a) Prove this. You probably can't, you'll have to develop a track record of behavior
b) Is it encrypted on my computer before getting to your database? Or am I supposed to assume that you'll be honest and you'll 1) actually encrypt the data and 2) won't keep the password?
c) OK, so you're asking the slashdot crowd to help you play and test... good luck on a) and b)
(Everytime you attempt to quickly placate the fears of your potential audience, you risk weakening the system. I'd recommend staying away from debate until you've received some valuable comments and really thought out a response.)
Personally, I feel the system is too complex and resolves a problem that I, as a 'Net citizen, don't have. I've had visions of grandeur in the past for notarizing PGP keys using real notaries and replacing paper signatures with digital ones. I think it'd be great to walk into the bank, hand over a digital file (on a USB key?) for opening an account, taking out a loan... I hate the paperwork. Although the technologists would love this, the average citizen doesn't get it and can't imagine using it. OK, you're audience is the technologist: well, frankly I (a technologist) am not interested in going through any of this trouble because no site has asked for such tight verification of my identity. And when porn sites tell me to use the adult verification service for a one-time fee of $5 or $20, I start surfing someplace else. Competition will probably drive out any site requiring your authentication services.
Verisign attempts the same thing, but in reverse. I (Mr. Website Owner) purchase a "certificate" from Verisign. Depending on how much I pay, they perform certain types of verification, certify my server's identity, and "people will trust [my] site". Truth is, folks don't typically care if I purchased the certificate from Thawte for $25 or from Verisign for $500; they care that the transaction is encrypted, that they didn't get a security warning, and that my site has not developed a negative reputation (notice I didn't say "has developed a positive reputation").
You idea seems opposite: are sites interested in identifying their customers more assuredly? Well, if so, Verisign also has services it offers for certifying individuals -- but I've never run across a site that requires such strong authentication. I don't think there's tremendous demand for a third party to provide that authentication. Although your implementation may be technically different, there's still little demand for the concept.
I think you've put some valuable thought into some protocols and algorithms that others have devised (Translucent Databases, Applied Cryptography) and designed a concrete implementation. Now, go and create demand for the product.
Read the presentation. Although complete sentences aren't exactly present, there seems to be the indication that access to the source can provide an attack on the watermarking scheme: well, duh, if it's open source just modify the source to eliminate the watermark.
But what's the likelihood a lazy company/individual will actually do this before violating the GPL? Probably slim, but more of the world seems to be going GPL anyway; and if the whole world did GPL, why would you need watermarks?
Point is: if the monopolies of the world insist on using GPL code without releaing the source, they'll expend the effort to remove the watermark.
I'm wondering if somehow the CAGW is actually against free markets and freedom of choice, not to mention a completely care-free attitude regarding how taxpayer money is spent. I think you forget the purpose of government, government that is "of the people, by the people, and for the people". Future officials must have the freedom to innovate for their constituents - improving the efficiency of government processes, reducing constituents' tax bills, and so on.
Let's suppose for a moment that currently elected/appointed/hired government leaders chose a particular monopoly's proprietary software. (Keep in mind that you are not purchasing software, but only a license to use the software; software after all is intellectual property and one may only use licensed software in a manner consistent with its license.) This same monopoly has already decided for you how your hardware will be used (precisely the reason one purchases an operating system) and in what format data is stored. After two or three years there is usually cause to upgrade hardware and software components. By this time, there has likely been a change in government staffing, especially for elected officials. Those officials in office now have to balance a budget not only tp improve the local schools, but also to provide for this system-wide technological upgrade. If an option is to obtain software that has no licensing fee attached, then this becomes a very attractive path for the budget staff - improve the hardware, while obtaining replacement software for little cost. At this point, open standards *must* have been adopted to insure that older documents and files can now be read by the replacement software that saved the local taxpayers $7.5 million for the next three years.
If open standards are not mandated by government for government, then government will be forever forced to purchase from the same vendor or "locked in"; when prices inflate astronomically, and the poeple who foot the bill insist on reduced expenditures by their government, there would be no recourse to reduce those expenditures because the only available vendor is the one upping the price of access to public data.
Remember, in our example, that we licensed the software? Suppose that in rectifying some procedural inefficiencies within a given government, government employees changed the way licensed software is to be used. Unless all employees involved in this transition are legal scholars, they will not be aware (nor are they interested in) whether such activity falls outside the purchased license. At some point the vendor hears of these changes and is less than pleased, because now use of its software falls outside the scope of what is licensed. They offer two remedies: license the software for new usage at an exhorbitant price, or stop using the software. If money is not budgeted for this oversight (remember, the systems administrator is not a law graduate), then the alternatives are 1) acquire open source software to replace the proprietary software (now we're back to needing open standards so that interoperability functions) or 2) deny the local public elementary schools a 50% increase in the number of teachers that it needs to keep up with the growth of the community.
But maybe you think that because "public" goverment using taxpayer money to serve the "public" with "public" works and "public" schools in its community reflects too much communism as well.
Let's straighten out this BS: US Gov'ts are supposed to be created "of the people, by the people, for the people". OK, so now gov't existing as a public entity is now an example of communism??? No, morons. Gov't is "by the people, for the people" and therefore must be accessible by the people (hence the term "public" whatever) -- the people who have freedom to choose what they want, what software they want to use, which brand of soda to drink. If the gov't is public (and it should be) and is created "of the people" (who, by the way, are supposed to rotate in and out of office without making a career of politics), then the next people to enter gov't must have the freedom to make some dicisions (on their constituents' behalves [word?]) including deciding to/not to spend money on Office licenses. In the event we decide not to spedn that money this term, the data has to be open enough that an alternative product may be acquired to work with documents created by previous administrations.
I'm not going to argue communist philosophy, but when [software] corporations get involved in the "community" and "share" their assets (i.e. money), would that not also fit the communism bill? Anyway, folks like SCO and MS who deride the GPL need to get over it and realize that freedom means choice, and if my company wants to write and release protected by copyright law and the GPL, then I'll excercise my freedom to do just that. But don't for a minute assume that if you can't operate your own business under such things that it's suddenly un-American, communist and evil - I'll just do business differently, and probably be better for it. At least I'm Free.
Clean needles for hackers??? (First, I'll assume you meant the unethical cracker type) That comparison would have us giving better tools to UCT hackers to attack systems and then allow some leway for it to happen. Of course, in the case of the druggie, he's only "cracking" (pardon the pun) himself.
Is it a crime to break into systems unnounced? I'll accept that. Is it a crime to see an insecure system and notify the owner? No, but then there's the paradox - defining "breaking in" and "noticing insecurity" to be mutually exclusive.
Yes, if you leave your front door unlocked, the theif still committed the crime of theft. But your own stupidity made it easy for him.
Now having your neighbor arrested for saying "Dude, I saw your door open while you were out. Better close it before something bad happens" is idiotic at the least.
Give the masses safer programming languages and/or execution environments. Make them open so that they can be suited to the needs of the many. But if arrogance on the installer's part ("I'll never get hacked with this in place", "This feature is dumb so let's comment it out", "here's my own great new feature") allows the network/system/application to be hacked...well, stupidity isn't illegal.
Force these dicisions on anyone? No way. If you do, you're no better than the liberty-hating terrorists everyone's been complaining about lately...
Slashdot Mirror
Let's reply to this...
a) Prove this. You probably can't, you'll have to develop a track record of behavior ... good luck on a) and b)
b) Is it encrypted on my computer before getting to your database? Or am I supposed to assume that you'll be honest and you'll 1) actually encrypt the data and 2) won't keep the password?
c) OK, so you're asking the slashdot crowd to help you play and test
(Everytime you attempt to quickly placate the fears of your potential audience, you risk weakening the system. I'd recommend staying away from debate until you've received some valuable comments and really thought out a response.)
Personally, I feel the system is too complex and resolves a problem that I, as a 'Net citizen, don't have. I've had visions of grandeur in the past for notarizing PGP keys using real notaries and replacing paper signatures with digital ones. I think it'd be great to walk into the bank, hand over a digital file (on a USB key?) for opening an account, taking out a loan ... I hate the paperwork. Although the technologists would love this, the average citizen doesn't get it and can't imagine using it. OK, you're audience is the technologist: well, frankly I (a technologist) am not interested in going through any of this trouble because no site has asked for such tight verification of my identity. And when porn sites tell me to use the adult verification service for a one-time fee of $5 or $20, I start surfing someplace else. Competition will probably drive out any site requiring your authentication services.
Verisign attempts the same thing, but in reverse. I (Mr. Website Owner) purchase a "certificate" from Verisign. Depending on how much I pay, they perform certain types of verification, certify my server's identity, and "people will trust [my] site". Truth is, folks don't typically care if I purchased the certificate from Thawte for $25 or from Verisign for $500; they care that the transaction is encrypted, that they didn't get a security warning, and that my site has not developed a negative reputation (notice I didn't say "has developed a positive reputation").
You idea seems opposite: are sites interested in identifying their customers more assuredly? Well, if so, Verisign also has services it offers for certifying individuals -- but I've never run across a site that requires such strong authentication. I don't think there's tremendous demand for a third party to provide that authentication. Although your implementation may be technically different, there's still little demand for the concept.
I think you've put some valuable thought into some protocols and algorithms that others have devised (Translucent Databases, Applied Cryptography) and designed a concrete implementation. Now, go and create demand for the product.
Read the presentation. Although complete sentences aren't exactly present, there seems to be the indication that access to the source can provide an attack on the watermarking scheme: well, duh, if it's open source just modify the source to eliminate the watermark.
But what's the likelihood a lazy company/individual will actually do this before violating the GPL? Probably slim, but more of the world seems to be going GPL anyway; and if the whole world did GPL, why would you need watermarks?
Point is: if the monopolies of the world insist on using GPL code without releaing the source, they'll expend the effort to remove the watermark.
I'm wondering if somehow the CAGW is actually against free markets and freedom of choice, not to mention a completely care-free attitude regarding how taxpayer money is spent. I think you forget the purpose of government, government that is "of the people, by the people, and for the people". Future officials must have the freedom to innovate for their constituents - improving the efficiency of government processes, reducing constituents' tax bills, and so on.
Let's suppose for a moment that currently elected/appointed/hired government leaders chose a particular monopoly's proprietary software. (Keep in mind that you are not purchasing software, but only a license to use the software; software after all is intellectual property and one may only use licensed software in a manner consistent with its license.) This same monopoly has already decided for you how your hardware will be used (precisely the reason one purchases an operating system) and in what format data is stored. After two or three years there is usually cause to upgrade hardware and software components. By this time, there has likely been a change in government staffing, especially for elected officials. Those officials in office now have to balance a budget not only tp improve the local schools, but also to provide for this system-wide technological upgrade. If an option is to obtain software that has no licensing fee attached, then this becomes a very attractive path for the budget staff - improve the hardware, while obtaining replacement software for little cost. At this point, open standards *must* have been adopted to insure that older documents and files can now be read by the replacement software that saved the local taxpayers $7.5 million for the next three years.
If open standards are not mandated by government for government, then government will be forever forced to purchase from the same vendor or "locked in"; when prices inflate astronomically, and the poeple who foot the bill insist on reduced expenditures by their government, there would be no recourse to reduce those expenditures because the only available vendor is the one upping the price of access to public data.
Remember, in our example, that we licensed the software? Suppose that in rectifying some procedural inefficiencies within a given government, government employees changed the way licensed software is to be used. Unless all employees involved in this transition are legal scholars, they will not be aware (nor are they interested in) whether such activity falls outside the purchased license. At some point the vendor hears of these changes and is less than pleased, because now use of its software falls outside the scope of what is licensed. They offer two remedies: license the software for new usage at an exhorbitant price, or stop using the software. If money is not budgeted for this oversight (remember, the systems administrator is not a law graduate), then the alternatives are 1) acquire open source software to replace the proprietary software (now we're back to needing open standards so that interoperability functions) or 2) deny the local public elementary schools a 50% increase in the number of teachers that it needs to keep up with the growth of the community.
But maybe you think that because "public" goverment using taxpayer money to serve the "public" with "public" works and "public" schools in its community reflects too much communism as well.
Let's straighten out this BS: US Gov'ts are supposed to be created "of the people, by the people, for the people". OK, so now gov't existing as a public entity is now an example of communism??? No, morons. Gov't is "by the people, for the people" and therefore must be accessible by the people (hence the term "public" whatever) -- the people who have freedom to choose what they want, what software they want to use, which brand of soda to drink. If the gov't is public (and it should be) and is created "of the people" (who, by the way, are supposed to rotate in and out of office without making a career of politics), then the next people to enter gov't must have the freedom to make some dicisions (on their constituents' behalves [word?]) including deciding to/not to spend money on Office licenses. In the event we decide not to spedn that money this term, the data has to be open enough that an alternative product may be acquired to work with documents created by previous administrations.
I'm not going to argue communist philosophy, but when [software] corporations get involved in the "community" and "share" their assets (i.e. money), would that not also fit the communism bill? Anyway, folks like SCO and MS who deride the GPL need to get over it and realize that freedom means choice, and if my company wants to write and release protected by copyright law and the GPL, then I'll excercise my freedom to do just that. But don't for a minute assume that if you can't operate your own business under such things that it's suddenly un-American, communist and evil - I'll just do business differently, and probably be better for it. At least I'm Free.
Clean needles for hackers??? (First, I'll assume you meant the unethical cracker type) That comparison would have us giving better tools to UCT hackers to attack systems and then allow some leway for it to happen. Of course, in the case of the druggie, he's only "cracking" (pardon the pun) himself.
Is it a crime to break into systems unnounced? I'll accept that. Is it a crime to see an insecure system and notify the owner? No, but then there's the paradox - defining "breaking in" and "noticing insecurity" to be mutually exclusive.
Yes, if you leave your front door unlocked, the theif still committed the crime of theft. But your own stupidity made it easy for him.
Now having your neighbor arrested for saying "Dude, I saw your door open while you were out. Better close it before something bad happens" is idiotic at the least.
Give the masses safer programming languages and/or execution environments. Make them open so that they can be suited to the needs of the many. But if arrogance on the installer's part ("I'll never get hacked with this in place", "This feature is dumb so let's comment it out", "here's my own great new feature") allows the network/system/application to be hacked...well, stupidity isn't illegal.
Force these dicisions on anyone? No way. If you do, you're no better than the liberty-hating terrorists everyone's been complaining about lately...