So they just block it at the "border". Shopping and stuff within your country is fine, you just can't buy stuff fro overseas. That'd probably make the tax people happier, too.
In the first instance, they'll ask you to provide the encryption key. If you are unwilling/unable, then they'll take further steps. If you're not a US citizen they'll probably deny you entry.
I think a competitor to PayPal would be a good thing, but I disagree about the government(s) keeping out of it. PayPal and any other similar service need to be under similar regulation to other financial services, to provide reasonable consumer protection - something PayPal have tried to avoid. There have been numerous complaints in this area over the years and it's one of the main things which has kept me from getting a PayPal account.
With my previous employer, we used to use Password Safe to store various passwords. One on a network drive for the team, (for admin passords and the like) and one for each individual. That seemed to work OK, as it meant that there was only one password to remember. The shared one also meant that we could enforce regular changes to the root password(s) without too much trouble.
Obviously the consequences of someone getting that one password could be quite serious, so you still need to enforce good password practices. Making use of biometrics might be a good idea.
These days, I tend to use mnemonics, which I hope aren't too obvious because they're not stored quite so securely, (on my 'phone). There are several ways of coming up with fairly strong passwords which are reasonably easy to remember, and amenable to the use of simple reminders.
It seems to be difficult to get people to exercise proper control of sensitive data. I'm sure that all - or most, anyway - of the government departments and businesses have clear policies on the subject which their staff are required to read. But people see a lot of memos and policy docs and clearly a lot of them aren't taken terribly seriously. Better employee education seems needed. Not just a heavy hand when people are caught, but to make it clear what the consequences to the employee, employer and data subject(s) could be. My employer has little video clips describing various company policies, and viewing them is tracked so that they know who has viewed them and who hasn't. That seems quite a good approach.
Equally it's quite difficult to prevent people downloading data to laptops. Many people can make a good case for it being necessary or at least useful for their job, so simply banning it isn't going to be a popular choice - and how do you enforce that, anyway? (Let's not forget that half the point of all this IT is to help people do their jobs.)
Full disk encryption seems to be a good starting point. At least that way you don't have to worry so much when - inevitably - someone loses a laptop.
Some sort of central repository might be worthwhile: a place on the network for people to keep files, but which is easily accessible remotely so that they'll actually make use of it. That has the added advantage that it's backed up. It's also potentially valuable to overcome concerns about travelling to and from the USA, (and probably other countries).
That's easier said than done, though. At work I've got a network drive which is intended for keeping stuff on but it was conceived of before laptops became prevelant: more to help people if they happened to be at a different workstation. Things have moved on a lot and these days the users's allowances aren't enough to cope with the amount of data which one can generate. And remote access when working away from the office isn't adequate, so people are likely to download stuff to their laptops so that they can work at home or on the road when the network is unavailable or performing badly.
It'd also tend to linit smaller independet journalists. (The big TV networks and the likes of AP and Reuters won't care.)
Seeing some of the news stories about what's going on in Beijing around the Olympic site is quite disturbing. The Chinese authorities are going to great lengths to ensure that no visitors - the few that can get in in the first place - see anything that could possibly reflect badly on them. One of the arguments for giving them the Olympics was that it would encourage more openess. That seems to be an abject failure so far.
Trade and open communications with oppressive regimes has been touted as a way to get internal change for many years, and might have been beneficial in some cases, (e.g. Soviet Union, although I'm not happy with the way Russia seems to be going at the moment). But China has managed things so that they have retained control of their population whilst still getting most of the economic and technological benefits.
Even with cooling, the memory doesn't linger all that long so all that's really needed is to delay removal of the chip(s) for long enough. Eposxy or something similar to fill in screws and secure access panels might suffice. Of course, that would make your own maintenance difficult. Glueing in the memory chips themselves might be better as it would be difficult to get them out using brute force without damaging them.
I'm sure I recall something from last week about individually encrypted filesystems not being secure because the OS will store data - e.g. documents being edited, or recovery files for same - in non-encrypted areas. So the only way to be safe IS to have the whole disk encrypted.
I think what it really shows is that there's no absolute security.
Don't get me wrong, I already understand that it is possible - just that the situations in which it is possible are not extremely likely to occur.
Apart from those likely to be facing the forces of law and order exercising search warrents, the biggest risk would seem to be for people losing laptops. It is suggested that PCs which are in hibernate/suspend states may not be safe. Personally, I don't tend to suspsend my PCs when I'm finished with them for the day. But I do sometimes and may suspend one with the expectation of restarting it later, only to get caught up with something else. These machines could be vulnerable.
I agree that it seems the best way of getting rid of it. It'll even be recycled eventually. The biggest stumblinng block for that at the moment is international treaties restricting disposal of hazardous waste at sea.
Things are nowhere near as bad as I remember from my distant youth, but it's still the case that one of the biggest sources of bugs is fixes. I'm in favour of keeping systems up to date - although I can be a bit remiss with my systems at home - but I like to stick to fix packages, especially for the servers at work. I'm only going to apply individiual fixes if they're for a problem which is actually affecting my users, or one which might. Security fixes are chief amongst those, particularly since there are audit requirements to keep patched and potential legal consequences if we don't. If bugs are not adequately classified I can't chose which ones to apply. In all liklihood, I'd choose "none" rather than "all" of them.
I don't need or want to know the nitty gritty of what the bug is. Just how serious the potential impact is.
Papers have been doing this sort of thing for years, often passing stuff off as their own stories or original comment. They might be able to protect themselves by attributing the tale but I think that there must be a limit to that. If a politician puts some wacky stuff in their blog it might be news, but if my young nephew does the same thing it certainly isn't.
But also, if you suddenly discover that half the stories in your local paper have just been pulled off the Internet, might you not think that you're wasting your money and can just read the originals yourself?
If I did it I think I'd get into a bit of trouble. If nothing else, we've got rules here in the UK on the safe storage of petrol: I don't think "in glass bottles with wicks" would be well received.:-)
I don't know. And I'm not advocating that these sorts of controls should be put in place, merely suggesting that some people might like them to be.
If I own some woodland, then I think that in the UK I have a responsibility to ensure that if it's accessible to the public - even if they're not actually invited - that there's nothing too dangerous lying around. No bear traps, for example. If I make an effort to keep people out then my responsibility is reduced.
IF one accepts that the Internet can be dangerous, then someone (not me) could try to make a case that people providing access to it have some sort of duty of care.
I recognise that difference. However, it's not always clear-cut.
What if I kept a crate of Molotov cocktails and a Zippo on my front lawn? If someone else chooses to do something unpleasant with them it's not my fault...
As more and more efforts are made by governments (and others) to make ISPs responsible for policing their customers' activities on the Internet, wouldn't you expect open wireless networks to come under similar pressure?
I should emphasise that's not what I want, nor is it necessarily what I expect to happen. I'm just airing some ideas.
I was suggesting possibilities, not advocating them.
Still, despite your fatuous comment, if the postman tripped over the cobbles on his way to my door I could be held liable - in this country, anyway. Household insurance usually covers such things.
It's not totally impractical. If I wanted to do something like this, (which I certainly don't!) I'd use a spare network card. (I've got several PCMCIA cards kicking around the house already.) Rebuild the PC each time, or run from a DVD, any data involved kept on external storage. That way all you need to conceal is a network adapter and a flash drive; maybe the DVD.
It doesn't make it clear in the article whether there was actual evidence that someone else had used the guy's network, or whether that was just a possibility. That makes quite a difference, I think. It makes sense to me that people should not be required to secure their networks, any more than they're required to lock their homes. But I'd also think that you'd have to have at least a smidgin of evidence that someone was using your unsecured network for their nefarious deeds if you were to get off.
On a slightly different track, whilst one is not generally required to lock one's front door, (although don't count on getting insurance if you don't), I think I'm correct in saying that in some places there are things you ARE required to secure. I'm thinking in particular of firearms: don't some states require gun owners to keep them secured? Certainly some places outside the USA do. It wouldn't be much of a stretch to extend that principle to other resources with which people could commit crimes, or inadvertently come to harm.
Of course, you'd then have to define how much security is required. Just a token effort? Or something which could actually withstand a concerted effort to gain access? One key difference between a house and a WiFi network is that it's difficult to enter someone else's house inadvertently, whereas many computers will connect to an open network automatically, or needing no more than a slip of the finger when choosing which network to use.
Could we see a requirement to log access to a wireless network, like an ISP? If you're deliberately running an open network then you are effectively acting as an ISP for all and sundry. Should you be subject to the same regulation?
"Normal" contract law just covers the basics. There are loads of laws to cover contracts in specific areas, all of which in principal cold be covered by a single piece of legislation - if everybody carried a contract lawyer in their pocket.
If I buy a TV I don't want to have to make sure that the fact that it'll work is in my contract with the retailer. I don't want to have to check that the bank I'm saving with isn't going to fritter my money away on a new yacht for the chairman. Why should my contract with my employer NOT be dealt with in the same way?
It's good that people back in India are doing well, but as you said: "They get huge benefits because of the labor shortage...". Workers will tend to have better conditions when they're in short supply. What will happen when that's no longer the case?
Trade Union membership in the UK is much lower than it's been in the past. There are several reasons for this but an important one is that many of the protections they fought for have now been enshrined in law. I think that's a far better situation than to have workers continually engaging in industrial action just to make sure that their employers don't take unfair advantage of their (generally) stronger negotiating position.
We need laws to ensure that people keep their contracts. You might just as well ask why we need any laws at all to cover civil matters. Like I said: it's to prevent them from weasling out of the contract. If you like, you could say that there's an implied contractual term that my employer sticks to the civil law of the country. Saves a lot of faffing around with lawyers.
Democracy is difficult. Minorities are always at risk, at least in theory. But TUPE and similar laws have nothing to do with that sort of unfair discrimination: it's to do with social policy and in that area I'm happy to see different countries have different ideas. I think things would be better, (for me primarily, but incidentally for most other people), if every country in the world was governed by some sort of liberal democracy but that still leaves plenty of scope for variety: UK != USA != France !=...
Sorry for the assumption: your ideas sound very American. Not sure about having the Arabian sea between us though: it depends which map you use. For some of them that would put you in southern India, others in Western Australia and I think it could also manage Antarctica. If you're thinking about the real globe, then welcome to Earth.:-)
I did the same with SUSE a few years back, for much the same reasons. Plus there was some support included. Since this was my first attempt at installing Linux and on a laptop to boot it was reassuring to know that I could get some help on the 'phone if I needed it, (which I didn't).
These days I'd be more inclined to burn a DVD myself, but then I've got a DVD burner now, and broadband. And other PCs I can use to access online help if things go wrong. The distros seem to be better now, too.
Slashdot Mirror
So they just block it at the "border". Shopping and stuff within your country is fine, you just can't buy stuff fro overseas. That'd probably make the tax people happier, too.
In the first instance, they'll ask you to provide the encryption key. If you are unwilling/unable, then they'll take further steps. If you're not a US citizen they'll probably deny you entry.
I think a competitor to PayPal would be a good thing, but I disagree about the government(s) keeping out of it. PayPal and any other similar service need to be under similar regulation to other financial services, to provide reasonable consumer protection - something PayPal have tried to avoid. There have been numerous complaints in this area over the years and it's one of the main things which has kept me from getting a PayPal account.
With my previous employer, we used to use Password Safe to store various passwords. One on a network drive for the team, (for admin passords and the like) and one for each individual. That seemed to work OK, as it meant that there was only one password to remember. The shared one also meant that we could enforce regular changes to the root password(s) without too much trouble.
Obviously the consequences of someone getting that one password could be quite serious, so you still need to enforce good password practices. Making use of biometrics might be a good idea.
These days, I tend to use mnemonics, which I hope aren't too obvious because they're not stored quite so securely, (on my 'phone). There are several ways of coming up with fairly strong passwords which are reasonably easy to remember, and amenable to the use of simple reminders.
It seems to be difficult to get people to exercise proper control of sensitive data. I'm sure that all - or most, anyway - of the government departments and businesses have clear policies on the subject which their staff are required to read. But people see a lot of memos and policy docs and clearly a lot of them aren't taken terribly seriously. Better employee education seems needed. Not just a heavy hand when people are caught, but to make it clear what the consequences to the employee, employer and data subject(s) could be. My employer has little video clips describing various company policies, and viewing them is tracked so that they know who has viewed them and who hasn't. That seems quite a good approach.
Equally it's quite difficult to prevent people downloading data to laptops. Many people can make a good case for it being necessary or at least useful for their job, so simply banning it isn't going to be a popular choice - and how do you enforce that, anyway? (Let's not forget that half the point of all this IT is to help people do their jobs.)
Full disk encryption seems to be a good starting point. At least that way you don't have to worry so much when - inevitably - someone loses a laptop.
Some sort of central repository might be worthwhile: a place on the network for people to keep files, but which is easily accessible remotely so that they'll actually make use of it. That has the added advantage that it's backed up. It's also potentially valuable to overcome concerns about travelling to and from the USA, (and probably other countries).
That's easier said than done, though. At work I've got a network drive which is intended for keeping stuff on but it was conceived of before laptops became prevelant: more to help people if they happened to be at a different workstation. Things have moved on a lot and these days the users's allowances aren't enough to cope with the amount of data which one can generate. And remote access when working away from the office isn't adequate, so people are likely to download stuff to their laptops so that they can work at home or on the road when the network is unavailable or performing badly.
It'd also tend to linit smaller independet journalists. (The big TV networks and the likes of AP and Reuters won't care.)
Seeing some of the news stories about what's going on in Beijing around the Olympic site is quite disturbing. The Chinese authorities are going to great lengths to ensure that no visitors - the few that can get in in the first place - see anything that could possibly reflect badly on them. One of the arguments for giving them the Olympics was that it would encourage more openess. That seems to be an abject failure so far.
Trade and open communications with oppressive regimes has been touted as a way to get internal change for many years, and might have been beneficial in some cases, (e.g. Soviet Union, although I'm not happy with the way Russia seems to be going at the moment). But China has managed things so that they have retained control of their population whilst still getting most of the economic and technological benefits.
Even with cooling, the memory doesn't linger all that long so all that's really needed is to delay removal of the chip(s) for long enough. Eposxy or something similar to fill in screws and secure access panels might suffice. Of course, that would make your own maintenance difficult. Glueing in the memory chips themselves might be better as it would be difficult to get them out using brute force without damaging them.
I'm sure I recall something from last week about individually encrypted filesystems not being secure because the OS will store data - e.g. documents being edited, or recovery files for same - in non-encrypted areas. So the only way to be safe IS to have the whole disk encrypted.
I think what it really shows is that there's no absolute security.
Don't get me wrong, I already understand that it is possible - just that the situations in which it is possible are not extremely likely to occur.
Apart from those likely to be facing the forces of law and order exercising search warrents, the biggest risk would seem to be for people losing laptops. It is suggested that PCs which are in hibernate/suspend states may not be safe. Personally, I don't tend to suspsend my PCs when I'm finished with them for the day. But I do sometimes and may suspend one with the expectation of restarting it later, only to get caught up with something else. These machines could be vulnerable.
I agree that it seems the best way of getting rid of it. It'll even be recycled eventually. The biggest stumblinng block for that at the moment is international treaties restricting disposal of hazardous waste at sea.
Things are nowhere near as bad as I remember from my distant youth, but it's still the case that one of the biggest sources of bugs is fixes.
I'm in favour of keeping systems up to date - although I can be a bit remiss with my systems at home - but I like to stick to fix packages, especially for the servers at work. I'm only going to apply individiual fixes if they're for a problem which is actually affecting my users, or one which might. Security fixes are chief amongst those, particularly since there are audit requirements to keep patched and potential legal consequences if we don't.
If bugs are not adequately classified I can't chose which ones to apply. In all liklihood, I'd choose "none" rather than "all" of them.
I don't need or want to know the nitty gritty of what the bug is. Just how serious the potential impact is.
Papers have been doing this sort of thing for years, often passing stuff off as their own stories or original comment. They might be able to protect themselves by attributing the tale but I think that there must be a limit to that. If a politician puts some wacky stuff in their blog it might be news, but if my young nephew does the same thing it certainly isn't.
But also, if you suddenly discover that half the stories in your local paper have just been pulled off the Internet, might you not think that you're wasting your money and can just read the originals yourself?
If I did it I think I'd get into a bit of trouble. If nothing else, we've got rules here in the UK on the safe storage of petrol: I don't think "in glass bottles with wicks" would be well received. :-)
I don't know. And I'm not advocating that these sorts of controls should be put in place, merely suggesting that some people might like them to be.
If I own some woodland, then I think that in the UK I have a responsibility to ensure that if it's accessible to the public - even if they're not actually invited - that there's nothing too dangerous lying around. No bear traps, for example. If I make an effort to keep people out then my responsibility is reduced.
IF one accepts that the Internet can be dangerous, then someone (not me) could try to make a case that people providing access to it have some sort of duty of care.
Sure it's a stretch; legislators are always stretching the facts to get some wizzy new powers for themselves or their agents.
Just because it's not directly physically harmful doesn't mean that the Internet isn't dangerous, or at least can be used to cause harm.
I recognise that difference. However, it's not always clear-cut.
What if I kept a crate of Molotov cocktails and a Zippo on my front lawn? If someone else chooses to do something unpleasant with them it's not my fault...
As more and more efforts are made by governments (and others) to make ISPs responsible for policing their customers' activities on the Internet, wouldn't you expect open wireless networks to come under similar pressure?
I should emphasise that's not what I want, nor is it necessarily what I expect to happen. I'm just airing some ideas.
I was suggesting possibilities, not advocating them.
Still, despite your fatuous comment, if the postman tripped over the cobbles on his way to my door I could be held liable - in this country, anyway. Household insurance usually covers such things.
I quite agree! All the anti-copying adverts referring to it as theft and piracy really tick me off.
Copyright is a privilege granted by us to the copyright holders. They seem all too willing to abuse that privilege.
It's not totally impractical. If I wanted to do something like this, (which I certainly don't!) I'd use a spare network card. (I've got several PCMCIA cards kicking around the house already.) Rebuild the PC each time, or run from a DVD, any data involved kept on external storage. That way all you need to conceal is a network adapter and a flash drive; maybe the DVD.
It doesn't make it clear in the article whether there was actual evidence that someone else had used the guy's network, or whether that was just a possibility. That makes quite a difference, I think. It makes sense to me that people should not be required to secure their networks, any more than they're required to lock their homes. But I'd also think that you'd have to have at least a smidgin of evidence that someone was using your unsecured network for their nefarious deeds if you were to get off.
On a slightly different track, whilst one is not generally required to lock one's front door, (although don't count on getting insurance if you don't), I think I'm correct in saying that in some places there are things you ARE required to secure. I'm thinking in particular of firearms: don't some states require gun owners to keep them secured? Certainly some places outside the USA do. It wouldn't be much of a stretch to extend that principle to other resources with which people could commit crimes, or inadvertently come to harm.
Of course, you'd then have to define how much security is required. Just a token effort? Or something which could actually withstand a concerted effort to gain access? One key difference between a house and a WiFi network is that it's difficult to enter someone else's house inadvertently, whereas many computers will connect to an open network automatically, or needing no more than a slip of the finger when choosing which network to use.
Could we see a requirement to log access to a wireless network, like an ISP? If you're deliberately running an open network then you are effectively acting as an ISP for all and sundry. Should you be subject to the same regulation?
I'm sure it's a wonderful development and will do some good but ultimately it'll just move the performance bottleneck somewhere else.
"Normal" contract law just covers the basics. There are loads of laws to cover contracts in specific areas, all of which in principal cold be covered by a single piece of legislation - if everybody carried a contract lawyer in their pocket.
If I buy a TV I don't want to have to make sure that the fact that it'll work is in my contract with the retailer. I don't want to have to check that the bank I'm saving with isn't going to fritter my money away on a new yacht for the chairman. Why should my contract with my employer NOT be dealt with in the same way?
It's good that people back in India are doing well, but as you said: "They get huge benefits because of the labor shortage...". Workers will tend to have better conditions when they're in short supply. What will happen when that's no longer the case?
Trade Union membership in the UK is much lower than it's been in the past. There are several reasons for this but an important one is that many of the protections they fought for have now been enshrined in law. I think that's a far better situation than to have workers continually engaging in industrial action just to make sure that their employers don't take unfair advantage of their (generally) stronger negotiating position.
We need laws to ensure that people keep their contracts. You might just as well ask why we need any laws at all to cover civil matters. Like I said: it's to prevent them from weasling out of the contract. If you like, you could say that there's an implied contractual term that my employer sticks to the civil law of the country. Saves a lot of faffing around with lawyers.
Democracy is difficult. Minorities are always at risk, at least in theory. But TUPE and similar laws have nothing to do with that sort of unfair discrimination: it's to do with social policy and in that area I'm happy to see different countries have different ideas. I think things would be better, (for me primarily, but incidentally for most other people), if every country in the world was governed by some sort of liberal democracy but that still leaves plenty of scope for variety: UK != USA != France != ...
Sorry for the assumption: your ideas sound very American. Not sure about having the Arabian sea between us though: it depends which map you use. For some of them that would put you in southern India, others in Western Australia and I think it could also manage Antarctica. If you're thinking about the real globe, then welcome to Earth. :-)
I did the same with SUSE a few years back, for much the same reasons. Plus there was some support included. Since this was my first attempt at installing Linux and on a laptop to boot it was reassuring to know that I could get some help on the 'phone if I needed it, (which I didn't).
These days I'd be more inclined to burn a DVD myself, but then I've got a DVD burner now, and broadband. And other PCs I can use to access online help if things go wrong. The distros seem to be better now, too.
That explains the Taiwanese housewives.