Well, all legislation deals with morality; I think your (completely valid, IMHO, incidentally) concern has more to do with its granularity. Proving harm is tough, which is why I think it's an excellent test, as you say: if you're having a tough time making your case, maybe you should consider dropping it.
Now, on your examples, I think you may be taking it a bit too far. Specifically, if your possession (and, presumably, your use) of some illegal product promotes or encourages its trafficking, I think you could effectively argue that it too should be illegal. Now, that doesn't mean that you expend the same resources in enforcing these laws: I don't think anyone would argue that busting everyone with a dimebag or picture or two is an efficient use of resources. However, if I'm spending a lot of money consuming an illegal product (be it child porn, illegal drugs, etc.), I think it's reasonable to say that I'm contributing to the problem.
But again, it's the level of granularity that's key: it was eventually decided that prohibition was excessive. What about marijuana? Polygamy? I don't know the answers to these questions, but I do feel that intelligent debates concerning provable harm would be an excellent starting point.
If you want to commit a crime online, it's easy enough to drive your car to the next city, open you laptop and connect to a random open AP.
Yeah, like this guy. He only got caught 'cause he set a meet. I wonder if the "elderly couple" were reprimanded for leaving their AP open? It doesn't sound like it.
Ordinary hijackers may be different, but a religious terrorist already on their way to martyrdom?
Agreed. I would argue that it's unrealistic to expect to identify that sort of threat at the airport terminal; you need to have intelligence on that threat before the associated persons get to the terminal, and adequate systems on-site to identify them, however calm and collected they may appear to the front-line personnel.
Behavioural profiling should be one tool in your toolbox, to use a tired old analogy.
Nursie, I was going to reply to your earlier comment, but I agree with Taskiss on this one, so I'll reply here. First, I think we need to separate security policy from its implementation: as a security policy, behavioural profiling often makes sense; however, it isn't easy to do properly: it takes a lot of well-trained resources (more than the week-long course some organizations tout) that are well-placed (e.g., as many have pointed out, many people are nervous at the bottlenecks, so having people amongst the milling crowds is important).
And, yes, in many cases it's the low-hanging fruit that get caught in this way: think Ahmed Ressam in 1999 (and search for 'hinky' at schneier.com for other examples). But these sorts of threats are very serious nonetheless, and are something that we have a reasonable chance of thwarting if we implement these policies correctly. That is, we have to be realistic about the rates of false positives so that we don't make the bottlenecks worse for minimal payoff.
I think it's important to encourage organizations to properly resource these sorts of efforts because the alternatives simply aren't as effective, and, frankly, are a heck of a lot more scary: racial profiling; multiple checks of a single, federated identity, etc. I appreciate the skepticism of the/. crowd, but I think we need to recognize that some policies and mechanisms are better than others if we want people to listen to us.
I believe the parent poster's point was that the person who finds the lost key won't know which door it opens, unless, of course, the hotel is kind enough to include that information on the mag stripe (and said person has a card reader handy).
Man, that's so annoying. That apostrophe rule is simple, to say nothing about the 'm' instead of 'b' problem. Why don't these submitters spend an extra minute proofreading their posts?
Oh man! I hadn't heard of this beast. Have you played it? The few reviews I've read this morning are disappointing, but they won't stop me from buying it (for instance, I like the look of Transport Tycoon... and the Locomotion screenshots, by extension).
Oh, I loved playing that game. Lost my copy, and keep looking at every * Tycoon game in the bargain bins, hoping for the same experience. OpenTTD had me so excited... until I realized that you need the original game files.:-(
I just find every third thought I have is COH related. I have those "Oh, I should tell my wife/buddy/stranger on the bus about this!" moments, only to realize that they're all game related, and they won't give a hoot. A good example is City of Zeroes: hilarious, if you play.
Bit late, I know, but they do go much faster: 30+ MPH. The model I used had three keys, colour-coded, and I was told (since they wouldn't give it to me) that the top-end red key lets you go 30+ MPH.
Plus, it isn't competing with the bicycle, in my mind. For example, in Las Vegas, Aladdin hotel employees were using them to zip around The Desert Passage (the biggest shopping mall in a good chunk of the world, housed within the Aladdin); they were asking people if they were enjoying their visit, if they needed help finding a shop, etc. While the avenues were wide, there's no way you could ride a bike in there and not worry about running someone over; plus, you'd be surprised how willing people are to interact with you when you're on one of these things. It's so fluid, you forget they aren't walking - something no one would say about a bicyclist.
Having said that, I have seen Segways marketed as commuter vehicles; this is just silly in my mind. But in large enclosed areas, for people who are on their feet all day? (Another example: our hotel maintenance staff used them.) Nothing better.
... I don't have a need to defend against.gov adversaries...
That may be true, but, playing devil's advocate, just because information (e.g., keys) is stored on government information systems doesn't mean that the government is the only body who has access to it. You are implicitly relying on a specific department or agency to secure their information systems.
Vuarnet T-shirts... Ah, elementary school. Don't forget the Daniel Hechter sweatshirts; I had to buy a girl's one because I was so small. Little did I know that two slashes above the name go the other way on the girl's stuff, so everyone knew... *blush*
I'm so late in commenting on your response to the Register's Service Pack 2 article that the discussion has been archived. Luckily you're repeating your message in more recent discussions.
You ended your previous comment with "[i]f you disagree, reply and let me know why you do." A few others did just that, so I won't repeat their comments (e.g., that being moderated as funny has no effect on your karma). Your comment failed to persuade me. With the exception of the Intel article, you offered broad generalizations of/.'s coverage of predictable, inflammatory subjects as evidence of a smear campaign. Add to that comments about liking/. in the 90's - when your is well over 700,000 - and I begin to question your credibility.
I started reading/. in 1997. Yes, it has changed over the years, but, obviously, I still find value in it. I think it's telling that you offer no alternatives for science or computer news. I will: KurzweilAI.net is a better science news site, in my opinion. However, I have yet to find any site that covers the breadth of topics on/. Do I have to filter what I read? Yes, of course. I don't read any of the articles and discussions some days (or I put them off for a long time, like the SP2 article in the Register). My point is that I tend to find nuggets in a lot of the articles that are posted (e.g., the recommended NetBIOS null session policy change in the Register article), making/. worth my time.
If you have other information to support your suspicions of a Microsoft smear campaign, however, I'd be interested in reading it.
I wouldn't classify the parent as flamebait. He has a point: this is listed under "It's funny. Laugh," and yet everyone (admittedly, an international community) jumped on the legal implications. Where are the people pointing out the funniest posts, or, better yet, continuing the funniest posts? I've read a couple of funny comments out of, what, close to 400?
do you believe that there are more than one internet?
Well, again, as others have pointed out, any IP network could be referred to as an internet. Within an organization we'd call it an intranet, and, by extension, any dedicated IP network connecting two or more organizations could be called an internet.
please explain how confusion could result if i change your example to: which network are you referring to? oh the internet?
Well, for example, what if another organization was thinking about joining the internet in the previous paragraph? If they're discussing options over e-mail, listing one as leasing a line to connect to the internet versus connecting to the internet through one of the organizations' Internet connection could be confusing without the distinction.
Does the capitalization improve or impede understanding in any way?
Well, as pointed out in some of the earlier comments I've read, it's often used to distinguish proper nouns, which, in my opinion, improves understanding. E.g., Which network are you referring to? Oh, the Internet.
Agreed. I've seen comments like "which is better? EAL3 or EAL4?" But I'm still confident that I (and like-minded people like yourself) can get the word out, so long as we keep commenting on these CC articles.:-)
Slashdot Mirror
I was ready to post a "Cue the Raptors jokes" comment... Nice. :-)
Well, all legislation deals with morality; I think your (completely valid, IMHO, incidentally) concern has more to do with its granularity. Proving harm is tough, which is why I think it's an excellent test, as you say: if you're having a tough time making your case, maybe you should consider dropping it.
Now, on your examples, I think you may be taking it a bit too far. Specifically, if your possession (and, presumably, your use) of some illegal product promotes or encourages its trafficking, I think you could effectively argue that it too should be illegal. Now, that doesn't mean that you expend the same resources in enforcing these laws: I don't think anyone would argue that busting everyone with a dimebag or picture or two is an efficient use of resources. However, if I'm spending a lot of money consuming an illegal product (be it child porn, illegal drugs, etc.), I think it's reasonable to say that I'm contributing to the problem.
But again, it's the level of granularity that's key: it was eventually decided that prohibition was excessive. What about marijuana? Polygamy? I don't know the answers to these questions, but I do feel that intelligent debates concerning provable harm would be an excellent starting point.
Yeah, like this guy. He only got caught 'cause he set a meet. I wonder if the "elderly couple" were reprimanded for leaving their AP open? It doesn't sound like it.
Agreed. I would argue that it's unrealistic to expect to identify that sort of threat at the airport terminal; you need to have intelligence on that threat before the associated persons get to the terminal, and adequate systems on-site to identify them, however calm and collected they may appear to the front-line personnel.
Behavioural profiling should be one tool in your toolbox, to use a tired old analogy.
Nursie, I was going to reply to your earlier comment, but I agree with Taskiss on this one, so I'll reply here. First, I think we need to separate security policy from its implementation: as a security policy, behavioural profiling often makes sense; however, it isn't easy to do properly: it takes a lot of well-trained resources (more than the week-long course some organizations tout) that are well-placed (e.g., as many have pointed out, many people are nervous at the bottlenecks, so having people amongst the milling crowds is important).
/. crowd, but I think we need to recognize that some policies and mechanisms are better than others if we want people to listen to us.
And, yes, in many cases it's the low-hanging fruit that get caught in this way: think Ahmed Ressam in 1999 (and search for 'hinky' at schneier.com for other examples). But these sorts of threats are very serious nonetheless, and are something that we have a reasonable chance of thwarting if we implement these policies correctly. That is, we have to be realistic about the rates of false positives so that we don't make the bottlenecks worse for minimal payoff.
I think it's important to encourage organizations to properly resource these sorts of efforts because the alternatives simply aren't as effective, and, frankly, are a heck of a lot more scary: racial profiling; multiple checks of a single, federated identity, etc. I appreciate the skepticism of the
I believe the parent poster's point was that the person who finds the lost key won't know which door it opens, unless, of course, the hotel is kind enough to include that information on the mag stripe (and said person has a card reader handy).
Man, that's so annoying. That apostrophe rule is simple, to say nothing about the 'm' instead of 'b' problem. Why don't these submitters spend an extra minute proofreading their posts?
Oh man! I hadn't heard of this beast. Have you played it? The few reviews I've read this morning are disappointing, but they won't stop me from buying it (for instance, I like the look of Transport Tycoon... and the Locomotion screenshots, by extension).
I agree with the comments above: if he knew his ICQ account was being monitored, why wouldn't he lay low, or at least quit expanding his web of trust?
Oh, I loved playing that game. Lost my copy, and keep looking at every * Tycoon game in the bargain bins, hoping for the same experience. OpenTTD had me so excited... until I realized that you need the original game files. :-(
How do people live without a travel power? ;-)
I just find every third thought I have is COH related. I have those "Oh, I should tell my wife/buddy/stranger on the bus about this!" moments, only to realize that they're all game related, and they won't give a hoot. A good example is City of Zeroes: hilarious, if you play.
Bit late, I know, but they do go much faster: 30+ MPH. The model I used had three keys, colour-coded, and I was told (since they wouldn't give it to me) that the top-end red key lets you go 30+ MPH.
Plus, it isn't competing with the bicycle, in my mind. For example, in Las Vegas, Aladdin hotel employees were using them to zip around The Desert Passage (the biggest shopping mall in a good chunk of the world, housed within the Aladdin); they were asking people if they were enjoying their visit, if they needed help finding a shop, etc. While the avenues were wide, there's no way you could ride a bike in there and not worry about running someone over; plus, you'd be surprised how willing people are to interact with you when you're on one of these things. It's so fluid, you forget they aren't walking - something no one would say about a bicyclist.
Having said that, I have seen Segways marketed as commuter vehicles; this is just silly in my mind. But in large enclosed areas, for people who are on their feet all day? (Another example: our hotel maintenance staff used them.) Nothing better.
That may be true, but, playing devil's advocate, just because information (e.g., keys) is stored on government information systems doesn't mean that the government is the only body who has access to it. You are implicitly relying on a specific department or agency to secure their information systems.
Vuarnet T-shirts... Ah, elementary school. Don't forget the Daniel Hechter sweatshirts; I had to buy a girl's one because I was so small. Little did I know that two slashes above the name go the other way on the girl's stuff, so everyone knew... *blush*
I'm so late in commenting on your response to the Register's Service Pack 2 article that the discussion has been archived. Luckily you're repeating your message in more recent discussions.
/.'s coverage of predictable, inflammatory subjects as evidence of a smear campaign. Add to that comments about liking /. in the 90's - when your is well over 700,000 - and I begin to question your credibility.
/. in 1997. Yes, it has changed over the years, but, obviously, I still find value in it. I think it's telling that you offer no alternatives for science or computer news. I will: KurzweilAI.net is a better science news site, in my opinion. However, I have yet to find any site that covers the breadth of topics on /. Do I have to filter what I read? Yes, of course. I don't read any of the articles and discussions some days (or I put them off for a long time, like the SP2 article in the Register). My point is that I tend to find nuggets in a lot of the articles that are posted (e.g., the recommended NetBIOS null session policy change in the Register article), making /. worth my time.
You ended your previous comment with "[i]f you disagree, reply and let me know why you do." A few others did just that, so I won't repeat their comments (e.g., that being moderated as funny has no effect on your karma). Your comment failed to persuade me. With the exception of the Intel article, you offered broad generalizations of
I started reading
If you have other information to support your suspicions of a Microsoft smear campaign, however, I'd be interested in reading it.
The parent mod is unfair.
I wouldn't classify the parent as flamebait. He has a point: this is listed under "It's funny. Laugh," and yet everyone (admittedly, an international community) jumped on the legal implications. Where are the people pointing out the funniest posts, or, better yet, continuing the funniest posts? I've read a couple of funny comments out of, what, close to 400?
Well, again, as others have pointed out, any IP network could be referred to as an internet. Within an organization we'd call it an intranet, and, by extension, any dedicated IP network connecting two or more organizations could be called an internet.
Well, for example, what if another organization was thinking about joining the internet in the previous paragraph? If they're discussing options over e-mail, listing one as leasing a line to connect to the internet versus connecting to the internet through one of the organizations' Internet connection could be confusing without the distinction.
Well, as pointed out in some of the earlier comments I've read, it's often used to distinguish proper nouns, which, in my opinion, improves understanding. E.g., Which network are you referring to? Oh, the Internet.
Kinda puts your nick in a new light, eh? ;-)
I know I'm a bit late pointing this out, but there are flaws in Shapiro's argument. I've taken the time to enumerate them for those who are interested.
And, as I've pointed out before, GNU/Linux has been certified to EAL3 as SuSE Linux Enterprise Server V8, so this oft-referenced EAL gap is closing.
Everything changes when the attacker has physical access to your hardware (as others have pointed out).
The Common Criteria is an internationally-recognized standard, so the U.S. gov't would recognize the German EAL3 augmented evaluation of SuSE Linux Enterprise Server V8 that just finished up in January 2004.
There's also a Columbia crew memorial on Mars now.
Absolutely!
Buyuk-kokten!
Hoy-ruhken!
Not sure what this says about my sense of humour, but I laughed out loud. Thanks! :-)
Agreed. I've seen comments like "which is better? EAL3 or EAL4?" But I'm still confident that I (and like-minded people like yourself) can get the word out, so long as we keep commenting on these CC articles. :-)