The problem is that web is server centric. You always connect to a server. It's not just that someone might be listening your conversations (i.e. potential man in the middle); it's that the server is ALWAYS there. That's what I call the "server in the middle" problem, whose solution is of course end-to-end encryption, and that's what my final career CS project was about. I implemented a simple extension for HTML5 in KHTML that allowed you to use your GPG keyring to sign, encrypt and decrypt message, with full support implemented in the browser. This was done two years ago and I also did a small presentation about this at Google office in Spain, though they were not very interested on it (their business model is to be the server in the middle, so no surprise here).
Of course you cannot trust the Javascript code given by the server, because that breaks the security chain. You cannot trust the server in the middle for anything. You should trust only the browser (otherwise you're fucked anyway, which you well might be). Every bit of security should be implemented in the browser and not in Javascript, even the presentation layer (this is what I did, albeit only for very simple text messages). But then that would limit the possibilities: that can work for very simple text applications, but if you want to show smileys, rich text, images, jquery sugar, etc then.. you can't do that.
If you want to implement an end-to-end "google spreadsheet" you won't be able to do that with presentation done completely by the browser, you need to trust the code of the web page. Of course google chrome plugins signed by google would work, but then you're trusting google (and not Fedora for example) and you're not using just standards on the web, you're requiring one specific web browser.
We could go for an end-to-end security basic extensible standard with an increasing list of extensions supported more or less by mainstream browsers. That's one of the possible solutions, but I'm sure there will be better proposals.
That sounds like a great selling point, but I think you're glossing over the fundamental criticism of democracy expressed by people since Plato, which is, basically, that it's mob rule.
If I'm an artist insulting some religious icon and the mob is screaming for my head, the whole point of limiting democracy is that the mob doesn't get what it wants. They have no right to censor my speech, ergo one person can tell millions to go fuck themselves. Enumerated powers, checks and balances, representative democracy, confederation, all of these are tools to limit mob rule.
We have a constitution, and it must be obeyed. The mob cannot censor speech because any law would be against it and the Supreme Court would go against such law.
But your system puts no bar on the tyranny of the majority. Worse still, no one will care who represents them since they can overrule them any time they want, so with no purpose and guidance from voters, those representatives are really just there to enrich themselves through corruption.
The executive power represents the country and within the law they can do whatever they want, so yeah people should care about them. The proxy representatives in the legislative chamber have no power because they always have to vote what people tell them to, so they cannot be corrupted in that way, and the delegates in which people delegate via internet voting are the ones with real power, but their vote is public and if they corrupt, people can instantly change their delegation, which acts as a check and balance system.
You talk about the tyranny of the mob, but the real tyranny I know of is that of the rich and powerful minority, the one we have been suffering in this "democracy". Surely any democratic system is far from perfect, but a liquid democracy puts a bar on the current biggest problem, the rich and powerful minority. They won't be able to convince as easily the mob to do whatever they want as a few congressmen and senators, and anyway at any time the mob realizes they have been tricked it will never be too late to change back the law, something really really difficult with other systems.
Will the "mob" enact stupid laws? Sure, but as Former Google CIO suggest, doing dumb things might not be that bad. And really, can it get much worse than the current system? The current check and balances does not work, and I think liquid democracy will work much better and transparently.
The criticism to direct democracy does not apply to PDI. Partido de Internet is NOT about direct democracy - it's about both direct and representative democracy. You get what you want when you want. The most probable use-case is you stablish a voting delegate, and then once in a while you check that your delegate is doing right. If there's an important voting you can always check the vote your delegate will proxy as yours, and if you don't agree you can emit a direct vote for a specific voting and continue delegating in the rest. And of course if that happens a lot, then you can change your delegate.
Oh and you cannot stablish a voting delegate and forget about it for years: the authorities in charge of the secrecy of the vote need to be many and will have a period of renewal, which could be say 2-4 years. When they change, the votes (including the delegations, which are treated as a special kind of vote, where the options are not YES/NO/ABSTENTION but DELEGATE 1,DELEGATE 2,etc) need to be re-emitted too. So in the end it can function as regular representative democracy where you vote (i.e. delegate) every 4 years, BUT you can change your vote at any time, and you can emit a direct vote if needed for important matters, working as direct democracy when the user wants only (which can be always, never, or anything in between). This is useful because some people always want to vote for X party, but in reality they don't agree 100% with it. For exmaple in spain 50+% voted for Partido Popular, but ~97% was against irak war promoted by Partido Popular. All of them could have voted NO had liquid democracy been in place.
People voting to a traditional party and then also voting in Ágora "virtual parliament" is a non-issue for us: we want more users, and those must naturally come from those voting traditional parties, so that's a "transitional" stage, and as marketing. If lots of people from another party try our system, we believe we will gain lots of people that otherwise wouldn't have known our system and wouldn't have a chance to vote to our party.
So this is what the future is going to be like. First step, make this voluntarily. Then a lot of services will use this. I live in Spain, and I see this coming. Here Franco's dictatorship stablished what you're fighting against in many countries right now: a national identity card (called DNI). Our DNI is already an electronic, comes with a chip with all the information and can be read with a card reader, and contains some legally valid certificates with which you can authenticate and sign anything.
For us, this is a normal thing because we've been living having DNI for decades, and if you ask just about ANYONE, it's good. The police have our fingerprints, photos, and all data, and this way they can identify anyone, they can use the fingerprint for crime-scene-techniques like in CSI, etc.
Now the government of Spain is spending a lot of money and time trying to make people use the electronic DNI. They have a nice web page with info for developers (https://zonatic.usatudni.es/). An increasing number of websites are using https (SSL) for authentication via e-DNI (like banks), and Java Applets for signing all kind of things. For example there's a webpage (tractis) in which you can sign electronic and legally valid contracts.
You might be an optimist and think you have two choices: you can either fight against it, or use it. But really, read all above. This is not something you can easily fight against. I am an advocator for liberties, but I'm also used to having DNI, and I've surrendered. I'm helping a new political party called "Partido de Internet" (Internet Party) whose aim is to be able to have a liquid democracy in which our representatives will vote what people vote over the Internet.... using DNI-e. So yes, I'm helping the governmental machinery trying to spread the usage of electronic national identity cards. Welcome our 1984 overlords!
This is the first step. Next step will be to make its usage mandatory for every login. They're requiring everyone to secure their wifi in Germany to prevent unauthorized people from using their Web access to illegally download data. And then, probably much earlier than 2025, we'll be as bad as in the first digg link in this post. We're already living in a distopy worse than 1984 in many ways, but we see it normal because it can always get worse - and it certainly will.
Feature freeze, no new features only bugfixing?
on
KDE 4.1 Alpha 1 Released
·
· Score: 5, Informative
That's not true my friend, I think you misunderstood the 4.1 Release Schedule. We're in soft feature freeze, but planned features can still be added to the code until May 19th;-)
Please don't be so naive. The anyway, you can still "buy your harddrive" is not a very good one. Firstly, SGAE doesn't only pursue to put a tax on CDs and DVds. No, they certainly don't want to stop there. They have also stated that they are trying to get one over ISPs, which also should monitor their connections for illegal software (remember the think of the children news of yesterday here in slashdot? same). And of course, they want to tax HDs, external or internal, and pen drive and probably, your ass if you let them..
Then you can say: uh oh buy them abroad. But you would know that if everyone thought so, you will end up with all countries having the same laws against the common sense.
BTW, for those of you who don't know it, in Spain there's a *general* HATE against SGAE. We have had widespread videos over the net against SGAE, and even well known humorists have joked about them in television. Although they don't mind, and on the other hand, they do their propaganda job very well.
Yeah, I'm serious. We don't need people owning bits. You know about the pirate party in sweden? I think they have a point.
Even GPL and other opensource licenses use copyright to stand up. But the default copyright is more like a NOCOPYright. MY reasoning is that if opensource model seems to work (have you seen jamendo?), why should the people give any monopoly to the artists, when after all the monopoly is actually given to the record companies and in the end we end up with the overwhelming majority of those artists being unable to success, having a lot of difficulties and only a small minority earning the big money. And who suffers with this ? the people. We don't need no stinkin copyright, what we need is some kind of copyleft by default, and if you want, you can go even more open like public domain, etc..
And this doesn't happen only with copyright, the same applies to trademarks, patents, etc, but I will not enter in that in this post. If they're here is because some powerful lobby which doesn't represent the people did his work. In the beginning, we had no copyright. Now we havethis monster, and the best thing we can do is to get rid of it.
I've read most of the interview (sorry, it's time of exams and I don't have much free time available). Quote:
JA: How well should these specs be able to handle the graphics intensive games that are currently out on the market, and those yet to be released?
Timothy Miller: Keep in mind that no graphics card on the market can fully support Doom III, with all features turned on, at a high framerate. So the fact that a card like this couldn't handle it shouldn't surprise anyone. [And cotinues...]
I was thinking about buying a new graphic card so that I could play some new games, such as Half-Life 2 or Doom III. I'm not a gamer nor I know much about graphic cards, but I like to play videogames from time to time. I really like the idea of an open graphic card, and I certainly would wait and pay 200 for this one.
But I need to know: which games would work fine in this graphic card? Will it play Doom III or Half-Life 2 *without* all the bells and whistles at a decent rate? If so, define to us "decent rate", also:-).
Thanks for your time and good luck with the project,
Edulix
It's not too much difficult to get a 20 seconds boottime (from grub to GDM) in any machine using linux.
And you don't even need to rebuild custom kernels or hardcode anything, just launch GDM as soon as posible, then you load the other services in parallel just like windows do. Some other tricks explained in also help;-).
8 out of the 20 seconds are used for the linux kenrel to load, and the rest are mainly Xfree loading and GDM & GTK loading....
Now imagine if you use a lightweight Xserver like kdrive and port kdrive to a fast-booting kernel such as FreeBSD: I bet you could get under 10 seconds boottimes. And there are still much more tricks:
suspend on disk
compressed second initrd for file needed for booting
a more lightweight Display Manager like the one of Enlightenment guys
Hey harikiri, I've got a solution for your X problems: NoMachine/NX. You can see their details in their webpage where they explain them very well.
A story about it have already been posted in Slashdot and I've tried it myself with their testdrive, where they allow you to connect to a test NX server.
The core of the app is open source and you can use it freely, but their helper apps are closed source. But this is a problem being solved just now, because KDE is going to ship NX server and client support in the near future. In fact, it seems that they closed their config helper apps because it was a need for them, but they want to develop open source software.
PD: I apologise my bad english.
Re:What I want in 2004 . . .
on
Linux in 2004?
·
· Score: 1
Portage is a pretty good solution:
* You can easily install whatever
* There' a lot of software, and it's almost always at it's last version.
* USE variables are a pretty good and easy way of setting compile options.
* It's usally easy to update an ebuild from one version to another (for example from gaim 0.72 to gaim 0.73). Developing ebuilds it's normally easy if you know howto develop bash scripts.
* It's a big and good comunity
Despite maybe portage could be a solution for EmCeeHawking (I also use Gentoo =), I think that Gentoo nor Portage are ready for the desktop, because:
* There's a lot of software, but not all the software that can be used in Linux is into portage, and maybe it's in it, but not up-to-date.
* A need to compile software as the better solution to install programs in Linux, I think that's a poor solution for Joe user, who wants it's software just now!
Precompiled packages exist, but there's no portage tree for them, and Now there are only included some big GRP packages (OO, KDE, Gnome, Xfree..) in the CDs.
I think that what mainly Linux in the desktop needs is:
* Something standard for developers to create packages of their software, so that they don't need to waste their time creating one ebuild, one deb, one rpm for rh9, another for mdk, another for Suse..
* A standard to install, delete, and manage software.
* As readed in Slashdot yesterday in another news, a way so that the developers of each peace of software are the ones in charge of put their applicationsin the menues. A la Mac OS.
And that's what I think that is needed and not planned. There' more needs, but they're more less planed (OpenOffice 2, all the standards of freedesktop, Mono, the KeithPackard Xserver, etc).
Don't get confused: sometimes even me (don't you?) only want to install software and need it to "just functions".
Slashdot Mirror
It's a strong thing to say, but this is what happens when the bus factor strikes.
The problem is that web is server centric. You always connect to a server. It's not just that someone might be listening your conversations (i.e. potential man in the middle); it's that the server is ALWAYS there. That's what I call the "server in the middle" problem, whose solution is of course end-to-end encryption, and that's what my final career CS project was about. I implemented a simple extension for HTML5 in KHTML that allowed you to use your GPG keyring to sign, encrypt and decrypt message, with full support implemented in the browser. This was done two years ago and I also did a small presentation about this at Google office in Spain, though they were not very interested on it (their business model is to be the server in the middle, so no surprise here). Of course you cannot trust the Javascript code given by the server, because that breaks the security chain. You cannot trust the server in the middle for anything. You should trust only the browser (otherwise you're fucked anyway, which you well might be). Every bit of security should be implemented in the browser and not in Javascript, even the presentation layer (this is what I did, albeit only for very simple text messages). But then that would limit the possibilities: that can work for very simple text applications, but if you want to show smileys, rich text, images, jquery sugar, etc then.. you can't do that. If you want to implement an end-to-end "google spreadsheet" you won't be able to do that with presentation done completely by the browser, you need to trust the code of the web page. Of course google chrome plugins signed by google would work, but then you're trusting google (and not Fedora for example) and you're not using just standards on the web, you're requiring one specific web browser. We could go for an end-to-end security basic extensible standard with an increasing list of extensions supported more or less by mainstream browsers. That's one of the possible solutions, but I'm sure there will be better proposals.
We have a constitution, and it must be obeyed. The mob cannot censor speech because any law would be against it and the Supreme Court would go against such law.
The executive power represents the country and within the law they can do whatever they want, so yeah people should care about them. The proxy representatives in the legislative chamber have no power because they always have to vote what people tell them to, so they cannot be corrupted in that way, and the delegates in which people delegate via internet voting are the ones with real power, but their vote is public and if they corrupt, people can instantly change their delegation, which acts as a check and balance system.
You talk about the tyranny of the mob, but the real tyranny I know of is that of the rich and powerful minority, the one we have been suffering in this "democracy". Surely any democratic system is far from perfect, but a liquid democracy puts a bar on the current biggest problem, the rich and powerful minority. They won't be able to convince as easily the mob to do whatever they want as a few congressmen and senators, and anyway at any time the mob realizes they have been tricked it will never be too late to change back the law, something really really difficult with other systems.
Will the "mob" enact stupid laws? Sure, but as Former Google CIO suggest, doing dumb things might not be that bad. And really, can it get much worse than the current system? The current check and balances does not work, and I think liquid democracy will work much better and transparently.
The criticism to direct democracy does not apply to PDI. Partido de Internet is NOT about direct democracy - it's about both direct and representative democracy. You get what you want when you want. The most probable use-case is you stablish a voting delegate, and then once in a while you check that your delegate is doing right. If there's an important voting you can always check the vote your delegate will proxy as yours, and if you don't agree you can emit a direct vote for a specific voting and continue delegating in the rest. And of course if that happens a lot, then you can change your delegate.
Oh and you cannot stablish a voting delegate and forget about it for years: the authorities in charge of the secrecy of the vote need to be many and will have a period of renewal, which could be say 2-4 years. When they change, the votes (including the delegations, which are treated as a special kind of vote, where the options are not YES/NO/ABSTENTION but DELEGATE 1,DELEGATE 2,etc) need to be re-emitted too. So in the end it can function as regular representative democracy where you vote (i.e. delegate) every 4 years, BUT you can change your vote at any time, and you can emit a direct vote if needed for important matters, working as direct democracy when the user wants only (which can be always, never, or anything in between). This is useful because some people always want to vote for X party, but in reality they don't agree 100% with it. For exmaple in spain 50+% voted for Partido Popular, but ~97% was against irak war promoted by Partido Popular. All of them could have voted NO had liquid democracy been in place. People voting to a traditional party and then also voting in Ágora "virtual parliament" is a non-issue for us: we want more users, and those must naturally come from those voting traditional parties, so that's a "transitional" stage, and as marketing. If lots of people from another party try our system, we believe we will gain lots of people that otherwise wouldn't have known our system and wouldn't have a chance to vote to our party.
Sorry, it was me who posted that, I forgot to login =)
Looks like the future is coming. Fast. See this post that appeared in digg TODAY http://digg.com/tech_news/How_to_Access_the_Internet_A_Guide_from_2025
So this is what the future is going to be like. First step, make this voluntarily. Then a lot of services will use this. I live in Spain, and I see this coming. Here Franco's dictatorship stablished what you're fighting against in many countries right now: a national identity card (called DNI). Our DNI is already an electronic, comes with a chip with all the information and can be read with a card reader, and contains some legally valid certificates with which you can authenticate and sign anything.
For us, this is a normal thing because we've been living having DNI for decades, and if you ask just about ANYONE, it's good. The police have our fingerprints, photos, and all data, and this way they can identify anyone, they can use the fingerprint for crime-scene-techniques like in CSI, etc.
Now the government of Spain is spending a lot of money and time trying to make people use the electronic DNI. They have a nice web page with info for developers (https://zonatic.usatudni.es/). An increasing number of websites are using https (SSL) for authentication via e-DNI (like banks), and Java Applets for signing all kind of things. For example there's a webpage (tractis) in which you can sign electronic and legally valid contracts.
You might be an optimist and think you have two choices: you can either fight against it, or use it. But really, read all above. This is not something you can easily fight against. I am an advocator for liberties, but I'm also used to having DNI, and I've surrendered. I'm helping a new political party called "Partido de Internet" (Internet Party) whose aim is to be able to have a liquid democracy in which our representatives will vote what people vote over the Internet.... using DNI-e. So yes, I'm helping the governmental machinery trying to spread the usage of electronic national identity cards. Welcome our 1984 overlords!
This is the first step. Next step will be to make its usage mandatory for every login. They're requiring everyone to secure their wifi in Germany to prevent unauthorized people from using their Web access to illegally download data. And then, probably much earlier than 2025, we'll be as bad as in the first digg link in this post. We're already living in a distopy worse than 1984 in many ways, but we see it normal because it can always get worse - and it certainly will.
That's not true my friend, I think you misunderstood the 4.1 Release Schedule. We're in soft feature freeze, but planned features can still be added to the code until May 19th ;-)
Please don't be so naive. The anyway, you can still "buy your harddrive" is not a very good one. Firstly, SGAE doesn't only pursue to put a tax on CDs and DVds. No, they certainly don't want to stop there. They have also stated that they are trying to get one over ISPs, which also should monitor their connections for illegal software (remember the think of the children news of yesterday here in slashdot? same). And of course, they want to tax HDs, external or internal, and pen drive and probably, your ass if you let them..
Then you can say: uh oh buy them abroad. But you would know that if everyone thought so, you will end up with all countries having the same laws against the common sense.
BTW, for those of you who don't know it, in Spain there's a *general* HATE against SGAE. We have had widespread videos over the net against SGAE, and even well known humorists have joked about them in television. Although they don't mind, and on the other hand, they do their propaganda job very well.
Yeah, I'm serious. We don't need people owning bits. You know about the pirate party in sweden? I think they have a point.
Even GPL and other opensource licenses use copyright to stand up. But the default copyright is more like a NOCOPYright. MY reasoning is that if opensource model seems to work (have you seen jamendo?), why should the people give any monopoly to the artists, when after all the monopoly is actually given to the record companies and in the end we end up with the overwhelming majority of those artists being unable to success, having a lot of difficulties and only a small minority earning the big money. And who suffers with this ? the people. We don't need no stinkin copyright, what we need is some kind of copyleft by default, and if you want, you can go even more open like public domain, etc..
And this doesn't happen only with copyright, the same applies to trademarks, patents, etc, but I will not enter in that in this post. If they're here is because some powerful lobby which doesn't represent the people did his work. In the beginning, we had no copyright. Now we havethis monster, and the best thing we can do is to get rid of it.
I've read most of the interview (sorry, it's time of exams and I don't have much free time available). Quote:
I was thinking about buying a new graphic card so that I could play some new games, such as Half-Life 2 or Doom III. I'm not a gamer nor I know much about graphic cards, but I like to play videogames from time to time. I really like the idea of an open graphic card, and I certainly would wait and pay 200 for this one.
But I need to know: which games would work fine in this graphic card? Will it play Doom III or Half-Life 2 *without* all the bells and whistles at a decent rate? If so, define to us "decent rate", also :-).
Thanks for your time and good luck with the project,
Edulix
It's not too much difficult to get a 20 seconds boottime (from grub to GDM) in any machine using linux.
And you don't even need to rebuild custom kernels or hardcode anything, just launch GDM as soon as posible, then you load the other services in parallel just like windows do. Some other tricks explained in also help ;-).
8 out of the 20 seconds are used for the linux kenrel to load, and the rest are mainly Xfree loading and GDM & GTK loading....
Now imagine if you use a lightweight Xserver like kdrive and port kdrive to a fast-booting kernel such as FreeBSD: I bet you could get under 10 seconds boottimes. And there are still much more tricks:
I'm thinking about building a new distro with some of these ideas and more, if you're interested, edulix@jabber.org ;-).
Cheers,
Edulix.
--- [1] http://forums.gentoo.org/viewtopic.php?t=131142&po stdays=0&postorder=asc
[2] http://www.intel.com/technology/efi/
Hey harikiri, I've got a solution for your X problems: NoMachine/NX. You can see their details in their webpage where they explain them very well.
A story about it have already been posted in Slashdot and I've tried it myself with their testdrive, where they allow you to connect to a test NX server.
The core of the app is open source and you can use it freely, but their helper apps are closed source. But this is a problem being solved just now, because KDE is going to ship NX server and client support in the near future. In fact, it seems that they closed their config helper apps because it was a need for them, but they want to develop open source software.
PD: I apologise my bad english.
Portage is a pretty good solution:
* You can easily install whatever
* There' a lot of software, and it's almost always at it's last version.
* USE variables are a pretty good and easy way of setting compile options.
* It's usally easy to update an ebuild from one version to another (for example from gaim 0.72 to gaim 0.73). Developing ebuilds it's normally easy if you know howto develop bash scripts.
* It's a big and good comunity
Despite maybe portage could be a solution for EmCeeHawking (I also use Gentoo =), I think that Gentoo nor Portage are ready for the desktop, because:
* There's a lot of software, but not all the software that can be used in Linux is into portage, and maybe it's in it, but not up-to-date.
* A need to compile software as the better solution to install programs in Linux, I think that's a poor solution for Joe user, who wants it's software just now!
Precompiled packages exist, but there's no portage tree for them, and Now there are only included some big GRP packages (OO, KDE, Gnome, Xfree..) in the CDs.
I think that what mainly Linux in the desktop needs is:
* Something standard for developers to create packages of their software, so that they don't need to waste their time creating one ebuild, one deb, one rpm for rh9, another for mdk, another for Suse..
* A standard to install, delete, and manage software.
* As readed in Slashdot yesterday in another news, a way so that the developers of each peace of software are the ones in charge of put their applicationsin the menues. A la Mac OS.
And that's what I think that is needed and not planned. There' more needs, but they're more less planed (OpenOffice 2, all the standards of freedesktop, Mono, the KeithPackard Xserver, etc).
Don't get confused: sometimes even me (don't you?) only want to install software and need it to "just functions".
Regards,
Edulix.
PD: Apologise my bad english =).