I suggest you set priorities: concentrate on being careful about the things high on your list, and don't sweat the small stuff.
Here is a suggested list of priorities. Please reply and tell me what would be at or near the top of your list.
1. Information that could be used to reach or gain the trust of your (minor) children.
2. Your medical records. Even if you don't have anything serious in them now, anticipate that you might after your next doctor's visit, and start paying attention now.
3. Account numbers and access codes for liquid assets. Use bill-pay where possible rather than printed checks, because those checks don't use your real bank account number. Use credit cards instead of debit cards, because the latter pull money directly from your bank account.
4. The size of your salary, assets, and debts. All of these can be used by con artists to target you.
I think that after these four, it's mostly small stuff. What do you think?
Brain waves are a significantly worse biometric than things such as fingerprints (which are not great to start with) because they are so variable. My brainwaves when I am mad are significantly different than my brainwaves when I am happy. I am continuously learning, and this changes my thought patterns significantly over the course of time. Even if the brainwave scan assumes that I am concentrating on one thought (assuming even that would work), I am not going to be able to get into my computer the day my mechanic charges me for changing the wrong brake shoes, because I am going to be obsessing about that.
Even if one can get beyond the variability problems described above, brainwaves are a fundamentally noisy signal. They are the aggregate effect of possibly millions of neurons firing at once. When running noisy signals through any sort of classifier, you get two problems: false positives and false negatives. False positives, where the system mistakes somebody else for you, are absolutely deadly in a password system. So you have to make the classifier software really picky to avoid false positives. Of course this means that you get lots of false negatives, where you think the right thing and the computer does not recognize you. Imagine sitting down at the computer and having it essentially tell you "Sorry, I can't let you in because you're not thinking about exactly the same elephant that you were thinking about yesterday. Please come back when you remember exactly what that elephant looked like".
Classifiers operating on noisy input data are good for sorting out stuff where an occasional error (false positive OR false negative) is OK. Password matching is NOT such an application.
I agree with all of the above note except for the following:
You can patent an implementation, but not an idea. I think that the entire idea of patents is to protect ideas, so I would reverse this.
No software patents. I think there are a very few cases where the disclosure of an otherwise secret algorithm advanced the state of the art. IMHO, the RSA algorithm and the spreadsheet user interface were patent-worthy ideas.
However, I would add a few more restrictions on patents:
Every software patent must be accompanied by the source code for a program that implements it.
This code must contain no dependencies on proprietary code or other patents. This code must immediately be released into the public domain. (Meaning that it cannot be legally used without a patent license, but that it becomes free software the minute the patent expires).
No submarine patents for published material. I am OK with the first documented inventor getting the patent where there are two patent filers, but ANY publication by anybody before filing should invalidate the patent.
Every patent filer must sign a statement saying I hereby warrant under penalty of perjury that to the best of my knowedge all of the ideas covered by this patent are novel and non-obvious to an experienced practitioner in the field of this invention.
There should be a specific ban on patents that are simply combinations of non-novel ideas. Patenting using a mouse click (non-novel) to sell something (non-novel) is like patenting using a hammer with my left hand. Perhaps this is redundant: in the case of the one-click patent the combination is absolutely obvious to pretty much anybody who has ever worked as a programmer.
I would like to see an annual patent tax, proportional to the square of the number of patents owned by any entity. The tax would be waived on any patents released into the public domain. This would give large companies a financial incentive to dump their patent thickets into the public domain.
Professional organizations should be allowed to challenge patents in their fields before they are granted. For example, the ACM should be allowed to appoint a committee to evaluate and challenge software patents.
There should be a law that whenever a patent is declared invalid, all license fees ever collected on that patent must be refunded -- and that the right to this refund cannot be contractually waived. Any entity collecting patent license fees (read: patent trolls) must be fully bonded against the possibility that their patents will be declared invalid.
These measures will not solve all the problems with patents, but they should help.
would someone please explain me what OMG stands for ?
OMG stands for "Object Management Grouping". It is a markup tag that tells indexing software that the following few words should be treated as keywords. It is rarely needed these days, because modern indexers (like Google) treat all words as potential indices.
In this way, it's sort of like the "register" tag in C and C++, which has become largely unnecessary as compiler optimization has gotten better.
This information has been carefully checked for plausibility.
I wonder if filing a patent with knowledge of prior art could be construed as fraud:)
Actually, that is a valid point. If Balthasar was indeed a VP of strategy at Macromedia, then he must have known that some of the claims in it were invalid when he filed it. This could probably even be proved in a court of law by subpoening a few documents from Macromedia.
I don't know if attempting to patent what you know is prior art is a crime. I think that every patent application should end with a statement saying
I certify under penalty of perjury that to the best of my knowledge all of the claims in this patent are both novel and non-obvious to an experienced practitioner in the field of this patent.
A better case could be made that any attempt by Balthasar to enforce this patent, or to extract license fees with a threat of litigation, could be construed as extortion. Perhaps an extortion conviction in a case such as this would go a long way toward straightening out the patent system.
Ironically, isn't it the opposite? Wouldn't it be disrespectful of the user to NOT trust them with admin privs?
There's a difference between being trusted with admin privileges and being forced to run with them all the time.
Consider as an analogy my circular saw. It has a blade guard. The blade guard makes it harder to use the saw. It even makes it harder to cut a straight line.
I do not consider the manufacturer to be disrespectful or patronizing for putting on a blade guard. I know that I could take the blade guard off, and cut faster and more accurately. However, I never will take the blade guard off: I'm not careful enough, and I value my fingers.
Against privacy: *.us is heavily used by spammers and fraudsters.
For privacy: People running their own mailservers, etc. for mostly private use should be able to appear on the web without exposing themselves to spammers, fraudsters, and nuts.
How about if we allow those of us who want privacy to use the subdomain.private.us? Everybody in the world can then blacklist.private.us by default (i.e, that can be the first rule in every spam blocker), and we can selectively whitelist only the.private.us domains of our friends.
Here's how I think it works. Other folks who have
read the paper please correct me if I am wrong.
Clock skew is the disparity between your clock value
and some reference time value (probably the clock of the measuring machine. This disparity grows over time, and the rate of growth of this disparity is the difference between the rate of the measured system's clock ticks and the rate of the clock of the reference system's clock ticks. If you are going to do this "officially", your reference time should be an atomic clock instead of the rate of the measuring machine.
Thus the characteristic fingerprint that we want to measure is the rate, or frequency, of the clock on the measured machine -- or more precisely, its difference from some reference value. What we can measure are
The longer you measure, the greater the number of bits of precision that you get in your measurement.
More bits of precision mean that you can tell more machines apart. To identify one machine on the entire internet requires many bits of accuracy. To identify one machine on a LAN requires very few.
Long measurements can be defeated by periodically resetting your clock. Rebooting, running NTFS, or manually setting your clock does this.
Short measurements can be defeated by heating or cooling your machine, which affects the operation of the oscillator used by the clock.
Swapping out the clock oscillator will change the fingerprint of your machine, but it may not be easy to do.
IBM used to regularly give Notes away for Free to compete with Microsoft Exchange. This was because IBM had a services and a hardware unit that could subsidize the sale and Microsoft did not. Nothing wrong with this, except the notion that Notes was free. They would brag externally that each "Free" notes seat got them $650 of additional revenue. Inside the company it was more like twice to three times this. They make a billion dollars off of Linux, best estimate is they have less than 1M seats of Linux, you do the math. It may be a lot of things, but it sure as hell isn't Free.
This seems to be the central argument of the piece (or at least the one that IMHO is least obviously wrong), but it seems to me to be flawed. Let's examine this through a hardware analogy.
Say that Ford Motor Company decided to give away tires that fit any car, at no cost, to anybody who asked for them. This would enable Ford to sell more cars, possibly allowing them to make more profit. Does that mean that the tires I get from Ford and put on my Saturn are not free?
Mr Enderle seems to be arguing that I would be paying something for them, but I can't figure out what.
Echelon's analysis programs are trying to separate
interesting information (including email) from uninteresting stuff. Presumably the interesting stuff found by the program must be read by human operators before it can be used for anything.
Well, spammers are currently devoting much effort to making their spam look like "interesting" mail. Currently they are working to defeat Baysean filters, but as the antispam filters get more sophisticated so will the spam.
When the filters get as sophisticated as Echelon's, and the spammers learn how to get through them, the output of Echelon (passed to its human agents) could be flooded with false positives. Perhaps this spam effect could effectively shut down Echelon.
So, they put a modem on the diagnostic port, I dial in, do the magic, and make the customer happy.
Based on what other people have said
in previous threads, this company did it right.
A diagnostic port that is usually physically
disconnected from the machine meets the
requirement that only someone with access to
the machine can use the back door.
It's only bad if you leave the diagnostic port
connected all the time.
If the law is based on the paradigm of trespassing, then saying "I didn't harm anyone" is no defense.
Imagine this: I am walking by your house one day, and I am cold, so I try your door, find it unlocked, and come sit on your couch for an hour to warm up. This probably wouldn't cost you anything in lost heat because my body generates warmth, but wouldn't it creep you out a bit?
I find more compelling the argument that the trespassing paradigm is wrong, and that a public contract model is more appropriate: specifically, anybody with government permission to beam electromagnetic signals through other people's bodies should have an obligation to provide something to the public in return for that permission.
Precisely. All the law really needs to allow is the right of the allegedly aggrieved party to link to the allegedly offending page in the alleged offender's site.
I don't think that this is too burdensome -- IMHO the "right" to prevent people from linking to pages in your website is somewhat questionable to start with.
That way, anybody who wants to evaluate the reliability of a webpage can simply go to Google, search for links to that page, and read what those linkers have to say.
I would suggest that the easiest method of solving this problem is to prevent a corporation from owning any patent or copyright nor contractual obligations applying to them.
I suggest that we tax the square of the patent holdings of any legal entity, regardless of whether it is a corporation or an individual.
I suggest an annual tax, paid to the federal government, of $0.01 multiplied by the square of the total number of claims in all of the patents owned by that entity. Thus if you own 5 patents with 10 claims in each, you pay
$0.01*(5*10)^2 = $25.
But if you own 1000 patents with 10 claims in each, you pay
$0.01*(10*1000)^2 = $1 million.
The tax should be waived for "defensive patents", where you patent something so that nobody else can patent it and then irrevocably release the patent rights into the public domain.
(To prevent ridiculously huge claims in patents to get around the tax, the law should also specify that a patent claim can only be considered infringed if it is entirely infringed).
OK, if profits are driving this, let's change the
tax rules to encourage companies to respect the
public good.
I propose that every company that owns radio broadast licenses be required to pay the federal government an annual tax of $1000 multiplied by the square of the number of licenses owned by that entire company.
Thus your local independent radio station pays
$1000 a year.
ClearChannel, with ~1200 licenses,
is welcome to continue operating as they are now
provided they are willing to pay the US government $1000 x (1200)^2 = 1.44 billion dollars each year for the privilege.
I suspect that they would quickly divest themselves of
all but their 10 or so most profitable stations -- which is as it should be.
There's another, possibly even more awful precedent here: From the article
said RIAA Senior Vice President Matt Oppenheim in a statement. "We have also sent a clear signal to others that this kind of activity is illegal."
Let's clarify: this is not case law.
They did not take this to court and they did not prove any sort if illegal activity. But they will probably cite this as "case law" in future cases. Will they find a judge stupid enough to believe them?
If so, any large corporation that wants the law changed need only sue people for huge amounts of money and then settle, thus creating "case law".
Although a router does not have time to analyze every packet, it could periodically route copies of a few thousand packets to an analyzer machine. This machine could
reconstruct messages from the packets
look for e-mail messages
apply its spam rules to those messages
return a few bits of result information to the router.
I think that the router should not use this
information to shut anybody off. Rather, it should use this information to reorder its routing priority tables. Thus the router will serve its most spam-free peers first, handling the heavy spam forwarders only when it has time. Eventually consumers will leave ISPs with poor throughput, so ISPs will have a much stronger incentive to track down and terminate their members who spam.
Slashdot Mirror
Here is a suggested list of priorities. Please reply and tell me what would be at or near the top of your list.
1. Information that could be used to reach or gain the trust of your (minor) children.
2. Your medical records. Even if you don't have anything serious in them now, anticipate that you might after your next doctor's visit, and start paying attention now.
3. Account numbers and access codes for liquid assets. Use bill-pay where possible rather than printed checks, because those checks don't use your real bank account number. Use credit cards instead of debit cards, because the latter pull money directly from your bank account.
4. The size of your salary, assets, and debts. All of these can be used by con artists to target you.
I think that after these four, it's mostly small stuff. What do you think?
Even if one can get beyond the variability problems described above, brainwaves are a fundamentally noisy signal. They are the aggregate effect of possibly millions of neurons firing at once. When running noisy signals through any sort of classifier, you get two problems: false positives and false negatives. False positives, where the system mistakes somebody else for you, are absolutely deadly in a password system. So you have to make the classifier software really picky to avoid false positives. Of course this means that you get lots of false negatives, where you think the right thing and the computer does not recognize you. Imagine sitting down at the computer and having it essentially tell you "Sorry, I can't let you in because you're not thinking about exactly the same elephant that you were thinking about yesterday. Please come back when you remember exactly what that elephant looked like".
Classifiers operating on noisy input data are good for sorting out stuff where an occasional error (false positive OR false negative) is OK. Password matching is NOT such an application.
I think that the entire idea of patents is to protect ideas, so I would reverse this.
I think there are a very few cases where the disclosure of an otherwise secret algorithm advanced the state of the art. IMHO, the RSA algorithm and the spreadsheet user interface were patent-worthy ideas.
However, I would add a few more restrictions on patents:
These measures will not solve all the problems with patents, but they should help.
OMG stands for "Object Management Grouping". It is a markup tag that tells indexing software that the following few words should be treated as keywords. It is rarely needed these days, because modern indexers (like Google) treat all words as potential indices. In this way, it's sort of like the "register" tag in C and C++, which has become largely unnecessary as compiler optimization has gotten better.
This information has been carefully checked for plausibility.
Actually, that is a valid point. If Balthasar was indeed a VP of strategy at Macromedia, then he must have known that some of the claims in it were invalid when he filed it. This could probably even be proved in a court of law by subpoening a few documents from Macromedia.
I don't know if attempting to patent what you know is prior art is a crime. I think that every patent application should end with a statement saying
A better case could be made that any attempt by Balthasar to enforce this patent, or to extract license fees with a threat of litigation, could be construed as extortion. Perhaps an extortion conviction in a case such as this would go a long way toward straightening out the patent system.
Kudzu and water hyacinths, two scourges of the south, come immediately to mind. If you can make ethanol AND clean up these weeds, you win twice.
There's a difference between being trusted with admin privileges and being forced to run with them all the time.
Consider as an analogy my circular saw. It has a blade guard. The blade guard makes it harder to use the saw. It even makes it harder to cut a straight line.
I do not consider the manufacturer to be disrespectful or patronizing for putting on a blade guard. I know that I could take the blade guard off, and cut faster and more accurately. However, I never will take the blade guard off: I'm not careful enough, and I value my fingers.
- Against privacy: *.us is heavily used by spammers and fraudsters.
- For privacy: People running their own mailservers, etc. for mostly private use should be able to appear on the web without exposing themselves to spammers, fraudsters, and nuts.
How about if we allow those of us who want privacy to use the subdomainClock skew is the disparity between your clock value and some reference time value (probably the clock of the measuring machine. This disparity grows over time, and the rate of growth of this disparity is the difference between the rate of the measured system's clock ticks and the rate of the clock of the reference system's clock ticks. If you are going to do this "officially", your reference time should be an atomic clock instead of the rate of the measuring machine.
Thus the characteristic fingerprint that we want to measure is the rate, or frequency, of the clock on the measured machine -- or more precisely, its difference from some reference value. What we can measure are
- S1, S2 = The clock skew at two points in time
- DT = The time between the two observations.
The clock frequency error is then calculated asThis approach has a number of consequences:- The longer you measure, the greater the number of bits of precision that you get in your measurement.
- More bits of precision mean that you can tell more machines apart. To identify one machine on the entire internet requires many bits of accuracy. To identify one machine on a LAN requires very few.
- Long measurements can be defeated by periodically resetting your clock. Rebooting, running NTFS, or manually setting your clock does this.
- Short measurements can be defeated by heating or cooling your machine, which affects the operation of the oscillator used by the clock.
- Swapping out the clock oscillator will change the fingerprint of your machine, but it may not be easy to do.
I hope this helps.John
This seems to be the central argument of the piece (or at least the one that IMHO is least obviously wrong), but it seems to me to be flawed. Let's examine this through a hardware analogy.
Say that Ford Motor Company decided to give away tires that fit any car, at no cost, to anybody who asked for them. This would enable Ford to sell more cars, possibly allowing them to make more profit. Does that mean that the tires I get from Ford and put on my Saturn are not free? Mr Enderle seems to be arguing that I would be paying something for them, but I can't figure out what.
Well, spammers are currently devoting much effort to making their spam look like "interesting" mail. Currently they are working to defeat Baysean filters, but as the antispam filters get more sophisticated so will the spam. When the filters get as sophisticated as Echelon's, and the spammers learn how to get through them, the output of Echelon (passed to its human agents) could be flooded with false positives. Perhaps this spam effect could effectively shut down Echelon.
Based on what other people have said in previous threads, this company did it right.
A diagnostic port that is usually physically disconnected from the machine meets the requirement that only someone with access to the machine can use the back door.
It's only bad if you leave the diagnostic port connected all the time.
Imagine this: I am walking by your house one day, and I am cold, so I try your door, find it unlocked, and come sit on your couch for an hour to warm up. This probably wouldn't cost you anything in lost heat because my body generates warmth, but wouldn't it creep you out a bit?
I find more compelling the argument that the trespassing paradigm is wrong, and that a public contract model is more appropriate: specifically, anybody with government permission to beam electromagnetic signals through other people's bodies should have an obligation to provide something to the public in return for that permission.
Precisely. All the law really needs to allow is the right of the allegedly aggrieved party to link to the allegedly offending page in the alleged offender's site. I don't think that this is too burdensome -- IMHO the "right" to prevent people from linking to pages in your website is somewhat questionable to start with.
That way, anybody who wants to evaluate the reliability of a webpage can simply go to Google, search for links to that page, and read what those linkers have to say.
I suggest that we tax the square of the patent holdings of any legal entity, regardless of whether it is a corporation or an individual.
I suggest an annual tax, paid to the federal government, of $0.01 multiplied by the square of the total number of claims in all of the patents owned by that entity. Thus if you own 5 patents with 10 claims in each, you pay
But if you own 1000 patents with 10 claims in each, you payThe tax should be waived for "defensive patents", where you patent something so that nobody else can patent it and then irrevocably release the patent rights into the public domain.
(To prevent ridiculously huge claims in patents to get around the tax, the law should also specify that a patent claim can only be considered infringed if it is entirely infringed).
I propose that every company that owns radio broadast licenses be required to pay the federal government an annual tax of $1000 multiplied by the square of the number of licenses owned by that entire company. Thus your local independent radio station pays $1000 a year.
ClearChannel, with ~1200 licenses, is welcome to continue operating as they are now provided they are willing to pay the US government $1000 x (1200)^2 = 1.44 billion dollars each year for the privilege.
I suspect that they would quickly divest themselves of all but their 10 or so most profitable stations -- which is as it should be.
If so, any large corporation that wants the law changed need only sue people for huge amounts of money and then settle, thus creating "case law".
I think that the router should not use this information to shut anybody off. Rather, it should use this information to reorder its routing priority tables. Thus the router will serve its most spam-free peers first, handling the heavy spam forwarders only when it has time. Eventually consumers will leave ISPs with poor throughput, so ISPs will have a much stronger incentive to track down and terminate their members who spam.