shooting the drone, but rather for firing a gun outside of legal limits.)
You're right, for setting environment variables permanently you use setx instead. http://ss64.com/nt/setx.html
I learned the DOS command line well in the early nineties, and a surprising amount has stuck with me. I use Windows 10 at work, admin Hyper-V and Linux servers there and run Linux at home 99% of the time. This kind of review looks exactly what I'm looking for but really, since I do much of my work from the command line in both environments, I'm surprised the GUI gets so much focus. It just seems like the hard way most of the time to me.
The first thing I usually do on a Windows machine is pin cmd to the task bar, and from there, right click and run as administrator. I have a c:\bin folder where I stick all the PsTools, Sysinternals, putty/kitty and unix utils tools I need, so I usually
and then custom create a bat file or two to point to my cloud stored resources. All that works on Windows XP - Windows 10 without any special effort.
I started using Windows 10 shortly after it first came out for Windows Insiders. I noticed that some of our proprietary business software doesn't work, but it still doesn't work on Windows 8 either, so that's hardly a surprise. All my command line stuff seems to work without any effort and nearly all my normal software works, the exception being Outlook's search which seems to have been broken in 8 too. (My setup is abnormal enough that I'm not really surprised, just frustrated.) The RSAT took a couple tries to get running, but was working.... until I did a clean install of Win 10 with the official release and now can't get it to work for love or money. (Apparently that's coming out in the next couple weeks and the stuff I was using in Beta won't install in the released version.) Also the Hyper-V manager seems to have a problem with one of our servers now, but I suspect that's a problem on that server rather than with the tool. We don't reboot those things very often, so I'm optimistic the next reboot of that server will resolve the issue.
What I do like in Windows 10 is the improved command line defaults. I didn't really need it, but I like the color options making it easier to spot which command line I'm after and default equivalent to Quick Edit settings so I don't have to remember to do it myself. I'm still getting used to being able to use Ctrl+C on it. I also like the improved snap window (Windows + arrow key) settings, being able to use quarter screens easily and the prompts to choose second windows is quite nice.
I enabled Cortana and the search function improved. I expected to hate it since I only use the search for finding things already on my local computer, but that improved too. I'm not sure I like sharing everything with Microsoft but I share so much already, I'm willing to live with it in exchange for better search responses for now.
Well, yeah, it is kind of shocking to compare crime between the US and Finland: http://www.nationmaster.com/co...
Lets say, just hypothetically, that this is implemented at a federal government level. Further, lets take as a given that this supplement makes cows healthier, happier and cheaper to feed. Additionally, lets assume that we want this enough to subsidize this for farmers to the point that they're actually paid slightly to implement it. I'd call this set of givens the ideal situation.
Even if we had such an ideal situation, there will be a lot of ranchers and farmers who don't trust the government's plan (my father will probably be one of them) and people in that group won't implement the change. Then there will undoubtedly be the "organic" beef people who demand 3NOP free labeling and some farmers and ranchers will target that market and not implement. Other countries won't necessarily follow suit. Some will, but some certainly won't.
However, knowing that some people will resist change isn't a valid reason to avoid considering whether change needs to happen. Civil rights, the abolition of slavery, freeing jews in internment camps... all are changes that every normal person now would agree needed to happen. There was resistance at the time and there are still people who don't like the changes even now, but that doesn't mean we shouldn't have put the effort in.
Change is bad. Not changing is bad. No matter how elegant and beneficial a solution is, no matter how bad the problem is, there will always be some struggle implementing the solution. Even knowing leaded gasoline is bad, and having some idea how bad, there are still quite a few engines (small planes jump to mind) which still use it. Changing to unleaded gasoline was beneficial and a struggle, and it was worth it. (Do some reading if you are unfamiliar with how significant that change was.)
My point is that we can acknowledge there will always be issues with implementing big changes without weakening the argument that change is good and needed.
I think this is the best suggestion I've seen for dealing with a drone so far. A high power washer would be ideal. I wonder if I could go into business selling "drone killers" that are legal to use in city limits.
YES. Port knocking solved this years ago. For those unfamiliar with the concept, the idea is simple enough: my computer doesn't even let you try to log in unless you first hit a specific combination of ports first. For example, your IP address gets no response to an attempt to connect to SSH unless you first try to open ports 2234, 5039, 16, 38 and 27 in that order. (You don't get a response on those either, but my computer records those attempts and when you do hit them in that order, it opens up the real SSH port to your IP address for a connection attempt.) Add on an extra layer of security by having some ports that cause an automatic ban, so hitting port 2232 or port 2235 would mean your computer wouldn't get any access even if you otherwise hit all the required ports in the right order.
The best part is that you don't need any special software to set this up. Iptables is already built in and a bash script is sufficient to process the logs created by Iptables and unblock or ban when appropriate. The client just needs to get to a web page with links to the server and ports in the right order, so nothing more sophisticated than a browser is necessary. The worst part is that your firewall will block non-standard outbound traffic if it's sophisticated enough and if you're in a corporate environment, making changes to it may not even be an option.
I don't like alternate possible suggestions either. If you put up a web page to first authenticate people before opening SSH for connections, then the web server becomes the week point and I think SSH has a better track record of being secure than any web server I can think of. If you put up a VPN to authenticate people before allowing SSH attempts, then the VPN becomes the week point, and again, I don't know if VPNs are any more likely to be secure than SSH itself.
Any time you put two layers of authentication in front of allowing access, it should be more secure than having one alone, but with zero day exploits happening on pretty much everything, I'm inclined to think the first layer should be the one most likely to be immune. If that's SSH, and I think there is a reasonable argument SSH has a better track record than most any other authentication method, then using any other piece of software that people can connect to in front of it makes the potential for a breach higher.
I'm actually in favor of layered security and I use fail2ban (as others have suggested) and I put together a script to automatically ban "evil ips" when they repeatedly try unsuccessfully to connect to my machines, but really I feel that's more for my benefit of having less logs of automated attempts than being a serious deterrent to any half brained targeted hack attempt.
Wow. I want to know the whole story.
Is there something I don't know?
Yes. Always. (What kind of fertilizer? What type of bees? What tilling method? What moon cycle was planting and harvesting done in? Did the farmer wear goatskin or cotton gloves?)
It is impossible, not to mention impractical, to require that a label should include all the information I might not know. What is possible and reasonable is to require labeling to give me information that I do need to know and make rules and laws against things that are known to be harmful.
With that background, the goal I expect from legislation is to both ensure that necessary information is included and exclude requirements to add unnecessary information.
So if I believe that GMOs are potentially dangerous, I'll take the time to find and buy foods labeled Non-GMO (still legal) or that I have researched enough to be confident I'm sure meet my personal preference.
The real issue here, as in so many recent issues, is the philosophy behind deciding: what is the purpose of law?
Freedom?
Yeah. Life isn't black and white. Making choices to determine what other people must or must not do, can or cannot do; that's complex but life is complex.
I've brought up a lot of potential nuance to add to the simple question of whether it should be legal to require GMO labeling or not. Given that nuance, I don't expect you, dear reader, to change your opinion since everything I've contributed can also be used to support your preconceived notions of what's appropriate. Are you asking what I think? Are you asking what someone who has both sides consideration thinks? You won't be satisfied with the answer.
I don't really know for sure. I want freedom, and I want to ensure freedom for others. I don't know which side does the best job of either. In these situations, I generally go for the approach of not legislating, but this is about a law to prevent legislating. If I don't like unnecessary laws, is it better to prevent laws using law or skip the law at all? I think the best choice is to allow legislation to happen at the most local levels, which is to say no, I don't think this is a good law, even though I don't think the idea that legislating a requirement for GMO labeling is a good idea either.
So even though I sorta have a stance, t's not strong. If you'd like me and people like me to see your side, or even support it, please give me a good reason to support your perspective. Despite everything I've read (most of the discussion so far,) I still haven't seen that.
I'm familiar with both.
You're absolutely right. Even I'm not proposing it. I'm simply outlining how secure second party access can be managed. You and I both know that politicians don't want to go through a secure process, or have only limited access controlled by subpoenas.
You're mostly right. What I described is PKI protected symmetric encryption, which isn't as secure as pure PKI, but that's what systems use now, just (hopefully) without second party access. (That's why you can change the password on your android phone or bitlocker container or truecrypt drive without it taking the time to do a full re-encryption. It can be as almost as secure, but not like I described it.) The example I gave wasn't representative of what politicians want... again, it's just one way dual access could be set up securely.
It's not wrong to say that any sort of backdoors are a bad idea, no matter how they're implemented. And you can absolutely bet that serious criminals and even geeks like me will re-encrypt with non-shared keys, so it's only effective for the kind of terrorists who don't train to fly planes into buildings.
I'm having a hard time defending even a process that could be relatively secure, because (like you) I have zero trust in the politicians calling for an end to privacy.
A spokesperson for [Big Telco] said that even though they broke the law law pertaining to maintaining government security by putting the keys into network connected system, that no phones could actually be compromised because every piece of data [Big Telco] stores is useless without the corresponding PKI private keys secured by the [Three Letter Government Agency]. The spokesperson went on to say that replacement keys had already been automatically pushed to every online phone anyway as an extra security precaution. We spoke with the lawyers of the defendants accused of breaching national security and two of them confirmed their clients were considering plea deals to avoid longer jail sentences.
I wouldn't disagree that dual key systems make security weaker, but how much weaker the security is depends an awful lot on how you do it.
I don't know if you missed the PKI component in my previous post or just aren't familiar with it, but for the sake of other readers here's the essentials of Public Key Infrastructure:
A) Anyone can encrypt a message using a public key
B) Nobody can decrypt that message except the holder of the corresponding private key
C) No, not even you, the person who encrypted the message, not even you can decrypt it
D) Because math
The thing about the process I described is that it would be impossible for the [Big Telco] to cause the actual passwords to be breached, because they would never have them. It would be impossible for the government agency to cause the actual passwords to be breached because they wouldn't have them either. Both would have to fail dramatically, and at the same time, in order to prevent corrective measures from being effective.
So you're the reason grandma's birthday was so exciting!
You and what army? Why, this army ... er, where do I get an army exactly? Maybe I just need to get a bunch of smaller government types to go along with me, maybe get a bunch of states together and make our own country? Has anybody tried that? Oh. How'd that work out? Oh.
So, yay America I guess?
So... hypothetical question, exactly what do you have to post in an internet forum to get put on watch lists and no-fly etc?