And it never has been. Thats just newspeak for Controlled Computing. Never use their newspeak. Always call it controlled computing. Whenever someone asks what it means, you have a great explanation of it.
Um. Thats the idea. I don't know if the CPU yet encrypts the data bus, but it wouldn't surprise me.
Go back to first principals. The schemes roughly work by: the 'untrusted system' sets a block of memory consisting of a program. It then tells the control chip to 'authenticate' that block. The control chip runs a cryptographic hash over it and only if it matches a signature will it relinquish additional encryption keys to the software in that block. It can also faithfully prove to that controlled box that the chip correctly implements this control scheme.
There's usually a bunch of other stuff for how to get 'privacy' --- by not having to disclose your mobo's public key to that controlled box, but thats about it. The motherboard chipset protects the block from 'unauthorized overwriting' from DMA in hardware or the rest of the OS.
This means that you, I, microsoft, and anyone can write an encrypted application and a boot-loader for it, distribute it to anyone and the machine will only load it *and* relinquish the decryption keys if and when it is unmodified. In an offline setting, this sort of remote control can be subverted. In any online setting, as soon as they detect a broken key, they can blacklist it.
Overall, this technology embodies what is best about well-designed ssytems. General, powerful, flexible and state of the art. Its not a joke like CSS. (which was a bad implementation of a good system design) It isn't evil per-se, but it is subject to great potential evil.
This digital control technology doesn't fully solve the age-old question of how does a distributed system trust a remote untrustable host, but it puts up a pretty tough bar to cross. Each system must obtain the secret keys in their computer individually. Any attack requireing widespread subversion or where the benefits aren't worth the hardwar hacking won't be worth it. Users can choose to leave the system, but they cannot easily subvert it.
The problem is that there are distributed systems that cannot be practically avoided. Thus the 'you have control over their machine also has a reciprocal: They have control over your machine.'
Between equitable individuals playing an online P2P game, thats not a problem. In an inequitable relationship, say between a person and a large software company or an abusive government, this sort of control is ripe for abuse.
Other than time, the cost to a recipient for a single message is on the order of $.00001, or about a million emails for ten dollars.
If you make the price signifigantly higher than that, you encourage recipients to game and the system to recieve email because they are renumerated far in excess of the actual costs to deal with it. (See the problems in the US with telco 'settlement fees' for related work.)
Yet, if you make the price at $10/million messages, thats not going to impact spam that much --- roughly double the price for sending it.
'online' or 'electronic' books just means digital control technology. Instead of being able to 'purchase' the book, you'll rent it for $50 for a year. Well, maybe they'll go as low as $30.
And no copy&paste and no printing more than 3 pages at a time, and you can only read it when connected to the internet, and.... you get the idea.
Spam is megabytes, yeah, whatever. Show me some proof. Spam is nothing in terms of network bandwidth compared to HTTP, and *that* is nothing compared to p2p.
At a thousand spam messages a day (a few megabytes) costs me $1/year in bandwidth. The 20 a day I actually receive costs me about two pennies a year. Remote X over ssh on the other hand costs me a dollar a week in bandwidth.
Spam costs in time, not bandwidth. One minute of my time is worth more than 100,000 spam messages worth of bandwidth.
They wrote it into the law an explicit statement that it wasn't copyright infringement. See:
http://www4.law.cornell.edu/uscode/17/117.html Making of Additional Copy or Adaptation by Owner of Copy. -
Notwithstanding the provisions of section 106, it is not an infringement for the owner of a copy of a computer program to make or authorize the making of another copy or adaptation of that computer program provided:
(1)
that such a new copy or adaptation is created as an essential step in the utilization of the computer program in conjunction with a machine and that it is used in no other manner, or
**
The whole house-of-cards of clickwrap 'contracts' was never well founded. Courts agreed and it was later explicitly written out in the law.
Of course, there's a loophole. Technically many applications consist of both software and other data: graphics, sounds, images, etc. Who knows if the exception would apply to the other important components. (With luck, the court may not make such a disctinction.)
No consideration, no contract. The most they can use is 'precedent' and 'this is the way its always been' and that the people they screw over cannot fight it.
Filtering algorithms for content matching can still go quite a bit farther than anything else I've seen out there now.
For instance improved filtering that can support tens of thousands of regexp or substring rules at insane performance levels (automata matching & Aho Corasick matching), deal with obfuscations (programmed transformations of regexps), perform much more accurate fuzzy matching (rolling hashes), and mostly automatically identifying new prospective signatures (tableau/bloom filter methods of rolling hashes).
In general, learning mechanisms to find prospective rules combined with advanced and high performance analysis to verify accuracy of the rules.
Do you have SA sort all spam into catagories based on the score?
I have three thresholds for sorting non-list, personal email. 'low' 'medium' and 'high'. I use x2, 2x8, and 8x. The 'high' folder gets a very quick glance, the medium gets a short glance for an occasional FP commercial mail. Low gets a longer glance to detect occasional FP's. Since the low threshold is so low, only a few spams in a thousand make it through to my personal inbox. Since the 'low' box only gets about 15% of the spam, its easier to go through looking for FP's.
Also, I should add that I'm using a 6 month old version of SA without Bayes. Since I save all spam, already sorted into low/medium/high *and* have a seperate folder for missed spam, I believe that training would be particularily effective.
The clickwrap 'contract', other than the flaw of it being a contract of adhesion ('take it or leave it') it also offers nothing to a user.
For a contract to be valid, it must offer consideration --- both parties must obtain something that I would not otherwise have. The clickwrap 'contract' doesn't. It *was* claimed that it offers me the ability to copy the software from disk media into memory, but that was explicitly ruled not copyright infringement. Therefore, the 'contract' offers me nothing I don't already posess under copyright law.
Now, the contract between microsoft and the OEM or company might have such consideration 'cheaper prices in return for accepting this restrictive contract'. However, I or any other purchaser of such a box am under no such restriction.
Also, many could argue that such OEM contracts constitute tying. Finally, there are cases where one must agree to a contract unseen, which to does not form a binding contract.
Remember, its always easy to claim anything. I now demand that all readers and especially you empty your browser cache, you pirates!:)
Getting such DNS records costs less than $100 a year. There is nothing in principal to keep every always-connected host from running their own email server and directly connecting to any other server.
Well, unless you want a precendent that an oligopoly gets to choose who becomes a privledged participant and able to run their own mail server. Of course, once that starts, what other services will suffer the same fate. How long until 'for everyone's good' all services must be registered?
The origional author was a bit over the top, but you left off a few more things that 'trusted computing' does prevent.
It allows software writers to control compatiability of their software. THis means that
Trusted computing may - Prevent you from reading your Microsoft Word files in open office. - Require that you install a keyboard sniffer before your ISP allows you to access the internet. - Allow entrenched monopolies to grow because they can make insure that noone can be compatible with them. - Allow a software vendor to hold your data hostage, such as was done a decade ago with a medical billing database program. - Allows software vendors to include unbypassable controls on behavior, regardless of the legality of the bahavior. ''Oh, you want to print out your PhD thesis without an advertisement on the bottom of each page. That costs the per-page publishing license fee of $.05/page. Sorry, we don't support export to any other file formats.'' - May make data backup more fragile and difficult. A scheme based on encryted controlled files by necessity must be more fragile than one based on plaintext. - May leave users out in the cold if vendors discontinue products or go out of business. - Allows vendors to apply controls at any time. Policy may be changed at any time, even retroactively.
Remember, DRM is just a sugarcoated way of saying 'digital control technology'. The computer doesn't care if it is blocking infringing uses or non-infringing uses of a copyrighted work. Nor does it even care if you are the author -- It only cares if the software says that a use is allowed, denied, or controlled.
And that choice is entirely the choice of software that you haven't written, by a company whose interests are not your own, and software that you may have no practical choice but to install, and in the future may be legally compelled to install.
It is a technology fraught with incredible potential for abuse. Though the origional comment was incorrect and over the line, most of the things that you claim trusted computing could not prevent are a white elephant. Your ISP, or Microsoft could require that you install spyware, install only approved hardware, only run approved applications, etc... On pain of disabling access to *any* and all *data* on the machine, or disabling access to the internet.
This technology isn't being pushed by users, but by vendors. There interests aren't our interests and the technology is deliberately designed to be flexible. Nothing in it may technically stop them from doing abusive things.
The point was that if *you* release code under the BSD, your competitor or customer can run away with youor product, with no obligation to fulfill any sort of quid-pro-quo.
There is two sides to any coin. BSD software is good for exactly what you suggest, being appropriated by others, like you, with no obligation.
For many GPL cases, the FSF may not have standing --- they've not been assigned the copyright, so all they can really offer is legal advice. However, if OAS uses GDBM and GNU Rx, then the FSF has been assigned the copyrights, and the FSF does have standing. They may prosecute the infringers directly and themselves.
This program (which needs updating to more recent kernels) allows one to replay a binary execution.
http://old.lwn.net/1999/0121/kernel.php3
http://lwn.net/1999/0121/a/mec.html
Apparently its been out for *8* years, and has had exactly 3 people download it. Horrible -- its a feature I'd kill to have, and a feature linux should have.
I remember reading a rant about a year ago. Someone wrote a replay tool for program executions for under linux, I think 2.0 or 2.2. They dropped it because nobody cared about it (probably because nobody knew about it), and they got sick of updating it constantly for new IOCTL's as the kernel constantly changed.
It has always been legal to posess copyrighted material with or against the wishes of the copyright holder. It is duplication that is verboten.
This has been emphasized in the doctrine of first sale. Copyright holders tried, about 60 years ago to claim that resale of paperback books was unauthorized. They failed.
For instance, Disney, and many others, would love to 'recall' all of their racist cartoons of the 50's.
Now, having any pre-release the assumption is that you're guilty of distributing it. So, say you're a critic the movie studios don't like, say, Aint it Cool News. Say you just announced that you've seen Star Wars 3, and its utter crap.
Guess what? You've not violated copyright law, but can they now make you go to jail --- you're presumptively guilty just for having access to the pre-release.
The movie studios can hand out pre-release DVD's left and right, but if you do anything to piss them off, for instance, a negative review, they can see if you got a 'legit' copy, and refuse to send you any more. Or, if you were given the DVD by another reviewer, well, they can fuck you over even better then.
This is a strong law, and it makes many acts that were once legal now illegal. Whatever the claims on how this 'just reinforces past law' or 'fills in a critical crack in past legistlation' or 'won't be abused', I take with the same grain of salt as everyone else should in this post-DMCA world.
Public key operations are expensive, but nothing says that the key operations have to be done on the camera at all.
For instance, the camera may be preloaded with 25 secret encryption keys stored in plain text, and the same keys encrypted with a public key. Each time a picture is taken one secret encryption key is used to encrypt the picture, THEN erased. When the camera is done, all of the secret keys are erased, so it is not possible to decrypt the images. One must return the camera where they read out the 25 encrypted encryption keys, decrypt them, then develop the images. When a camera comes in, the block of 25 encrypted keys is sent to a centralized server who replies with the decryption keys and a new replacement key block of new secret keys and a block of encrypted versions of the same.
With this, the camera need do nothing other than encrypt the images, not a single RSA operation.
The attack on this of course would be to read out the keys from the camera before taking any pictures, then use them to decrypt the pictures later, but someone with the forethought to do that would be probably willing enough to replace the firmware entirely, so I don't worry.
This is exactly like the arguments that those who are willing to give up freedom in exchange seldom get either.
I doubt spam will increase much if at all. And now we have ISP mailservers --- or should we say ISP spy&censorship boxes that are the middlemen in all email.
The next time a law says that 'ISPs shall monitor their users for subversive material', its as easy as installing a program.
Diablo Canyon produces about 2GW continously (about 1000 Solar 2's). If solar is to replace it for baseload, where does the power company store 12 hours worth of energy, 86,400,000,000,000 J worth? To put this in scale, California's usage oscillates between 20GW and 45GW.
Thats enough to lift a million tons of mass (about a dozen skyscraper, the typical small city's downtown) 8km straight up, or to send a 90,000 ton US aircraft carrier to mach 3.
Converted into gasoline terms, thats 2 million kg, or just shy of a million gallons. Thats a lot of juice to store. Pray tell me how it gets stored, while paying attention to safety concerns. A more interesting is who pays to have it stored?
Look at the CAISO power graph yourself. The summer peak occurs at about 4PM, when solar is beginning to fade, and the peak is only twice the mean. All you need is a hot CLOUDY day for disaster. The air conditioners continue to run, but solar produces a fraction of its normal power. Where does the make-up power come from? Or rather, who pays for that make-up power.
Thats why, I expect that solar sold 'to the grid' will be worth about squat, because it will cost the power companies big bux to store it, and it won't reduce capital costs in generation equipment; if we want reliable power (and we do) the power company still has to buy backup for unreliable erratic solar.
Right now, these unrecouped subsidies of solar are hidden and almost lost in the line noise. That'll be mostly true until it grows to maybe 10% of generation. At that point the problems of unreliable solar generation will effect the whole grid. 'Net Metering' is a subsidy.
I'm all for Solar; if someone wants to live with unreliable power, more power to them. When they destabalize the grid and make my power more unreliable, I draw the line.
Well, a tracking system has to deal with wind and snow. Also, since it is mechanical, you have to worry about gears jamming, lubricant no longer lubricating.
Solar insolation is about 1kW/m^2.. Well, except for the earths rotation. Assuming a non-tracking system, we have to divide by a factor of pi, so thats 300 W/m^2.. Well, except that the average efficiency of solar cells is under 15%, so thats 45W/m^2. Now, the average home has what? 2 people in it, and the per-capita electrical usage, averaged over the course of a year is 1kW. So, you need 2kW for that home, and only get 45W/m^2. So, you need 50 square meters of solar cell, correctly angled south. And this is the best case.
Now account for clouds and dirty cells. Unless you clean the cells every few days and pressure wash them biweekly, better increase the square meters of solar cells another 50%. So, thats 60-80 square meters of cell/house..
Now the next question. Where do you store all the energy you'll use at night? If you don't store it, where does it come from? Fancy burying a few ton flywheel in your backyard? How about aa closet filled with lead and sulpheric acid batteries? If you're going to use hydrogen to store it, better double or triple the square meters of solar cell for those inefficiencies.
The same problem applies to 'Solar 2'. You need about 1000 of them to equal the average energy of a nuclear power plant. And another 299000 to equal the mean energy used by the US. To replace all energy used in the US requires about a million Solar 2's.
Even if the code were rewritten by by a dozen expert faculty members and PhD's, it would still be insecure. Any insider would still be able to throw an election. Sure, a member of the public might not have a copy of the source code to analyze, or might not be able to have direct filesystem access to the drive. However, what protections exist to prevent an insider who does have such access from commiting election fraud?
A system whose security perimeter is such that every insider is capable of breaking the overall system is still an insecure design.
Sure, they could fix all the bugs; this would prevent the public from trivially cheating, but it wouldn't keep insiders from cheating.
Slashdot Mirror
And it never has been. Thats just newspeak for Controlled Computing. Never use their newspeak. Always call it controlled computing. Whenever someone asks what it means, you have a great explanation of it.
Um. Thats the idea. I don't know if the CPU yet encrypts the data bus, but it wouldn't surprise me.
Go back to first principals. The schemes roughly work by: the 'untrusted system' sets a block of memory consisting of a program. It then tells the control chip to 'authenticate' that block. The control chip runs a cryptographic hash over it and only if it matches a signature will it relinquish additional encryption keys to the software in that block. It can also faithfully prove to that controlled box that the chip correctly implements this control scheme.
There's usually a bunch of other stuff for how to get 'privacy' --- by not having to disclose your mobo's public key to that controlled box, but thats about it. The motherboard chipset protects the block from 'unauthorized overwriting' from DMA in hardware or the rest of the OS.
This means that you, I, microsoft, and anyone can write an encrypted application and a boot-loader for it, distribute it to anyone and the machine will only load it *and* relinquish the decryption keys if and when it is unmodified. In an offline setting, this sort of remote control can be subverted. In any online setting, as soon as they detect a broken key, they can blacklist it.
Overall, this technology embodies what is best about well-designed ssytems. General, powerful, flexible and state of the art. Its not a joke like CSS. (which was a bad implementation of a good system design) It isn't evil per-se, but it is subject to great potential evil.
This digital control technology doesn't fully solve the age-old question of how does a distributed system trust a remote untrustable host, but it puts up a pretty tough bar to cross. Each system must obtain the secret keys in their computer individually. Any attack requireing widespread subversion or where the benefits aren't worth the hardwar hacking won't be worth it. Users can choose to leave the system, but they cannot easily subvert it.
The problem is that there are distributed systems that cannot be practically avoided. Thus the 'you have control over their machine also has a reciprocal: They have control over your machine.'
Between equitable individuals playing an online P2P game, thats not a problem. In an inequitable relationship, say between a person and a large software company or an abusive government, this sort of control is ripe for abuse.
How much is the sender paid?
Other than time, the cost to a recipient for a single message is on the order of $.00001, or about a million emails for ten dollars.
If you make the price signifigantly higher than that, you encourage recipients to game and the system to recieve email because they are renumerated far in excess of the actual costs to deal with it. (See the problems in the US with telco 'settlement fees' for related work.)
Yet, if you make the price at $10/million messages, thats not going to impact spam that much --- roughly double the price for sending it.
'online' or 'electronic' books just means digital control technology. Instead of being able to 'purchase' the book, you'll rent it for $50 for a year. Well, maybe they'll go as low as $30.
.... you get the idea.
And no copy&paste and no printing more than 3 pages at a time, and you can only read it when connected to the internet, and
Spam is megabytes, yeah, whatever. Show me some proof. Spam is nothing in terms of network bandwidth compared to HTTP, and *that* is nothing compared to p2p.
At a thousand spam messages a day (a few megabytes) costs me $1/year in bandwidth. The 20 a day I actually receive costs me about two pennies a year. Remote X over ssh on the other hand costs me a dollar a week in bandwidth.
Spam costs in time, not bandwidth. One minute of my time is worth more than 100,000 spam messages worth of bandwidth.
They wrote it into the law an explicit statement that it wasn't copyright infringement. See:
http://www4.law.cornell.edu/uscode/17/117.html
Making of Additional Copy or Adaptation by Owner of Copy. -
Notwithstanding the provisions of section 106, it is not an infringement for the owner of a copy of a computer program to make or authorize the making of another copy or adaptation of that computer program provided:
(1)
that such a new copy or adaptation is created as an essential step in the utilization of the computer program in conjunction with a machine and that it is used in no other manner, or
**
The whole house-of-cards of clickwrap 'contracts' was never well founded. Courts agreed and it was later explicitly written out in the law.
Of course, there's a loophole. Technically many applications consist of both software and other data: graphics, sounds, images, etc. Who knows if the exception would apply to the other important components. (With luck, the court may not make such a disctinction.)
No consideration, no contract. The most they can use is 'precedent' and 'this is the way its always been' and that the people they screw over cannot fight it.
Filtering algorithms for content matching can still go quite a bit farther than anything else I've seen out there now.
For instance improved filtering that can support tens of thousands of regexp or substring rules at insane performance levels (automata matching & Aho Corasick matching), deal with obfuscations (programmed transformations of regexps), perform much more accurate fuzzy matching (rolling hashes), and mostly automatically identifying new prospective signatures (tableau/bloom filter methods of rolling hashes).
In general, learning mechanisms to find prospective rules combined with advanced and high performance analysis to verify accuracy of the rules.
Do you have SA sort all spam into catagories based on the score?
I have three thresholds for sorting non-list, personal email. 'low' 'medium' and 'high'. I use x2, 2x8, and 8x. The 'high' folder gets a very quick glance, the medium gets a short glance for an occasional FP commercial mail. Low gets a longer glance to detect occasional FP's. Since the low threshold is so low, only a few spams in a thousand make it through to my personal inbox. Since the 'low' box only gets about 15% of the spam, its easier to go through looking for FP's.
Also, I should add that I'm using a 6 month old version of SA without Bayes. Since I save all spam, already sorted into low/medium/high *and* have a seperate folder for missed spam, I believe that training would be particularily effective.
IANAL, but not really.
:)
The clickwrap 'contract', other than the flaw of it being a contract of adhesion ('take it or leave it') it also offers nothing to a user.
For a contract to be valid, it must offer consideration --- both parties must obtain something that I would not otherwise have. The clickwrap 'contract' doesn't. It *was* claimed that it offers me the ability to copy the software from disk media into memory, but that was explicitly ruled not copyright infringement. Therefore, the 'contract' offers me nothing I don't already posess under copyright law.
Now, the contract between microsoft and the OEM or company might have such consideration 'cheaper prices in return for accepting this restrictive contract'. However, I or any other purchaser of such a box am under no such restriction.
Also, many could argue that such OEM contracts constitute tying. Finally, there are cases where one must agree to a contract unseen, which to does not form a binding contract.
Remember, its always easy to claim anything. I now demand that all readers and especially you empty your browser cache, you pirates!
Getting such DNS records costs less than $100 a year. There is nothing in principal to keep every always-connected host from running their own email server and directly connecting to any other server.
Well, unless you want a precendent that an oligopoly gets to choose who becomes a privledged participant and able to run their own mail server. Of course, once that starts, what other services will suffer the same fate. How long until 'for everyone's good' all services must be registered?
The origional author was a bit over the top, but you left off a few more things that 'trusted computing' does prevent.
It allows software writers to control compatiability of their software. THis means that
Trusted computing may
- Prevent you from reading your Microsoft Word files in open office.
- Require that you install a keyboard sniffer before your ISP allows you to access the internet.
- Allow entrenched monopolies to grow because they can make insure that noone can be compatible with them.
- Allow a software vendor to hold your data hostage, such as was done a decade ago with a medical billing database program.
- Allows software vendors to include unbypassable controls on behavior, regardless of the legality of the bahavior. ''Oh, you want to print out your PhD thesis without an advertisement on the bottom of each page. That costs the per-page publishing license fee of $.05/page. Sorry, we don't support export to any other file formats.''
- May make data backup more fragile and difficult. A scheme based on encryted controlled files by necessity must be more fragile than one based on plaintext.
- May leave users out in the cold if vendors discontinue products or go out of business.
- Allows vendors to apply controls at any time. Policy may be changed at any time, even retroactively.
Remember, DRM is just a sugarcoated way of saying 'digital control technology'. The computer doesn't care if it is blocking infringing uses or non-infringing uses of a copyrighted work. Nor does it even care if you are the author -- It only cares if the software says that a use is allowed, denied, or controlled.
And that choice is entirely the choice of software that you haven't written, by a company whose interests are not your own, and software that you may have no practical choice but to install, and in the future may be legally compelled to install.
It is a technology fraught with incredible potential for abuse. Though the origional comment was incorrect and over the line, most of the things that you claim trusted computing could not prevent are a white elephant. Your ISP, or Microsoft could require that you install spyware, install only approved hardware, only run approved applications, etc... On pain of disabling access to *any* and all *data* on the machine, or disabling access to the internet.
This technology isn't being pushed by users, but by vendors. There interests aren't our interests and the technology is deliberately designed to be flexible. Nothing in it may technically stop them from doing abusive things.
The point was that if *you* release code under the BSD, your competitor or customer can run away with youor product, with no obligation to fulfill any sort of quid-pro-quo.
There is two sides to any coin. BSD software is good for exactly what you suggest, being appropriated by others, like you, with no obligation.
Contact the FSF.
For many GPL cases, the FSF may not have standing --- they've not been assigned the copyright, so all they can really offer is legal advice. However, if OAS uses GDBM and GNU Rx, then the FSF has been assigned the copyrights, and the FSF does have standing. They may prosecute the infringers directly and themselves.
Contact them with your evidence.
This program (which needs updating to more recent kernels) allows one to replay a binary execution.
http://old.lwn.net/1999/0121/kernel.php3
http://lwn.net/1999/0121/a/mec.html
Apparently its been out for *8* years, and has had exactly 3 people download it. Horrible -- its a feature I'd kill to have, and a feature linux should have.
I remember reading a rant about a year ago. Someone wrote a replay tool for program executions for under linux, I think 2.0 or 2.2. They dropped it because nobody cared about it (probably because nobody knew about it), and they got sick of updating it constantly for new IOCTL's as the kernel constantly changed.
I think it was Carmack lamenting its loss.
It has always been legal to posess copyrighted material with or against the wishes of the copyright holder. It is duplication that is verboten.
This has been emphasized in the doctrine of first sale. Copyright holders tried, about 60 years ago to claim that resale of paperback books was unauthorized. They failed.
For instance, Disney, and many others, would love to 'recall' all of their racist cartoons of the 50's.
Just like the DMCA isn't abused, or rather is.
Now, having any pre-release the assumption is that you're guilty of distributing it. So, say you're a critic the movie studios don't like, say, Aint it Cool News. Say you just announced that you've seen Star Wars 3, and its utter crap.
Guess what? You've not violated copyright law, but can they now make you go to jail --- you're presumptively guilty just for having access to the pre-release.
The movie studios can hand out pre-release DVD's left and right, but if you do anything to piss them off, for instance, a negative review, they can see if you got a 'legit' copy, and refuse to send you any more. Or, if you were given the DVD by another reviewer, well, they can fuck you over even better then.
This is a strong law, and it makes many acts that were once legal now illegal. Whatever the claims on how this 'just reinforces past law' or 'fills in a critical crack in past legistlation' or 'won't be abused', I take with the same grain of salt as everyone else should in this post-DMCA world.
Public key operations are expensive, but nothing says that the key operations have to be done on the camera at all.
For instance, the camera may be preloaded with 25 secret encryption keys stored in plain text, and the same keys encrypted with a public key. Each time a picture is taken one secret encryption key is used to encrypt the picture, THEN erased. When the camera is done, all of the secret keys are erased, so it is not possible to decrypt the images. One must return the camera where they read out the 25 encrypted encryption keys, decrypt them, then develop the images. When a camera comes in, the block of 25 encrypted keys is sent to a centralized server who replies with the decryption keys and a new replacement key block of new secret keys and a block of encrypted versions of the same.
With this, the camera need do nothing other than encrypt the images, not a single RSA operation.
The attack on this of course would be to read out the keys from the camera before taking any pictures, then use them to decrypt the pictures later, but someone with the forethought to do that would be probably willing enough to replace the firmware entirely, so I don't worry.
This is exactly like the arguments that those who are willing to give up freedom in exchange seldom get either.
I doubt spam will increase much if at all. And now we have ISP mailservers --- or should we say ISP spy&censorship boxes that are the middlemen in all email.
The next time a law says that 'ISPs shall monitor their users for subversive material', its as easy as installing a program.
The problem is that anti-spammers demand a nuke-first ask-questions-later policy for shutting down 'bad' sites.
Unfortunately, that policy can also bite you in the ass. You can't have it both ways.
Diablo Canyon produces about 2GW continously (about 1000 Solar 2's). If solar is to replace it for baseload, where does the power company store 12 hours worth of energy, 86,400,000,000,000 J worth? To put this in scale, California's usage oscillates between 20GW and 45GW.
Thats enough to lift a million tons of mass (about a dozen skyscraper, the typical small city's downtown) 8km straight up, or to send a 90,000 ton US aircraft carrier to mach 3.
Converted into gasoline terms, thats 2 million kg, or just shy of a million gallons. Thats a lot of juice to store. Pray tell me how it gets stored, while paying attention to safety concerns. A more interesting is who pays to have it stored?
Look at the CAISO power graph yourself. The summer peak occurs at about 4PM, when solar is beginning to fade, and the peak is only twice the mean. All you need is a hot CLOUDY day for disaster. The air conditioners continue to run, but solar produces a fraction of its normal power. Where does the make-up power come from? Or rather, who pays for that make-up power.
Thats why, I expect that solar sold 'to the grid' will be worth about squat, because it will cost the power companies big bux to store it, and it won't reduce capital costs in generation equipment; if we want reliable power (and we do) the power company still has to buy backup for unreliable erratic solar.
Right now, these unrecouped subsidies of solar are hidden and almost lost in the line noise. That'll be mostly true until it grows to maybe 10% of generation. At that point the problems of unreliable solar generation will effect the whole grid. 'Net Metering' is a subsidy.
I'm all for Solar; if someone wants to live with unreliable power, more power to them. When they destabalize the grid and make my power more unreliable, I draw the line.
Well, a tracking system has to deal with wind and snow. Also, since it is mechanical, you have to worry about gears jamming, lubricant no longer lubricating.
What basin? I'm in Texas. We don't got anything like geography around here where water could be stored. Ditto for most of the land in the country.
So where else?
Solar insolation is about 1kW/m^2.. Well, except for the earths rotation. Assuming a non-tracking system, we have to divide by a factor of pi, so thats 300 W/m^2.. Well, except that the average efficiency of solar cells is under 15%, so thats 45W/m^2. Now, the average home has what? 2 people in it, and the per-capita electrical usage, averaged over the course of a year is 1kW. So, you need 2kW for that home, and only get 45W/m^2. So, you need 50 square meters of solar cell, correctly angled south. And this is the best case.
Now account for clouds and dirty cells. Unless you clean the cells every few days and pressure wash them biweekly, better increase the square meters of solar cells another 50%. So, thats 60-80 square meters of cell/house..
Now the next question. Where do you store all the energy you'll use at night? If you don't store it, where does it come from? Fancy burying a few ton flywheel in your backyard? How about aa closet filled with lead and sulpheric acid batteries? If you're going to use hydrogen to store it, better double or triple the square meters of solar cell for those inefficiencies.
The same problem applies to 'Solar 2'. You need about 1000 of them to equal the average energy of a nuclear power plant. And another 299000 to equal the mean energy used by the US. To replace all energy used in the US requires about a million Solar 2's.
Even if the code were rewritten by by a dozen expert faculty members and PhD's, it would still be insecure. Any insider would still be able to throw an election. Sure, a member of the public might not have a copy of the source code to analyze, or might not be able to have direct filesystem access to the drive. However, what protections exist to prevent an insider who does have such access from commiting election fraud?
A system whose security perimeter is such that every insider is capable of breaking the overall system is still an insecure design.
Sure, they could fix all the bugs; this would prevent the public from trivially cheating, but it wouldn't keep insiders from cheating.