So "Zero Trust" means to finally do the things that "defense in depth" has been telling you to do for decades, except to explain it poorly? If "the attacker has control of a local computer", what stops the attacker from impersonating whoever logs into that computer? Without 2FA, what keeps the attacker from capturing the legitimate user's password and logging in later?
Close only counts in horseshoes and hand grenades. It's not treason if the Russians set up a meeting offering oppo research, then spring discussion of the Magnitsky Act at the meeting, only to be told "no" or "we can't commit to that". Do you have actual evidence that any Trump person agreed to, or delivered, a "quo" in the hypothesized "quid pro quo"?
That's still not democracy. Besides, you are conflating two seriously different ideas: one is that "the people" want net neutrality, and the other is that "the people" want violent attacks on Ajit Pai. Even if the first is true, the second is certainly false, so it still makes sense to call violent attacks on Ajit Pai "subverting democracy".
Surely you see the problem with the idea of "don't trust a PC until a user logs in" if the concern is that the user visits "bad websites" while they are logged in. (And don't call me Shirley!)
It's really not, especially when you haven't actually polled all of "the people" on the question, and also when they (reasonably) delegate most sovereignty because they don't want to learn the details off every issue.
Re digital signatures: I never said that you should verify the firmware by trusting a digital signature. I specifically left the verification mechanism unspecified because of the difficulties you mention. I chose a printer as an example because even if a network's administrators attempt a "zero trust" model, other users probably will not adopt the same model: they will (in most cases) blindly trust that the thing their computer says is a printer does the right thing, or trust that the email bearing the company president's name really came from the company president.
Why shouldn't we call it overthrowing democracy? If you're going to be that pedantic about the definition of democracy, don't call the US a democracy at all, because it's also a representative republic. Does it matter that much whether the phrase you accept is "overthrowing democracy" or "overthrowing the legitimate government"?
Before the 17th Amendment, those states could always change their approach. The amendment could have a major effect even if it did not change the way many states selected their US senators.
How does PGP protect against your computer getting infected by malware that impersonates you?
The "zero trust" approach mostly guards against the same attacks that locking down ports to known/expected MAC addresses does, although hopefully using more robust methods of identification. It can also guards against subversion of idle computers, but requires secure and clearly managed delegation mechanisms. Getting the delegation wrong can open up impersonation attacks that are probably worse than idle machines being compromised.
My point with that example was that I strongly doubt anyone is using the "zero trust" idea when they decide whether to send their document to a particular printer.
Defense in depth is a very valuable concept, but "zero trust" seems like it is taking things too far. Do you not trust a printer to print your document unless you, as the end user (or executive officer) have verified its firmware is authorized by the manufacturer and has not been subverted? What if it prints your document but injects errors or sends a copy to a foreign espionage organization? How does a server decide whether to trust a request from a computer where a known user is logged in, rather than rejecting it as a web browser that got subverted by malware or a new-fangled kind of attack ad?
Verizon Government Services, Inc., a wholly owned subsidiary of Verizon, pledges that it will live up to Net Neutrality With Unicorn Chasers, and also that it won't bid for any business except for state and local governments that have contractual clauses requiring Net Neutrality With Unicorn Chasers.
If you want to re-assert states' rights, repeal the Seventeenth Amendment. The original method for appointing senators was explicitly intended to ensure that the Senate would protect the rights and interests of state-level governments, and not just be a copy of the House of Representatives with longer terms.
The 17th Amendment was passed because of extensive corruption in how states chose senators, but we have a much stronger set of laws and political restraints against that kind of corruption now, so we probably do not need popular elections of US senators to keep it from coming back. (Obviously, states that want to keep popular elections of their senators could make that a state-level rule.)
"Elections have consequences." If you don't like the policies chosen by the duly elected government and the people they appoint, "go out there and win an election."
If you don't want the president to appoint unelected people to the executive branch, convince people to change the start of Article II of the Constitution where it says that "[t]he executive Power shall be vested in a President of the United States of America." Also the bit in Article I that says that "no Person holding any Office under the United States, shall be a Member of either House during his Continuance in Office".
Building and operating the infrastructure is indeed a natural monopoly, and it is reasonable to vertically extend it to the provision of broadcast services (like traditional TV) over that infrastructure. No one has made a convincing case that the same natural monopoly extends vertically to the provision of switched services, whether those are virtual circuit-swiched services like traditional voice calls, or packet-switched services like computer traffic. I do not think a convincing case for that exists.
The reasons we have that vertical integration are historical -- because it was easy for the companies that built infrastructure to package extra stuff in -- and legal -- because those companies have lobbied against open-access rules.
For a while, laws were passed to require the companies that ran telephone lines (ILECs, in the industry jargon) to provide reasonable and non-discriminatory access for competitive providers (CLECs) to the switching offices where customers' telephone lines were aggregated. The ILECs successfully lobbied to have those requirements struck for non-POTS systems, like FTTP, and then effectively killed their POTS systems to kill the CLECs.
So your complaints are not really about net neutrality, but instead about monopolies or near monopolies? And you're not going to even try to identify why those (near) monopolies exist, or the myriad other ways a monopoly can screw their customers?
In this case, reading the intro page without careful double-checking would be a bad idea. The "Basics" section of the project's README.md makes two simply wrong claims in three short paragraphs: that a "flick" is the smallest unit of time larger than a nanosecond that can represent 1/24000 s,..., 1/120000 s as integers (there are many time units between a nanosecond and a flick that evenly divide all of those durations); and that NTSC times are inherently inexact (NTSC frame durations can be exactly represented with flicks).
The number they chose is relatively easy to explain and defend, but the README.md does a bad job of that. The denominator is the least common multiple of 44100, 90000, 100000, 120000 and 192000. I have no idea why they want to exactly represent thousandths of a video frame's duration, but if you take that as important, your clock must run at some multiple of 705.6 MHz.
They were wrong about NTSC, though. Because they chose a multiple of 120000 as the denominator, NTSC frame durations are representable with integer flick counts. That inaccuracy seems par for the course of their documentation, sadly.
Correction: The NTSC frame rates can be represented exactly as flicks, but also with any other multiple of 3,600,000 (which also reflects their desire to exactly support 1000 times the 24, 25, 30, 48, 50, 60, 90, 100 and 120 Hz rates).
The way they got to 705,600,000 is by also including 44100 Hz and 192000 Hz for audio purposes. 705,600,000 is the least common multiple of 88,200, 90,000, 100,000, 120,000 and 192,000 (along with the other numbers they cite, which are all divisors of those).
Except that all of those frame rates are also integer divisors of 3600 Hz, so 1/3600 Hz would naturally support all of those frame rates also. They have an extra factor of 196,000 beyond what is needed. Even if you want margin for more (weirder) frame rates, and to be conveniently close to a power-of-10 of a second, they could go for 1/864,000 of a second (864,000 = 3600 * 16 * 3 * 5) and have more manageable counts.
Slashdot Mirror
So "Zero Trust" means to finally do the things that "defense in depth" has been telling you to do for decades, except to explain it poorly? If "the attacker has control of a local computer", what stops the attacker from impersonating whoever logs into that computer? Without 2FA, what keeps the attacker from capturing the legitimate user's password and logging in later?
Close only counts in horseshoes and hand grenades. It's not treason if the Russians set up a meeting offering oppo research, then spring discussion of the Magnitsky Act at the meeting, only to be told "no" or "we can't commit to that". Do you have actual evidence that any Trump person agreed to, or delivered, a "quo" in the hypothesized "quid pro quo"?
That's still not democracy. Besides, you are conflating two seriously different ideas: one is that "the people" want net neutrality, and the other is that "the people" want violent attacks on Ajit Pai. Even if the first is true, the second is certainly false, so it still makes sense to call violent attacks on Ajit Pai "subverting democracy".
Surely you see the problem with the idea of "don't trust a PC until a user logs in" if the concern is that the user visits "bad websites" while they are logged in. (And don't call me Shirley!)
It's really not, especially when you haven't actually polled all of "the people" on the question, and also when they (reasonably) delegate most sovereignty because they don't want to learn the details off every issue.
Re digital signatures: I never said that you should verify the firmware by trusting a digital signature. I specifically left the verification mechanism unspecified because of the difficulties you mention. I chose a printer as an example because even if a network's administrators attempt a "zero trust" model, other users probably will not adopt the same model: they will (in most cases) blindly trust that the thing their computer says is a printer does the right thing, or trust that the email bearing the company president's name really came from the company president.
Why shouldn't we call it overthrowing democracy? If you're going to be that pedantic about the definition of democracy, don't call the US a democracy at all, because it's also a representative republic. Does it matter that much whether the phrase you accept is "overthrowing democracy" or "overthrowing the legitimate government"?
Before the 17th Amendment, those states could always change their approach. The amendment could have a major effect even if it did not change the way many states selected their US senators.
So how is that different than the "defense in depth" idea that had been around for decades?
How does PGP protect against your computer getting infected by malware that impersonates you?
The "zero trust" approach mostly guards against the same attacks that locking down ports to known/expected MAC addresses does, although hopefully using more robust methods of identification. It can also guards against subversion of idle computers, but requires secure and clearly managed delegation mechanisms. Getting the delegation wrong can open up impersonation attacks that are probably worse than idle machines being compromised.
My point with that example was that I strongly doubt anyone is using the "zero trust" idea when they decide whether to send their document to a particular printer.
Defense in depth is a very valuable concept, but "zero trust" seems like it is taking things too far. Do you not trust a printer to print your document unless you, as the end user (or executive officer) have verified its firmware is authorized by the manufacturer and has not been subverted? What if it prints your document but injects errors or sends a copy to a foreign espionage organization? How does a server decide whether to trust a request from a computer where a known user is logged in, rather than rejecting it as a web browser that got subverted by malware or a new-fangled kind of attack ad?
Verizon Government Services, Inc., a wholly owned subsidiary of Verizon, pledges that it will live up to Net Neutrality With Unicorn Chasers, and also that it won't bid for any business except for state and local governments that have contractual clauses requiring Net Neutrality With Unicorn Chasers.
If you want to re-assert states' rights, repeal the Seventeenth Amendment. The original method for appointing senators was explicitly intended to ensure that the Senate would protect the rights and interests of state-level governments, and not just be a copy of the House of Representatives with longer terms.
The 17th Amendment was passed because of extensive corruption in how states chose senators, but we have a much stronger set of laws and political restraints against that kind of corruption now, so we probably do not need popular elections of US senators to keep it from coming back. (Obviously, states that want to keep popular elections of their senators could make that a state-level rule.)
"Elections have consequences." If you don't like the policies chosen by the duly elected government and the people they appoint, "go out there and win an election."
If you don't want the president to appoint unelected people to the executive branch, convince people to change the start of Article II of the Constitution where it says that "[t]he executive Power shall be vested in a President of the United States of America." Also the bit in Article I that says that "no Person holding any Office under the United States, shall be a Member of either House during his Continuance in Office".
Building and operating the infrastructure is indeed a natural monopoly, and it is reasonable to vertically extend it to the provision of broadcast services (like traditional TV) over that infrastructure. No one has made a convincing case that the same natural monopoly extends vertically to the provision of switched services, whether those are virtual circuit-swiched services like traditional voice calls, or packet-switched services like computer traffic. I do not think a convincing case for that exists.
The reasons we have that vertical integration are historical -- because it was easy for the companies that built infrastructure to package extra stuff in -- and legal -- because those companies have lobbied against open-access rules.
For a while, laws were passed to require the companies that ran telephone lines (ILECs, in the industry jargon) to provide reasonable and non-discriminatory access for competitive providers (CLECs) to the switching offices where customers' telephone lines were aggregated. The ILECs successfully lobbied to have those requirements struck for non-POTS systems, like FTTP, and then effectively killed their POTS systems to kill the CLECs.
So your complaints are not really about net neutrality, but instead about monopolies or near monopolies? And you're not going to even try to identify why those (near) monopolies exist, or the myriad other ways a monopoly can screw their customers?
Thanks for outting yourself as an employee of the Kremlin's troll army.
In this case, reading the intro page without careful double-checking would be a bad idea. The "Basics" section of the project's README.md makes two simply wrong claims in three short paragraphs: that a "flick" is the smallest unit of time larger than a nanosecond that can represent 1/24000 s, ..., 1/120000 s as integers (there are many time units between a nanosecond and a flick that evenly divide all of those durations); and that NTSC times are inherently inexact (NTSC frame durations can be exactly represented with flicks).
The number they chose is relatively easy to explain and defend, but the README.md does a bad job of that. The denominator is the least common multiple of 44100, 90000, 100000, 120000 and 192000. I have no idea why they want to exactly represent thousandths of a video frame's duration, but if you take that as important, your clock must run at some multiple of 705.6 MHz.
They were wrong about NTSC, though. Because they chose a multiple of 120000 as the denominator, NTSC frame durations are representable with integer flick counts. That inaccuracy seems par for the course of their documentation, sadly.
Correction: The NTSC frame rates can be represented exactly as flicks, but also with any other multiple of 3,600,000 (which also reflects their desire to exactly support 1000 times the 24, 25, 30, 48, 50, 60, 90, 100 and 120 Hz rates).
The way they got to 705,600,000 is by also including 44100 Hz and 192000 Hz for audio purposes. 705,600,000 is the least common multiple of 88,200, 90,000, 100,000, 120,000 and 192,000 (along with the other numbers they cite, which are all divisors of those).
No. As an AC or two has pointed out, NTSC-based frame rates would need a factor of 1001 also.
There would be way too many opportunities to complain about Facebook and/or Oculus being fricking stupid.
Except that all of those frame rates are also integer divisors of 3600 Hz, so 1/3600 Hz would naturally support all of those frame rates also. They have an extra factor of 196,000 beyond what is needed. Even if you want margin for more (weirder) frame rates, and to be conveniently close to a power-of-10 of a second, they could go for 1/864,000 of a second (864,000 = 3600 * 16 * 3 * 5) and have more manageable counts.
Tell that to the people who think it's funny to order "flied lice" at a Chinese or Japanese restaurant (and who apparently work at Facebook).