Okay. The alternative is that an intelligent Indian person comes to the US and studies cryptography, then goes back to India and starts teaching it.
What's the net benefit to the US? Maybe $100K. So how do we keep the money in the US? Force everyone with a graduate degree from a US university to stay in the country? Then you get a pair of intelligent Indian people; one gets a doctorate in applied cryptography and teaches everything he learns to the other.
Now we require that everyone who talks with anyone with a graduate degree from a US university has to stay in the country. Hell, why not just close the borders entirely? Nobody gets in, nobody gets out.
There's still the problem of correspondence. So why not close all borders permanently to all traffic? No goods enter or leave the country; no communications outside the country. And set up a 50-mile wide belt of land mines around all our borders so people can't use semaphore, and outlaw radio communications, and....
Hell, why not just outlaw learning. That'd show 'em.
Not so. In a home environment, yes; but if you're talking about a server in a corporation, you'd need to open it up and modify the contents. A business will likely be using LDAP or something similar, or at least you'll need to provide another password in order to modify anything beyond the workstation you're on. And that password is on a machine that you won't have physical access to.
That aside, ideological posturing doesn't actually cut any cheese. MP3 is currently a standard; not supporting it does mean that your system is broken (provided that multimedia playback is a feature). If you want to improve the situation with patented codecs, distribute music in OGG format and help to develop better, free codecs. Send letters to Microsoft and mp3 player manufacturers encouraging them to support OGG. Don't just lock marginal portions of the population out of the bulk of available music.
Perhaps SanDisk would have gotten better karma if it started a site that happened to give preference to its products for review (that is, SanDisk products are reviewed first; all SanDisk mp3 players get reviews) and actually seemed fair about its ratings and honest with its reviews?
It would have impressed us if we decided to trust it.
True; my mistake. A similar system has been extensively tested: ECHELON. It isn't exactly the same, though; the AT&T issue was the first we heard of this type of record being obtained en masse by the NSA.
"...some people just cant keep politics out of the technological discussion..."
If you had mentioned that you wanted to keep it a discussion of the effectiveness of such datamining, then that would be a valid comment.
On the other hand, if monitoring phone calls were that effective, ECHELON would have prevented terrorist attacks and probably been touted as having done so. After all, ECHELON has the content of the messages available, unlike this measure; and it's been active for ten or fifteen years. So we actually have the processing power, apparently, and possibly the heuristics in question, but there are no reported successes. Why is that?
Okay, what of trackers that have a similar policy where any copyright violating torrents are removed as soon as the copyright holder sends the site owner a request to take down the material?
You could, I don't know, have the virus delete the portion of itself that contains the password.
You'd want a life cycle divided into propagation and attack, naturally: in propagation, it looks for new computers to infect and possibly checks for updates via IRC. During attack, it encrypts the files and deletes the key.
Of course, in this case we could use a randomly generated key and send it to the virus writer.
The difference between Google and a torrent tracker is the tracker is usually run by students who can afford at most one or two lawyers, whereas Google can afford half the lawyers in the US at need.
The difference is that Google makes billions of dollars and employs thousands of people, which generates tax revenue, whereas torrent trackers do not generate government revenue.
Is DX10 not backwards-compatible? I thought all DirectX versions were backwards-compatible so far. So, to reach a wider audience, they could go for DX9 instead.
You know what would reduce the instance of teen pregnancy? Accepting (teen) sex as natural and unavoidable, and educating teens on the use of contraceptives. If we try to hide sex from teens, they'll be exceptionally eager to have it.
And if we want people to use condoms, we should teach girls how to put them on for guys. Guys don't have a stake in the matter; they don't get pregnant. Therefore the decision should not be left to them.
Our treatment of sex is what causes problems. And at any rate, teen pregnancy is easily solved, unlike the products of violence.
Will this encourage game developers to continue using DirectX 9 for the time being, or possibly switch to OpenGL? Vista won't be common for the next few years, after all.
Mahmud Gibran's father, Gibran Mahmud, lives in Egypt; Mahmud Gibran lives in NYC. They talk every month or so. They're both terrorists, or allied with terrorists at least, but neither of them participates in illegal activities themselves.
Gibran Mahmud gets a note via dead drop. It contains a message for a terrorist cell in New York. He reads it off to his son Mahmud during their next conversation (in some obscured form). Mahmud writes down the details and drops off the note at a prearranged place. The terrorist cell sends someone to pick up the note.
This still has some risk, though--if Gibran Mahmud is found out, so is Mahmud Gibran, and the location of the dead drop is likely revealed.
Even simpler:
Terrorists communicate via prearranged pseudo-419 emails.
Or, terrorists use Flickr and steganographic software to communicate.
In summation, only stupid terrorists will be caught by their phone calls. Only stupid terrorists will be caught at all unless their plans require a great deal of risk.
What are these records good at doing? Finding dissidents among the citizens.
Your logs aren't being appended to at a rate of ten thousand per minute, are they? You don't have three hundred million logfiles to manage, do you? And if you did, you'd expect an actual match quite often--daily, probably.
Moreover, we have no idea what we're looking for. We could investigate absolutely everything, but that would take more manpower than we can spend on it. (Or rather, if we spent that much manpower, we'd experience a famine soon after.)
The principle is the same, but the amount of data is enormous, and we don't know what to look for, and it's likely that we won't be able to weed out the false positives without getting absolutely no useful data.
I agree that we should investigate this, but we should know whether it will work and with what accuracy before subjecting millions of citizens' data (and in clearly identifiable form) to NSA analysis. Only then should we vote on whether to give up our privacy in this regard, and we should not lose our privacy without explicitly voting to do so.
It's common sense. You don't deploy an untested system that could seriously alter people's lives.
Moreover, if I were a terrorist, I'd use some more anonymous method than telephone calls. Ssh'ing into some remote computer where a series of encrypted text files contain the information needed would be simple, effective, and (using proxies or TOR) anonymous.
Because in order for your vote to count, it has to agree with a large number of other votes. If we got a libertarian for President--say, Michael Badnarik--then the NSA would have to hide its spying from the President, as well. But for any national candidate to succeed, they need media coverage. For some reason, Ralph Nader, who was only on the ballot in 36 states, got far more coverage than Badnarik, who was on the ballot in (I believe) 49 states. Why? Because Nader couldn't have won, so the media could safely involve him.
So, your choices for every election are between media coalitions. Which generally means that each of the major US parties supports slightly differing sections of the economy--service sector for the Democrats, production for the Republicans. That's the major difference.
Now, armed resistance is ridiculous when the government has billions of dollars of military equipment. And other technological countermeasures will likely prove ineffective in a short period of time.
Really, having a package repository is the best currently available solution for mitigating the risk of trojans. That and giving options of the sort "Do you want this program to alter your existing files? Do you want to grant this program network access?" would make it difficult for trojans to do any damage. (On the other hand, we can consider anything in the package repository to be trusted, or at least to have reasonable access defaults.)
Of course, that would require a restructuring of UNIX privileges into a four-tier system. Or, to maintain backwards compatibility, we could make many new groups and assign each program to a group.
Third-party checking of software that's not available in the package repository is a logistic nightmare. The reason that those packages aren't in the repository are stability issues, userbase issues, and manpower issues. New projects are created very often, and existing projects change often; you'd have to examine each version of each application, regardless of whether you think anyone will need to use it or you think it's worth using for enough of your userbase to assign someone to read the code and test the application on a virtual machine.
Now, if you could automate testing, it'd be viable, but still quite costly. Simply using the package repository should suffice most of the time. The main exceptions are specialty software (such as the MUD-like shell featured here a while back) and unstable packages (such as Enlightenment DR17).
And yet this is suspending TPB for possibly months. If TPB wants to run over the summer, they'll need new servers. This means that less money goes to the Pirate Party, which means it has far less influence during the next round of elections.
The Pirate Party is a new party, so it doesn't have sufficient clout to raid any other parties in retaliation. Thus, their opponents get away with it.
At a minimum, even if politics wasn't involved to that extent, the IFPI is glad to have TPB offline until they can get new servers, and to strongly encourage bittorrent trackers to leave Sweden.
In the one case, the old man in the corner has spoken to the actual vendors and has agreed to direct people to them. This is clearly conspiracy to commit a crime; he's an accessory.
In another case, the old man happens to know where to get illegal drugs (an exact address), but hasn't actually made any agreements. This is ambiguous.
In the last case, the old man knows where to get drugs in general, but not a specific address. This is not illegal, I believe. You'd expect people to know what's happening in their neighborhood.
Now. Copyright infringement is a civil matter, a commercial matter, not a federal matter. If I actually copy your movie and sell it on the streets, that's illegal, and you can sue me. If I know which streets tend to contain people who are selling pirated videos and tell people, then what have I done wrong? What if I know more precisely where to find the person in question?
That means we can use dynamic linking with self-contained programs--they can link against each other, but everything that's owned by a single application goes in its particular folder.
With the exception of configuration files, though. System configuration files should go in/etc, as is the standard practice. Personal configuration files should go in a subfolder to ~.
Slashdot Mirror
Okay. The alternative is that an intelligent Indian person comes to the US and studies cryptography, then goes back to India and starts teaching it.
What's the net benefit to the US? Maybe $100K. So how do we keep the money in the US? Force everyone with a graduate degree from a US university to stay in the country? Then you get a pair of intelligent Indian people; one gets a doctorate in applied cryptography and teaches everything he learns to the other.
Now we require that everyone who talks with anyone with a graduate degree from a US university has to stay in the country. Hell, why not just close the borders entirely? Nobody gets in, nobody gets out.
There's still the problem of correspondence. So why not close all borders permanently to all traffic? No goods enter or leave the country; no communications outside the country. And set up a 50-mile wide belt of land mines around all our borders so people can't use semaphore, and outlaw radio communications, and....
Hell, why not just outlaw learning. That'd show 'em.
Not so. In a home environment, yes; but if you're talking about a server in a corporation, you'd need to open it up and modify the contents. A business will likely be using LDAP or something similar, or at least you'll need to provide another password in order to modify anything beyond the workstation you're on. And that password is on a machine that you won't have physical access to.
Quit bothering me about my posture!
That aside, ideological posturing doesn't actually cut any cheese. MP3 is currently a standard; not supporting it does mean that your system is broken (provided that multimedia playback is a feature). If you want to improve the situation with patented codecs, distribute music in OGG format and help to develop better, free codecs. Send letters to Microsoft and mp3 player manufacturers encouraging them to support OGG. Don't just lock marginal portions of the population out of the bulk of available music.
Perhaps SanDisk would have gotten better karma if it started a site that happened to give preference to its products for review (that is, SanDisk products are reviewed first; all SanDisk mp3 players get reviews) and actually seemed fair about its ratings and honest with its reviews?
It would have impressed us if we decided to trust it.
"Sheep are stupid and have to be driven. Goats are smart and have to be led."
Terry Pratchett, Small Gods
"How do we know this system is not tested?"
True; my mistake. A similar system has been extensively tested: ECHELON. It isn't exactly the same, though; the AT&T issue was the first we heard of this type of record being obtained en masse by the NSA.
"...some people just cant keep politics out of the technological discussion..."
If you had mentioned that you wanted to keep it a discussion of the effectiveness of such datamining, then that would be a valid comment.
On the other hand, if monitoring phone calls were that effective, ECHELON would have prevented terrorist attacks and probably been touted as having done so. After all, ECHELON has the content of the messages available, unlike this measure; and it's been active for ten or fifteen years. So we actually have the processing power, apparently, and possibly the heuristics in question, but there are no reported successes. Why is that?
Okay, what of trackers that have a similar policy where any copyright violating torrents are removed as soon as the copyright holder sends the site owner a request to take down the material?
No, it's an echo question indicating understanding but incredulity. Just like "You ate a what?" Or "You invaded Liechtenstein for its oil reserves?"
You could, I don't know, have the virus delete the portion of itself that contains the password.
You'd want a life cycle divided into propagation and attack, naturally: in propagation, it looks for new computers to infect and possibly checks for updates via IRC. During attack, it encrypts the files and deletes the key.
Of course, in this case we could use a randomly generated key and send it to the virus writer.
The difference between Google and a torrent tracker is the tracker is usually run by students who can afford at most one or two lawyers, whereas Google can afford half the lawyers in the US at need.
The difference is that Google makes billions of dollars and employs thousands of people, which generates tax revenue, whereas torrent trackers do not generate government revenue.
And that's the maximum this story deserves.
It's a graphics library, not a core component of the OS. Traditionally, DX was available for free.
Is DX10 not backwards-compatible? I thought all DirectX versions were backwards-compatible so far. So, to reach a wider audience, they could go for DX9 instead.
Yes. How well do you expect it to sell, unless it comes with a copy of Vista? Is Halo 2 worth $300?
You know what would reduce the instance of teen pregnancy? Accepting (teen) sex as natural and unavoidable, and educating teens on the use of contraceptives. If we try to hide sex from teens, they'll be exceptionally eager to have it.
And if we want people to use condoms, we should teach girls how to put them on for guys. Guys don't have a stake in the matter; they don't get pregnant. Therefore the decision should not be left to them.
Our treatment of sex is what causes problems. And at any rate, teen pregnancy is easily solved, unlike the products of violence.
Will this encourage game developers to continue using DirectX 9 for the time being, or possibly switch to OpenGL? Vista won't be common for the next few years, after all.
Easiest way:
Mahmud Gibran's father, Gibran Mahmud, lives in Egypt; Mahmud Gibran lives in NYC. They talk every month or so. They're both terrorists, or allied with terrorists at least, but neither of them participates in illegal activities themselves.
Gibran Mahmud gets a note via dead drop. It contains a message for a terrorist cell in New York. He reads it off to his son Mahmud during their next conversation (in some obscured form). Mahmud writes down the details and drops off the note at a prearranged place. The terrorist cell sends someone to pick up the note.
This still has some risk, though--if Gibran Mahmud is found out, so is Mahmud Gibran, and the location of the dead drop is likely revealed.
Even simpler:
Terrorists communicate via prearranged pseudo-419 emails.
Or, terrorists use Flickr and steganographic software to communicate.
In summation, only stupid terrorists will be caught by their phone calls. Only stupid terrorists will be caught at all unless their plans require a great deal of risk.
What are these records good at doing? Finding dissidents among the citizens.
Your logs aren't being appended to at a rate of ten thousand per minute, are they? You don't have three hundred million logfiles to manage, do you? And if you did, you'd expect an actual match quite often--daily, probably.
Moreover, we have no idea what we're looking for. We could investigate absolutely everything, but that would take more manpower than we can spend on it. (Or rather, if we spent that much manpower, we'd experience a famine soon after.)
The principle is the same, but the amount of data is enormous, and we don't know what to look for, and it's likely that we won't be able to weed out the false positives without getting absolutely no useful data.
I agree that we should investigate this, but we should know whether it will work and with what accuracy before subjecting millions of citizens' data (and in clearly identifiable form) to NSA analysis. Only then should we vote on whether to give up our privacy in this regard, and we should not lose our privacy without explicitly voting to do so.
It's common sense. You don't deploy an untested system that could seriously alter people's lives.
Moreover, if I were a terrorist, I'd use some more anonymous method than telephone calls. Ssh'ing into some remote computer where a series of encrypted text files contain the information needed would be simple, effective, and (using proxies or TOR) anonymous.
Because in order for your vote to count, it has to agree with a large number of other votes. If we got a libertarian for President--say, Michael Badnarik--then the NSA would have to hide its spying from the President, as well. But for any national candidate to succeed, they need media coverage. For some reason, Ralph Nader, who was only on the ballot in 36 states, got far more coverage than Badnarik, who was on the ballot in (I believe) 49 states. Why? Because Nader couldn't have won, so the media could safely involve him.
So, your choices for every election are between media coalitions. Which generally means that each of the major US parties supports slightly differing sections of the economy--service sector for the Democrats, production for the Republicans. That's the major difference.
Now, armed resistance is ridiculous when the government has billions of dollars of military equipment. And other technological countermeasures will likely prove ineffective in a short period of time.
I was being facetious.
Really, having a package repository is the best currently available solution for mitigating the risk of trojans. That and giving options of the sort "Do you want this program to alter your existing files? Do you want to grant this program network access?" would make it difficult for trojans to do any damage. (On the other hand, we can consider anything in the package repository to be trusted, or at least to have reasonable access defaults.)
Of course, that would require a restructuring of UNIX privileges into a four-tier system. Or, to maintain backwards compatibility, we could make many new groups and assign each program to a group.
Third-party checking of software that's not available in the package repository is a logistic nightmare. The reason that those packages aren't in the repository are stability issues, userbase issues, and manpower issues. New projects are created very often, and existing projects change often; you'd have to examine each version of each application, regardless of whether you think anyone will need to use it or you think it's worth using for enough of your userbase to assign someone to read the code and test the application on a virtual machine.
Now, if you could automate testing, it'd be viable, but still quite costly. Simply using the package repository should suffice most of the time. The main exceptions are specialty software (such as the MUD-like shell featured here a while back) and unstable packages (such as Enlightenment DR17).
And yet this is suspending TPB for possibly months. If TPB wants to run over the summer, they'll need new servers. This means that less money goes to the Pirate Party, which means it has far less influence during the next round of elections.
The Pirate Party is a new party, so it doesn't have sufficient clout to raid any other parties in retaliation. Thus, their opponents get away with it.
At a minimum, even if politics wasn't involved to that extent, the IFPI is glad to have TPB offline until they can get new servers, and to strongly encourage bittorrent trackers to leave Sweden.
It depends.
In the one case, the old man in the corner has spoken to the actual vendors and has agreed to direct people to them. This is clearly conspiracy to commit a crime; he's an accessory.
In another case, the old man happens to know where to get illegal drugs (an exact address), but hasn't actually made any agreements. This is ambiguous.
In the last case, the old man knows where to get drugs in general, but not a specific address. This is not illegal, I believe. You'd expect people to know what's happening in their neighborhood.
Now. Copyright infringement is a civil matter, a commercial matter, not a federal matter. If I actually copy your movie and sell it on the streets, that's illegal, and you can sue me. If I know which streets tend to contain people who are selling pirated videos and tell people, then what have I done wrong? What if I know more precisely where to find the person in question?
"I want to be able to grab a program from anywhere, the web, an e-mail, IM from a friend, or by looking in my package manager."
That's what I look for, too, when choosing target platforms for deploying trojans on.
That means we can use dynamic linking with self-contained programs--they can link against each other, but everything that's owned by a single application goes in its particular folder.
/etc, as is the standard practice. Personal configuration files should go in a subfolder to ~.
With the exception of configuration files, though. System configuration files should go in