Fits the profile of someone you want to keep an eye on pretty well, actually.
Tell yourself that the next time you fill up at the gas station and send a couple dollars a gallon to Saudi Arabia. You know, the country that financed 9/11 and even provided most of the hijackers.
THE WHOLE DAMN ARTICLE proves my point. It is all about Stallman's ideas about how society should be structured around free software.
It's no secret that Stallman advocates change, but he advocates voluntary change by both producers and consumers instead of single-sided laws pushed through without public input.
With GPL, not only do you have those rights, but you also have access to the source code, and the ability to modify and build the software. So objectively speaking, GPL is more extreme since it brings about greater change.
Arguably we would all be more free in a libertarian sense if copyright was abolished. Just because I don't have the source doesn't prevent me and a few friends from publicly disassembling and reverse engineering any non copyrighted software that we feel like. It would be much closer to slapping the BSD license on everything that is currently protected by copyright.
How much time, effort and money does it take to design the iPod, and set up the facilities to manufacture it in large quanities? How much time, effort and money does it take to replicate the design and set up the facilities to manufacture it in large quantities?
The answer to the second question is "none" if you're the Chinese sweatshop Apple hired to produce the iPod. At most you might lack a firmware image that gets loaded in California, and I doubt even Apple is that paranoid.
You hit the nail on the head. How DO you fairly ensure that company X, if in competition with company Y, recoups their $B of R&D while ensuring that Y is not artificially prevented from making money if they, for instance, have a much more efficient R&D and manufacturing process in the long run? Does telling Y to stuff it for 25 years work? Of course not. Does it work to make X lose $B because they're inefficient? Of course not.
The only fair patent right would be the ability to solely manufacture a product and sell it until initial R&D costs are recouped from profits. At that point the playing field should be level (or even in favor of the patent holder who has a running production line and experience with it).
To keep patent holders from overestimating the value of their portfolios, patents could be taxed as assets at their unrecovered R&D value. In other words, the first year the patent is taxed on $B, and the second year it is taxed at a value of ($B - $P) where $P is profits. To be fair, the profits could be tax-free until the patent expired. This would drive patent holders to estimate a fair market value for their R&D, because they could simply sell the patent to another more efficient manufacturer for R&D costs to avoid the taxes over a more prolonged production period to make up expenses. Patents could also be required to be put on the open market for their stated value to prevent patent trolls from stifling innovation with cheap, worthless patents and the threat of lawsuits.
Patents are merely tools used by powerful companies to stifle competition. They do not protect inventors or inventions and prevent others from combining the best ideas from multiple patents into new products. Since profit and market position are king in the world economy, patents are always used to control competitors instead of producing new and innovative products. It is rarely necessary to actually produce products that would be covered by a patent because potential competitors are prevented from using them, maintaining the status quo. The result is a stifling of new inventions and corporations hoarding patent portfolios as a means of market control instead of innovation.
Stallman is not advocating that you be forced to adhere to the beliefs of the FSF. The GPL is a voluntary license based on copyright. Software patent advocates would like their beliefs to become legal everywhere, forcing everyone to comply with them.
An extreme view on copyright or patents would be a demand for their immediate dissolution. Software patents are a relatively recent legal phenomenon recognized in only some countries. Arguing against them is far from extreme.
With cryptsetup, make sure you use essiv:sha256 or AES LRW. There are watermarking attacks against the earlier versions of AES-CBC with unprotected block-based IVs used by cryptsetup and truecrypt.
Increase the font size a bit. Kids love typing and seeing the letters they press scroll across the screen. If you help them out a bit, they'll learn the letter names and sounds pretty young.
There are a couple scenarios. If your existing data backups are compromised, then there's really no point in continuing. You need to hire someone to clean everything up for you. This applies even if you only suspect the latest day or two has been compromised; you need to stop production processing until you can verify that the existing data matches a known good backup and that changes since that trusted backup can be verified.
If you trust that the data in your system hasn't been modified (and there's no real reason to believe this if you're worried about logic bombs or dead man switches), then you can trust the differential changes as well.
Ultimately, there is no way to certify that everything in a data set is correct and the result of an authorized action without full review. If your system is designed with this liability in mind, then it should be possible to assign a level of trust to each transaction with the use of cryptographic signatures in the data. Then the data can be restored using the fastest/best method from a compromised system and verified cryptographically on the newly built trusted system. That moves the liability to the cryptographic system which is arguably the right place to deal with matters of authentication and authorization. Even if IT can control all the servers and databases, they should never have control of the signing keys of individual employees. With HSMs, you can make that a reality. Obviously most places don't need this level of security and couldn't afford it, but it is possible.
It depends on the rate of change. If I have a 1 TB database that only makes a gigabyte of transaction logs every day, I can pretty easily back up the entire database, restore it to a new machine and replay the transaction log, then bring the production system down, dump and apply the latest transaction log to the restored system and bring everything up on the new machine in a shot period of time. Any highly available system will have concepts similar to this. Back up the main data and the differential changes separately so that production downtime is only necessary during the period when the very last differences are being applied to the main data set.
All biology experiments so far seem to point to the fact that the DNA chain indeed contains all the information needed to build an organism.
DNA does not specify environment. It needs at least a nucleus or other protective shell to keep from simply degrading in a random environment. It needs proteins and enzymes to transcribe it to be of any use. The nucleus needs a cellular structure to protect it. The cell needs a specific pH and osmotic balance, not to mention food and the ability to dilute or avoid wastes and poisons effectively. For just about anything above single celled life, every new individual needs an ancestor's internal environment to start growing. None of these things are described by DNA; DNA is a map to get from where you are right back to where you were with an extra copy of an individual.
Any corporate IT worth their salt will not be thwarted by your attempts to hide data on their own machines. Only if you have complete trust in your own system can you even begin to think about keeping what you do with it secret. If you can build your own box, stick Linux with LUKS or Windows with truecrypt on it, install virtualization software and run the "corporate image" inside the virtual machine. Don't do anything private in the virtual machine, and don't leave the box accessible when you're not present. That means, practically, shut it off or hibernate it to an encrypted volume. There are numerous hardware attacks to get encryption keys out of running machines, many of them simple and fast like firewire/pccard hacks. This still doesn't prevent simple hardware keylogging or a hidden camera if they really care to catch you doing something against their policies.
And their civilization collapsed utterly and was almost lost to history. Quite a warning for the oil-will-never-run-out-and-global-warming-is-a-myth crowd.
If I don't want you petting my dog, I can put up a fence around my yard that keeps the dog in and strangers out. But there's no fence I can use to stop wireless signals from going past my physical property, or to keep you from petting my computer... digitally, I mean... hey, stop it.
Except, oh, things like ciphers that have been around a couple thousand years (and really, really, great and unbreakable free ones that have been around for ~20 years) and electronic access controls (passwords?) that have been around for 50. Ignorance is no excuse for making stupid laws.
In the past, you are in a public place and people see what you did and had to recollect it from memmory, likely to forget most.
Yeah, tell that to Rodney King and Oscar Grant. The fact that police officers are not routinely sent to jail for shooting/beating unarmed suspects is pretty clear evidence that what happens in public *should* be recorded since the memories of victims and witnesses generally contradict the "memories" of the law enforcement officers involved.
and even if something does go to court, the perp will be out in 3 months.
On the other hand, 3 months in jail for shooting a would-be thief/rapist/murderer is not that bad. That's if the police bother following up on the report of a missing thief/rapist/murderer.
Instead of switching to a screen that spreads the glare out over a larger percentage of the screen, why not move the screen to a place that isn't in blinding sunlight?
Yeah, just move to London or some other permanently smoggy/cloudy city. It'll totally clear up that important decision about whether to buy a matte or shiny LCD screen.
The answer to performance problems is probably hardware acceleration. Intel, AMD, and Via have provided hardware acceleration support for AES and I imagine once SHA-3 is selected it will get support as well. Or just use AES in a mode with authentication like GCM or CCM, which AFAIK is how ZFS will maintain integrity for encrypted file systems.
Combined with a secure timestamping service and a file system with a secure merkle tree of hashes, it would be possible to just sign the root hash of the file system at appropriate times and then securely determine at a later time if certain predicates were satisfied, e.g. "no files have been modified since the last timestamped signature, although new files may have been created" by comparing the hash trees of the file system at the two points in time where it was signed.
2: 64 bit CRCs. This way, a backup program just has to pull from the filesystem stored CRCs and it would know which files have been changed or not. This also helps with integrity checking.
All your other bullet points are pretty reasonable, but CRCs (especially short ones) are really not what you want in this case. A cryptographic hash gives far more probability that the exact same hash implies the same data, on the order of a 1/sqrt(2^n) probability of two random blocks colliding for an n-bit hash. A 64 bit CRC is going to see collisions between two random blocks with a probability of 1/(2^32) (and trivial collisions if someone wants to do it), and there are way more than 4 billion distinct files out there. Relying on a hash for deduplication or for backup purposes (detecting whether a file is changed) is only safe with a cryptographic hash with no known collisions, and even then there are cheaper and safer ways to determine if a file has changed, for instance with a generation number for each file and the entire file system itself that monotonically increases with each file system operation. The latter won't let you deduplicate blocks but if you must have a 0% probability of data loss instead of 1/(2^128), it would be safer than a hash to tell if a file has changed.
I'd also like to add something; individual file versioning. Recently I was playing around with both a NetApp and a ZFS FS and I was disappointed because restoring a single file from a snapshot in both systems seems to be limited to copying the data from the snapshot back into the live file system, even though the snapshot and the filesystem basically live in the same tree of data blocks and it should be possible to simply swap the metadata blocks to instantly restore a 1.3 PB file instead of waiting for it to copy out of the snapshot. Forgive me if I missed something important about snapshots in either system, but it looked to me like there was no way to restore a single file as fast as rolling back an entire filesystem to an earlier snapshot.
and the empricial evidence of the last 100 years makes this so obvious that anyone who choses violence today is obviously either brain-damaged, a coward, or evil. Sometimes all three.
So what's the proper response to these brain-damaged, evil cowards? I need to know, because a majority of my fellow citizens, my elected representatives, military, appointed officials, and their officers of the law are increasingly resorting to violence when interacting with normal citizens in my country and in others. Can a nonviolent minority change a country (even a democracy) where violence is the accepted answer to just about any problem?
It looked a lot like RC4 at first glance. E.g. in a cipher feedback mode where the ciphertext letter of the last operation is the plaintext input to the next operation, its output may be more secure as a stream cipher than its intended usage.
Slashdot Mirror
What about all the peer reviewed journals with full (paid) access via the Internet? I admit that's not "most" of the content available.
Fits the profile of someone you want to keep an eye on pretty well, actually.
Tell yourself that the next time you fill up at the gas station and send a couple dollars a gallon to Saudi Arabia. You know, the country that financed 9/11 and even provided most of the hijackers.
THE WHOLE DAMN ARTICLE proves my point. It is all about Stallman's ideas about how society should be structured around free software.
It's no secret that Stallman advocates change, but he advocates voluntary change by both producers and consumers instead of single-sided laws pushed through without public input.
With GPL, not only do you have those rights, but you also have access to the source code, and the ability to modify and build the software. So objectively speaking, GPL is more extreme since it brings about greater change.
Arguably we would all be more free in a libertarian sense if copyright was abolished. Just because I don't have the source doesn't prevent me and a few friends from publicly disassembling and reverse engineering any non copyrighted software that we feel like. It would be much closer to slapping the BSD license on everything that is currently protected by copyright.
How much time, effort and money does it take to design the iPod, and set up the facilities to manufacture it in large quanities? How much time, effort and money does it take to replicate the design and set up the facilities to manufacture it in large quantities?
The answer to the second question is "none" if you're the Chinese sweatshop Apple hired to produce the iPod. At most you might lack a firmware image that gets loaded in California, and I doubt even Apple is that paranoid.
You hit the nail on the head. How DO you fairly ensure that company X, if in competition with company Y, recoups their $B of R&D while ensuring that Y is not artificially prevented from making money if they, for instance, have a much more efficient R&D and manufacturing process in the long run? Does telling Y to stuff it for 25 years work? Of course not. Does it work to make X lose $B because they're inefficient? Of course not.
The only fair patent right would be the ability to solely manufacture a product and sell it until initial R&D costs are recouped from profits. At that point the playing field should be level (or even in favor of the patent holder who has a running production line and experience with it).
To keep patent holders from overestimating the value of their portfolios, patents could be taxed as assets at their unrecovered R&D value. In other words, the first year the patent is taxed on $B, and the second year it is taxed at a value of ($B - $P) where $P is profits. To be fair, the profits could be tax-free until the patent expired. This would drive patent holders to estimate a fair market value for their R&D, because they could simply sell the patent to another more efficient manufacturer for R&D costs to avoid the taxes over a more prolonged production period to make up expenses. Patents could also be required to be put on the open market for their stated value to prevent patent trolls from stifling innovation with cheap, worthless patents and the threat of lawsuits.
I guess now all I need is a swarm of lobbyists.
Patents are merely tools used by powerful companies to stifle competition. They do not protect inventors or inventions and prevent others from combining the best ideas from multiple patents into new products. Since profit and market position are king in the world economy, patents are always used to control competitors instead of producing new and innovative products. It is rarely necessary to actually produce products that would be covered by a patent because potential competitors are prevented from using them, maintaining the status quo. The result is a stifling of new inventions and corporations hoarding patent portfolios as a means of market control instead of innovation.
Promotion of the arts and sciences my ass.
Stallman is not advocating that you be forced to adhere to the beliefs of the FSF. The GPL is a voluntary license based on copyright. Software patent advocates would like their beliefs to become legal everywhere, forcing everyone to comply with them.
An extreme view on copyright or patents would be a demand for their immediate dissolution. Software patents are a relatively recent legal phenomenon recognized in only some countries. Arguing against them is far from extreme.
With cryptsetup, make sure you use essiv:sha256 or AES LRW. There are watermarking attacks against the earlier versions of AES-CBC with unprotected block-based IVs used by cryptsetup and truecrypt.
Own a copy of Starcraft 2? The EULA explicitly states you are not allowed to sell it.
Presumably then, no one "owns" a copy.
Increase the font size a bit. Kids love typing and seeing the letters they press scroll across the screen. If you help them out a bit, they'll learn the letter names and sounds pretty young.
There are a couple scenarios. If your existing data backups are compromised, then there's really no point in continuing. You need to hire someone to clean everything up for you. This applies even if you only suspect the latest day or two has been compromised; you need to stop production processing until you can verify that the existing data matches a known good backup and that changes since that trusted backup can be verified.
If you trust that the data in your system hasn't been modified (and there's no real reason to believe this if you're worried about logic bombs or dead man switches), then you can trust the differential changes as well.
Ultimately, there is no way to certify that everything in a data set is correct and the result of an authorized action without full review. If your system is designed with this liability in mind, then it should be possible to assign a level of trust to each transaction with the use of cryptographic signatures in the data. Then the data can be restored using the fastest/best method from a compromised system and verified cryptographically on the newly built trusted system. That moves the liability to the cryptographic system which is arguably the right place to deal with matters of authentication and authorization. Even if IT can control all the servers and databases, they should never have control of the signing keys of individual employees. With HSMs, you can make that a reality. Obviously most places don't need this level of security and couldn't afford it, but it is possible.
It depends on the rate of change. If I have a 1 TB database that only makes a gigabyte of transaction logs every day, I can pretty easily back up the entire database, restore it to a new machine and replay the transaction log, then bring the production system down, dump and apply the latest transaction log to the restored system and bring everything up on the new machine in a shot period of time. Any highly available system will have concepts similar to this. Back up the main data and the differential changes separately so that production downtime is only necessary during the period when the very last differences are being applied to the main data set.
All biology experiments so far seem to point to the fact that the DNA chain indeed contains all the information needed to build an organism.
DNA does not specify environment. It needs at least a nucleus or other protective shell to keep from simply degrading in a random environment. It needs proteins and enzymes to transcribe it to be of any use. The nucleus needs a cellular structure to protect it. The cell needs a specific pH and osmotic balance, not to mention food and the ability to dilute or avoid wastes and poisons effectively. For just about anything above single celled life, every new individual needs an ancestor's internal environment to start growing. None of these things are described by DNA; DNA is a map to get from where you are right back to where you were with an extra copy of an individual.
Any corporate IT worth their salt will not be thwarted by your attempts to hide data on their own machines. Only if you have complete trust in your own system can you even begin to think about keeping what you do with it secret. If you can build your own box, stick Linux with LUKS or Windows with truecrypt on it, install virtualization software and run the "corporate image" inside the virtual machine. Don't do anything private in the virtual machine, and don't leave the box accessible when you're not present. That means, practically, shut it off or hibernate it to an encrypted volume. There are numerous hardware attacks to get encryption keys out of running machines, many of them simple and fast like firewire/pccard hacks. This still doesn't prevent simple hardware keylogging or a hidden camera if they really care to catch you doing something against their policies.
And their civilization collapsed utterly and was almost lost to history. Quite a warning for the oil-will-never-run-out-and-global-warming-is-a-myth crowd.
and $200,000 by the end of Obama's eighth year.
...and presumably reduced to $1 per household if a Tea Partier is elected in 2012..
If I don't want you petting my dog, I can put up a fence around my yard that keeps the dog in and strangers out. But there's no fence I can use to stop wireless signals from going past my physical property, or to keep you from petting my computer... digitally, I mean... hey, stop it.
Except, oh, things like ciphers that have been around a couple thousand years (and really, really, great and unbreakable free ones that have been around for ~20 years) and electronic access controls (passwords?) that have been around for 50. Ignorance is no excuse for making stupid laws.
In the past, you are in a public place and people see what you did and had to recollect it from memmory, likely to forget most.
Yeah, tell that to Rodney King and Oscar Grant. The fact that police officers are not routinely sent to jail for shooting/beating unarmed suspects is pretty clear evidence that what happens in public *should* be recorded since the memories of victims and witnesses generally contradict the "memories" of the law enforcement officers involved.
and even if something does go to court, the perp will be out in 3 months.
On the other hand, 3 months in jail for shooting a would-be thief/rapist/murderer is not that bad. That's if the police bother following up on the report of a missing thief/rapist/murderer.
Instead of switching to a screen that spreads the glare out over a larger percentage of the screen, why not move the screen to a place that isn't in blinding sunlight?
Yeah, just move to London or some other permanently smoggy/cloudy city. It'll totally clear up that important decision about whether to buy a matte or shiny LCD screen.
The answer to performance problems is probably hardware acceleration. Intel, AMD, and Via have provided hardware acceleration support for AES and I imagine once SHA-3 is selected it will get support as well. Or just use AES in a mode with authentication like GCM or CCM, which AFAIK is how ZFS will maintain integrity for encrypted file systems.
Combined with a secure timestamping service and a file system with a secure merkle tree of hashes, it would be possible to just sign the root hash of the file system at appropriate times and then securely determine at a later time if certain predicates were satisfied, e.g. "no files have been modified since the last timestamped signature, although new files may have been created" by comparing the hash trees of the file system at the two points in time where it was signed.
2: 64 bit CRCs. This way, a backup program just has to pull from the filesystem stored CRCs and it would know which files have been changed or not. This also helps with integrity checking.
All your other bullet points are pretty reasonable, but CRCs (especially short ones) are really not what you want in this case. A cryptographic hash gives far more probability that the exact same hash implies the same data, on the order of a 1/sqrt(2^n) probability of two random blocks colliding for an n-bit hash. A 64 bit CRC is going to see collisions between two random blocks with a probability of 1/(2^32) (and trivial collisions if someone wants to do it), and there are way more than 4 billion distinct files out there. Relying on a hash for deduplication or for backup purposes (detecting whether a file is changed) is only safe with a cryptographic hash with no known collisions, and even then there are cheaper and safer ways to determine if a file has changed, for instance with a generation number for each file and the entire file system itself that monotonically increases with each file system operation. The latter won't let you deduplicate blocks but if you must have a 0% probability of data loss instead of 1/(2^128), it would be safer than a hash to tell if a file has changed.
I'd also like to add something; individual file versioning. Recently I was playing around with both a NetApp and a ZFS FS and I was disappointed because restoring a single file from a snapshot in both systems seems to be limited to copying the data from the snapshot back into the live file system, even though the snapshot and the filesystem basically live in the same tree of data blocks and it should be possible to simply swap the metadata blocks to instantly restore a 1.3 PB file instead of waiting for it to copy out of the snapshot. Forgive me if I missed something important about snapshots in either system, but it looked to me like there was no way to restore a single file as fast as rolling back an entire filesystem to an earlier snapshot.
and the empricial evidence of the last 100 years makes this so obvious that anyone who choses violence today is obviously either brain-damaged, a coward, or evil. Sometimes all three.
So what's the proper response to these brain-damaged, evil cowards? I need to know, because a majority of my fellow citizens, my elected representatives, military, appointed officials, and their officers of the law are increasingly resorting to violence when interacting with normal citizens in my country and in others. Can a nonviolent minority change a country (even a democracy) where violence is the accepted answer to just about any problem?
The REAL risk is, of course, SkyNet.
It looked a lot like RC4 at first glance. E.g. in a cipher feedback mode where the ciphertext letter of the last operation is the plaintext input to the next operation, its output may be more secure as a stream cipher than its intended usage.