In the UK, Digital Televisions are not available in sizes less than 28", and at approximately double the price of the equivalent analog TV. They offer no additional features, since they use the same signal. Even when digital signals are available, they will offer only double the picture quality (oh wow, an EGA mode), preferring to spend their bandwidth on american-style hundreds of channels of crap, rather than improving quality in the 2-3 channels that people might watch.
Right now, only the most "have-to-have-latest" type of people are even considering DTV, and even they have to admit it's not any better than standard. If DTV is to become popular, broadcasters will need to wait until enough people have the receiving kit (i.e. until enough people decide to pay double-price for a standard household item) before they can switch-off analog signals and force the rest to sign-up or sit out.
Doesn't seem likely in the medium term. Hell, most people don't even see the advantage in DVDs, and digital television has far fewer distinguishing features.
Needless to say, when DTV is in the process of becoming popular, it won't help when the early-adopters report that their video-recorders don't work, or that they can't change channel during adverts. If so much of a hint of hollywood-style customer-screwing gets talked about, the whole project could be delayed by years. This could be an advantage... it could even be specially arranged....
"Unforunately, smartcard readers don't seem to have become ubiquitous in all computing devices."
The last thing we need is another monoculture, especially one with peoples' personal information on it.
Every geek his own standard, and every company their own groupware product. Probably the most important factor in keeping this data safe is to ensure that neither Microsoft, Oracle, nor the Government have anything to do with it.
You don't need to encrypt the whole database at once: that's a concept years out-of-date for the reasons you mention. You encrypt the URL, and nothing more.
If you have a multi-user sytem, it's even easier. You just store the URL plaintext, and use MD5(Your name/your password/bookmark number) as the key-field. Nobody can then relate any record to any other, and only someone with your name/password can scan the bookmark numbers to do the search.
I belive PHPGroupWare (on Sourceforge) has a module to store bookmarks (with their standard authentication: they can also do address books and email, which answers some of the other questions in this thread)
Interesing bit: they also have a netscape plugin, which I assume means that they're as convenient as normal bookmarks.
Of course, the simple solution is to just put bookmarks.html onto your PGP-disk, but that means you have to keep the encrypted disk open every time you run a browser - not such a good idea. Most people won't want the complication of having several encrypted disks.
You can also just use your website as a bookmarks list, either with a 'robots=noindex' page not linked from anywhere, or with an.htaccess file, or with a PHP password like I use.
I was quoting here from the actual report: If you consider ProComp's considered judgement to be the equivalent of my butt, perhaps you should study either anatomy or antitrust law in more detail.
"Violation II. No Start Menu Access It is clear from the language of the SRPFJ and the Department's Competitive Impact Statement that the icon for Set Program Access and Defaults must appear directly on the start menu. The Service Pack, however, places an icon in the "All Programs" menu. "Set Program Access and Defaults" is not on the initial Start Menu and no icon is created on the desktop. On the new machine we tested the "Set Program Access and Default" utility that was listed as one of nearly 40 other entries. See Appendix 1, Figure 2. This is a straightforward violation of provision III. H.13"
Of course, none of these options appear on my Mandrake menus, which leaves me to rely on Microsoft stalwarts such as yourself [with access to Windows XP] for detailed testing of items in this report.
"So what do you want them to do? Ship CD's to every registered Windows owner at the company's expense?"
For a company with $6bn in the bank as a result of shipping an illegal product? Sure.
The download-size problem is this: they had to make their tiny program available to everyone. So they bolted it onto 50Mb of other crap (a service-pack?) and didn't offer it for download by itself. The analogy would be having to dowload mandrake ISO's just to get a copy of the GPL, or something like that. It's being deliberately made hard to use.
The other main problem mentioned is this: people know that they use ControlPanel->Add/Remove to add or remove programs. So how do you add or remove IE/OutlookExpress? Simple, you use "Set Program Access and Defaults" of course. Couldn't have been made more obvious for people to use. Especially when it's not in the start menu, doesn't have any help files, doesn't tell you what alternative products (browsers etc.) you have to choose from, and can screw up your system completely if you use it incorrectly.
"There is already way too much food in the world - the US and EU destroy millions of tonnes of it every year."
The alternative being to give some of it to the 3rd-world, thus ensuring that african farmers can't possibly make any money because they're competing with a free product?
You can connect to your partner's computer using a modem and a copy of PGP-Fone. You will need a mic/speaker and soundcard, which most computers already have, or you can by a telephone handset which plugs into your soundcard.
You can either phone your friend directly and have their modem ready to answer it (PGP-Fone running and waiting for the call), or you can establish an internet connection if you're both connected and know each others' IP addresses.
If this helps your confidence in programmers any: my flatmate is a postgrad-geographer specialising in GIS (Geographic information systems, mapping, rendering, etc) -- the extent of his department's programming knowledge was one tutor who had learnt Visual Basic over the summer, and was trying to teach class in it.
My flatmate then had to convert some massive data sets from one format to another, 20 lines of perl, but they needed to use VB just because. So we now have people who know enough programming to operate Excel, but not enough to write an app themselves, and these are the people you depend on working at the GPS companies...
"People who use linux are too cheap to buy an operating system"
I guess that counts my $90 mandake distribution then: too cheap to pay? How about the second mandrake boxes set I just bought for my sister? Or the debian CDs I bought online (twice?)
Let's make this very clear: if you want to find people too cheap to buy an operating system, try looking at windows users.
"If Linux users want more support the community is going to have to hold itself to a higher standard."
I'm obliged to force my own moral values on anybody who downloads a set of software free from the internet? Exactly how many people must I convince?
As the author said, the Windows empire was built by thieves, installing microsoft software without payment. But people still develop for windows. Go figure.
Any more news on the General Strike by entertainment consumers? Lots of people I know are quite interested in the idea, and want to see some organisation to it.
"the car industry... is not an a charity project; it's there to produce cars that people can buy"
You're not familiar with the UK car industry, I take it?
"Please keep your factory in Britain, we'll pay you millions of pounds from the public purse if you keep your factory open." our government pleads. A few months later the Nissan factory disappeared, taking the money which Blair donated to keep the factory open. Nah, that doesn't sound like charity at all...
(p.s. let's not forget the various "wars on X" (x{drugs, commies, arabs, unamericans}) -- if taking taxed war-monies and giving it to wealthy defence contractors to buy new houses is somehow more honourable than supporting public software, then please explain why?
"It is impossible to discern with certainty the processes that are occurring inside the machine."
With a real voting system (i.e. not the toys being used by UK government), you don't need to trust the machine, nor the server. Any voting system relying on a 'trustworthy' platform is rightly mocked as unauditable, for the reasons you point out.
However, in a real system, you should be able to (a) check your own vote to see that it was cast (b) count everyone else's vote to see the result is accurate (c) check that the total number of votes in the list is the same as the number of people who passed authentication
(a) and (b) are easy: the index field of the votes table is MD5("Your name/Your password"), so only someone with your name and password (i.e. you) can find out who you voted for. Anyone can count the cleartext 'vote' column.
(c) is more difficult, simply because you have to trust that the authentication server ("type the password we mailed to you") isn't colluding with the vote-server. Ideally you'd have the thinnest of thin clients, working from a server. [*1]
The electronic systems just need to try and mirror 'real' systems that we know work. Once your poll-card is signed by someome who's checked your name, then anybody can look at the card, and you hope that several people will.
You deliberately have a choice of boxes to post the card in, and they're deliberately easy to shuffle, so you can't tell who's who by the order they voted in.
You deliberately show as many people as possible the votes cast in such a way that they can check them. At the moment of course, you can't check that your own vote was counted.
You can also operate with several servers, such that they must collaborate to open your vote (equivalent to opening ballot-boxes in front of a committee, rather than alone) -- this reduces the chance of one server altering votes, even if people don't check-up on their own.
Next problem: if you voted for a, and the server says you voted for b, how can you prove who you voted for (assuming you're the only one who can find out if your vote is changed by the server, it's tamper-evident, but only to you)
[*1] Machine asks for name/id/ssn/password etc Machine hashes the whole lot, and asks the server whether it's valid. Machine signs a token you can use to vote, this goes into the 'votes' table Machine tells server that person x has been given a vote, then sends the name/pw hash again to check that it is now invalid ('already voted'). Machine verifiably clears its own memory.
Are Epsom not a hardware company? If so, they benefit from having open-source software (because it gets updated long after the company stops supporting it) as opposed to software companies who lose revenue if their code is opened.
"Anything not crypted, or crypted with a key that is not in your chain goes into a junk basket."
A nice temporary measure is to reply to any email not containing --START PGP MESSAGE with a reply "Your email is being returned -- it needs to be encrypted", and then just deliver it anyway. That reminds people they need to use encryption, without dropping any important emails.
To update that for the spam problem, simply reply to anyone you don't know with a password. They can re-send the email with the password in the header to be added to your whiitelist.
(And make sure not to use outlook, else LoveYou will forward your address-book to spammers, and they can forge messages from people you apparently know -- Any easy way to attach signatures to an email rather than wrapping the text in ugly PGP dashes?)
"Indeed. These added inefficiencies are relevant for someone like Amazon.com who sends out thousands of confirmation emails a day, or merely your average mailing list."
Well, you wanted a solution to people sending vast quantities of email... and it solves that problem nicely. Now, how do we cope with legitimate 'spammers' (bulk-mailers)?
(a) we don't need to - people who use mailing lists tend to maintain whitelists for them anyway: simply create a public-function for any user to create a whitelist on the server. Default whitelisting for anyone you reply to, perhaps?
(b) When Amazon accepts an order, they have to pay someone to go to the shelf, find the book, package it, and mail it, after which they must pay the post office to drive/fly/cycle it to the customer's house. Is it so much effort for their computer to spend 3 seconds calculating a hash-collision or factored number?
"Who ever uses an older browser ussually isn't a power user to start with"
You think so? I just went to check my site by opening Lynx on an SSH connection to my sourceforge account... am I not a power user?
I think you have it opposites: the people using old-browsers are webdesigners checking their sites, old cynics who can't bear the crap on the web and choose HTML/2, and academics with the required knowledge to keep 10-year-old computers on their desks working.
Most of the novice users would soon give-up when confronted with an atari running netscape3, or even an MS-DOS 5 prompt. I think novice users will be using whatever was thrown at them when they bought the computers, which will often be internet explorer 6.
Slashdot Mirror
In the UK, Digital Televisions are not available in sizes less than 28", and at approximately double the price of the equivalent analog TV. They offer no additional features, since they use the same signal. Even when digital signals are available, they will offer only double the picture quality (oh wow, an EGA mode), preferring to spend their bandwidth on american-style hundreds of channels of crap, rather than improving quality in the 2-3 channels that people might watch.
Right now, only the most "have-to-have-latest" type of people are even considering DTV, and even they have to admit it's not any better than standard. If DTV is to become popular, broadcasters will need to wait until enough people have the receiving kit (i.e. until enough people decide to pay double-price for a standard household item) before they can switch-off analog signals and force the rest to sign-up or sit out.
Doesn't seem likely in the medium term. Hell, most people don't even see the advantage in DVDs, and digital television has far fewer distinguishing features.
Needless to say, when DTV is in the process of becoming popular, it won't help when the early-adopters report that their video-recorders don't work, or that they can't change channel during adverts. If so much of a hint of hollywood-style customer-screwing gets talked about, the whole project could be delayed by years. This could be an advantage... it could even be specially arranged....
"Unforunately, smartcard readers don't seem to have become ubiquitous in all computing devices."
The last thing we need is another monoculture, especially one with peoples' personal information on it.
Every geek his own standard, and every company their own groupware product. Probably the most important factor in keeping this data safe is to ensure that neither Microsoft, Oracle, nor the Government have anything to do with it.
Two words: translucent databases
You don't need to encrypt the whole database at once: that's a concept years out-of-date for the reasons you mention. You encrypt the URL, and nothing more.
If you have a multi-user sytem, it's even easier. You just store the URL plaintext, and use MD5(Your name/your password/bookmark number) as the key-field. Nobody can then relate any record to any other, and only someone with your name/password can scan the bookmark numbers to do the search.
I belive PHPGroupWare (on Sourceforge) has a module to store bookmarks (with their standard authentication: they can also do address books and email, which answers some of the other questions in this thread)
.htaccess file, or with a PHP password like I use.
Interesing bit: they also have a netscape plugin, which I assume means that they're as convenient as normal bookmarks.
Of course, the simple solution is to just put bookmarks.html onto your PGP-disk, but that means you have to keep the encrypted disk open every time you run a browser - not such a good idea. Most people won't want the complication of having several encrypted disks.
You can also just use your website as a bookmarks list, either with a 'robots=noindex' page not linked from anywhere, or with an
I was quoting here from the actual report: If you consider ProComp's considered judgement to be the equivalent of my butt, perhaps you should study either anatomy or antitrust law in more detail.
"Violation II. No Start Menu Access
It is clear from the language of the SRPFJ and the Department's Competitive
Impact Statement that the icon for Set Program Access and Defaults must appear
directly on the start menu. The Service Pack, however, places an icon in the "All
Programs" menu. "Set Program Access and Defaults" is not on the initial Start
Menu and no icon is created on the desktop. On the new machine we tested the
"Set Program Access and Default" utility that was listed as one of nearly 40 other
entries. See Appendix 1, Figure 2. This is a straightforward violation of
provision III. H.13"
Of course, none of these options appear on my Mandrake menus, which leaves me to rely on Microsoft stalwarts such as yourself [with access to Windows XP] for detailed testing of items in this report.
"So what do you want them to do? Ship CD's to every registered Windows owner at the company's expense?"
For a company with $6bn in the bank as a result of shipping an illegal product? Sure.
The download-size problem is this: they had to make their tiny program available to everyone. So they bolted it onto 50Mb of other crap (a service-pack?) and didn't offer it for download by itself. The analogy would be having to dowload mandrake ISO's just to get a copy of the GPL, or something like that. It's being deliberately made hard to use.
The other main problem mentioned is this: people know that they use ControlPanel->Add/Remove to add or remove programs. So how do you add or remove IE/OutlookExpress? Simple, you use "Set Program Access and Defaults" of course. Couldn't have been made more obvious for people to use. Especially when it's not in the start menu, doesn't have any help files, doesn't tell you what alternative products (browsers etc.) you have to choose from, and can screw up your system completely if you use it incorrectly.
You don't generally install hundreds of megawatts of solar cells in places where it rains...
"There is already way too much food in the world - the US and EU destroy millions of tonnes of it every year."
The alternative being to give some of it to the 3rd-world, thus ensuring that african farmers can't possibly make any money because they're competing with a free product?
Trade defecits: they're good, right?
You can connect to your partner's computer using a modem and a copy of PGP-Fone. You will need a mic/speaker and soundcard, which most computers already have, or you can by a telephone handset which plugs into your soundcard.
You can either phone your friend directly and have their modem ready to answer it (PGP-Fone running and waiting for the call), or you can establish an internet connection if you're both connected and know each others' IP addresses.
What's next? Scrambling your voice over the telephone?
http://www.pgpi.org/products/pgpfone/
"Excellent, except as I recall, Microsoft Outlook has had this ability since the release of Windows XP"
Was not XP released many years after KMail supported encryption?
Also to troll (sorry) what use email encryption if a virus can send the contents of your inbox + personal files to everyone in your address book?
If this helps your confidence in programmers any: my flatmate is a postgrad-geographer specialising in GIS (Geographic information systems, mapping, rendering, etc) -- the extent of his department's programming knowledge was one tutor who had learnt Visual Basic over the summer, and was trying to teach class in it.
My flatmate then had to convert some massive data sets from one format to another, 20 lines of perl, but they needed to use VB just because. So we now have people who know enough programming to operate Excel, but not enough to write an app themselves, and these are the people you depend on working at the GPS companies...
"People who use linux are too cheap to buy an operating system"
I guess that counts my $90 mandake distribution then: too cheap to pay? How about the second mandrake boxes set I just bought for my sister? Or the debian CDs I bought online (twice?)
Let's make this very clear: if you want to find people too cheap to buy an operating system, try looking at windows users.
"If Linux users want more support the community is going to have to hold itself to a higher standard."
I'm obliged to force my own moral values on anybody who downloads a set of software free from the internet? Exactly how many people must I convince?
As the author said, the Windows empire was built by thieves, installing microsoft software without payment. But people still develop for windows. Go figure.
Any more news on the General Strike by entertainment consumers? Lots of people I know are quite interested in the idea, and want to see some organisation to it.
Just a week or so of no CD/video/DVD sales.
Anyone working on it?
"the car industry ... is not an a charity project; it's there to produce cars that people can buy"
You're not familiar with the UK car industry, I take it?
"Please keep your factory in Britain, we'll pay you millions of pounds from the public purse if you keep your factory open." our government pleads. A few months later the Nissan factory disappeared, taking the money which Blair donated to keep the factory open. Nah, that doesn't sound like charity at all...
(p.s. let's not forget the various "wars on X" (x{drugs, commies, arabs, unamericans}) -- if taking taxed war-monies and giving it to wealthy defence contractors to buy new houses is somehow more honourable than supporting public software, then please explain why?
"It is impossible to discern with certainty the processes that are occurring inside the machine."
With a real voting system (i.e. not the toys being used by UK government), you don't need to trust the machine, nor the server. Any voting system relying on a 'trustworthy' platform is rightly mocked as unauditable, for the reasons you point out.
However, in a real system, you should be able to
(a) check your own vote to see that it was cast
(b) count everyone else's vote to see the result is accurate
(c) check that the total number of votes in the list is the same as the number of people who passed authentication
(a) and (b) are easy: the index field of the votes table is MD5("Your name/Your password"), so only someone with your name and password (i.e. you) can find out who you voted for. Anyone can count the cleartext 'vote' column.
(c) is more difficult, simply because you have to trust that the authentication server ("type the password we mailed to you") isn't colluding with the vote-server. Ideally you'd have the thinnest of thin clients, working from a server. [*1]
The electronic systems just need to try and mirror 'real' systems that we know work. Once your poll-card is signed by someome who's checked your name, then anybody can look at the card, and you hope that several people will.
You deliberately have a choice of boxes to post the card in, and they're deliberately easy to shuffle, so you can't tell who's who by the order they voted in.
You deliberately show as many people as possible the votes cast in such a way that they can check them. At the moment of course, you can't check that your own vote was counted.
You can also operate with several servers, such that they must collaborate to open your vote (equivalent to opening ballot-boxes in front of a committee, rather than alone) -- this reduces the chance of one server altering votes, even if people don't check-up on their own.
Next problem: if you voted for a, and the server says you voted for b, how can you prove who you voted for (assuming you're the only one who can find out if your vote is changed by the server, it's tamper-evident, but only to you)
[*1]
Machine asks for name/id/ssn/password etc
Machine hashes the whole lot, and asks the server whether it's valid.
Machine signs a token you can use to vote, this goes into the 'votes' table
Machine tells server that person x has been given a vote, then sends the name/pw hash again to check that it is now invalid ('already voted').
Machine verifiably clears its own memory.
"But I will rant about how long it takes for initial startup on my laptop"
Try K-Meleon if you need speed
Are Epsom not a hardware company? If so, they benefit from having open-source software (because it gets updated long after the company stops supporting it) as opposed to software companies who lose revenue if their code is opened.
"Please, Slashdot, tell me how I'm supposed to think!"
It's news, not a column. Note it down in the recesses of your memory, and pull it out when someone asks if the GPL has ever been tested. Next!
"Anything not crypted, or crypted with a key that is not in your chain goes into a junk basket."
A nice temporary measure is to reply to any email not containing --START PGP MESSAGE with a reply "Your email is being returned -- it needs to be encrypted", and then just deliver it anyway. That reminds people they need to use encryption, without dropping any important emails.
To update that for the spam problem, simply reply to anyone you don't know with a password. They can re-send the email with the password in the header to be added to your whiitelist.
(And make sure not to use outlook, else LoveYou will forward your address-book to spammers, and they can forge messages from people you apparently know -- Any easy way to attach signatures to an email rather than wrapping the text in ugly PGP dashes?)
"Indeed. These added inefficiencies are relevant for someone like Amazon.com who sends out thousands of confirmation emails a day, or merely your average mailing list."
Well, you wanted a solution to people sending vast quantities of email... and it solves that problem nicely. Now, how do we cope with legitimate 'spammers' (bulk-mailers)?
(a) we don't need to - people who use mailing lists tend to maintain whitelists for them anyway: simply create a public-function for any user to create a whitelist on the server. Default whitelisting for anyone you reply to, perhaps?
(b) When Amazon accepts an order, they have to pay someone to go to the shelf, find the book, package it, and mail it, after which they must pay the post office to drive/fly/cycle it to the customer's house. Is it so much effort for their computer to spend 3 seconds calculating a hash-collision or factored number?
"We need a solution to spam, but this isn't it."
How about just "Type this 50-character random string from the image into the textbox" on your web-based anonymous remailer?
Would I still be RBL'd to put-up such a page on the web?
Jou of tech cartoon
"Do you still want to make contact?"
(watches commercial TV broadcasts coming from the planet) "Naah, leave it!"
"Who ever uses an older browser ussually isn't a power user to start with"
You think so? I just went to check my site by opening Lynx on an SSH connection to my sourceforge account... am I not a power user?
I think you have it opposites: the people using old-browsers are webdesigners checking their sites, old cynics who can't bear the crap on the web and choose HTML/2, and academics with the required knowledge to keep 10-year-old computers on their desks working.
Most of the novice users would soon give-up when confronted with an atari running netscape3, or even an MS-DOS 5 prompt. I think novice users will be using whatever was thrown at them when they bought the computers, which will often be internet explorer 6.