> will your university continue to allow you to use SSH?
Don't be ridiculous. Banning SSH would basically be banning secure remote logins, which would be so outrageous that nobody would accept it. Besides, universities frequently give students SSH access to various machines for use with classes. Are they going to switch to telnet?!
And it won't look the least bit suspicious when the host is connected to several other hosts, transferring encrypted data at full-speed 24 hours a day.
Well, people may or may not have a right to distribute copyrighted material on the internet. The law says they don't, but the law isn't always right. Many people believe that they do have a right to freely communicate with others, and that this would fall under that same category (transmitting/receiving information or data).
In fact, isn't the YRO category frequently about seemingly unjust laws (or unjust enforcement of laws)?
So, how about when somebody comes along with some chewed bubble gum and sticks it in the coin slots of the old parking meters? People are jerks.
Maybe they could put the solar panels on poles?
I have a very limited sub-basic-cable package which provides only about 15 to 20 channels (mostly local). Most of what is shown on those few channels is crap, so I can't imagine wanting to receive more crap channels.
Since I primarily watch reruns of older shows, I would be quite happy to pay a little more per channel than the subscribers of ordinary 200+channel cable do, for a customized "rerun channel package" with channels like Nick@Nite, TV-Land, etc. Things like CNN, C-SPAN, and the Weather Channel would be nice too.
It's just a waste to pay for channels that you know you won't watch, and add to that the fact that you are _still_ being bombarded with advertising at the same time.
Right, you can get fixed-disk storage for less than $1/GB, so this should only be necessary for huge off-site backups where you can't use a backup server, right?
Instead of having to patch all these things right away, or having to have the information hidden from the public until the convenient "mass-patch date", why not allow the same people who release patches to release security advisories with verbose and advanced severity ratings which could be used to temporarily bring the vulnerable component down until a patch could be applied? This would obviously not be acceptable for high-traffic servers, but if things were designed with greater modularity, less-used components could be automatically disabled by these up-to-the-hour advisories, without having a fix pushed onto the system. The admins would be notified by email of the problem and would be able to patch the system and re-enable the disabled/vulnerable as soon as they got the message.
> If all patches were released like movies and music, on Tuesdays only...
That's great, but it doesn't change the fact that the issue is still there (as it had already been until discovered), and the numebr one priority for many people is minimizing the window of time that their XYZ is vulnerable to ZYX. I'm sure there are many people who would say "Screw convenience. If there's a problem, I want to know of it and fix it ASAP".
This seems to fall under the category of "temporary security through obscurity" or "security through convenience".
It depends on how it was "stolen". If they had to physically invade my space to acquire it, then they have already crossed the line. If I published it and they copied it, I've not lost anything. It may be illegal, and I may not like it, but I don't think it's the same as actually taking something away. It's also true that the people who distribute music aren't claiming that they created it, which disassociates it from the plagarism you mentioned.
> What about open source? Should they not be held responsible to the same standard as commercial?
If free software developers start having to legally take responsibility for bugs and security flaws in their software, I'll bet a lot of them will just quit doing it. Don't they have a right to put out their software under a license which basically says: "Do what you want with it, but don't hold me responsible for any problems with it".
It's clear that open-source software does tend to get fixed quickly when a problem is discovered, but making it a law would put a lot more risk and pressure in what is otherwise a largely recreational task.
> If your IT department doesn't know how to kep a network secure....
How can they keep a network secure if their own users are working against them by installing crap on their PCs like Kazaa or whatever else they think looks fun? They can't really protect a network if the people inside the network are the problem.
> Surely employees don't have to surf the web at work?
Well, they might as well, but perhaps only through a proxy. That way, the PCs would not need to be exposed directly to the internet, but they would still have limited access to http/other resources. The rest could be done over a company network.
With IPv4 addresses becoming more scarce, it's probably worthwhile to avoid giving each employee their own address anyway, since the proxy would be able to provide sufficient identification of employees to web servers (I'm sure there's some HTTP header like Proxy-Username).
Many people would not like the idea of only being able to use a single binary-only client. If they built "google IM" on an existing protocol such as IRC or Jabber, then people would be much more likely to use it. Releasing protocol specifications in the case of a new protocol would also be a good reason for many people to start liking it.
>...manage to get your friends off MSN...
That's what IRC is good for! Give them a nice client like X-Chat, irssi, or maybe even gaim, and there'll be no reason to use MSN/AIM/Yahoo IM.
Re:They're only screwing themselves over...
on
RIAA's Nasty Easter Egg
·
· Score: 2, Insightful
> We con physically steal the music from stores.
Regardless of your opinion on the issue of copyright infringement or increased prices, stealing a piece of property is "wrong" (isn't it?).
When you or someone else voluntarily copies their music and gives it to others, they are not losing anything. If you steal a CD, somebody has lost their physical property, however worthless it may be (20 cent piece of plastic).
It's important to make this distinction, since too many people are trying to link the two together.
If the tracks that people actually want are to only be sold alongside the other undesired ones, how is purchasing music online then any better than buying those little pieces of plastic that cost $15? I assume the primary reason peple like to buy songs online is because they get to choose individula tracks. If they are forced to buy an albumsworth, then they'll probably just decide to download illegal copies instead.
I emphasize: if the thing behind the [nonexistent] fence is very safe, no "fence" should be necessary. I define the fence as the thing that prevents people from having a chance to interact with the fenced item. In the real world, someone can use their strength to break through a fence or break through a wall within the fence. In the electronic world, there needs to be an actual mistake or problem before a similar thing can happen.
...not being able to(YET?) categorically determine that joe is joe.
That's done with signatures/public-key cryptography and symmetric cryptography. If that's not sufficient to determine that Joe is Joe, then Joe might need to be a bit more careful Someone installed a keystroke-logger and stole his secret key? Someone is holding a gun to Joe's head? Those are the dangers of the physical world.
How about having DSL/Cable companies give an incentive to customers whose computers do not become infected during the blitz of mass email worms and trojans.
Or how about making the ones who _do_ get infected pay an extra fee? After all, it's more fun to punish the people who cause damage than to reward those who don't.
It would benefit them in that it lowers their costs and increases their reliability if hundreds to thousands of their customers aren't sending DOS, etc.
Well, if it's against their ToS, they might as well just temporarily cut off the service of those infected customers, or at least send them a letter.
Of course, there are issuses such as privacy implications
Maybe monitoring all traffic isn't the solution (uh, to this.. I guess it's already the solution to everything else), but if they receive complaints per-IP-address, then they could keep an eye out for highly suspicious traffic coming from those addresses. I'm sure they already do to a degree.
Openness and security can co-exist ONLY when everyone is trustworthy.
I'm not entirely certain what you mean by that, but I don't think any "open" security details short of handing out keys and passwords should automatically destroy the security. It might make it a lot harder to keep everything going safely, but there are plenty of benefits too. I don't think security requires a "fence" if the thing behind the fence is safe. In the physical world, an invasion involves someone physically entering an area. In the electronic world, someone has to find some way to get the thing behind the fence to do something it wasn't intended to do.
1) If the thing behind the fence is extremely well-designed, it won't allow something like this.
2) If security is "closed", it's only secure because nobody understands it or because nobody has a chance to touch it.
That sounds a lot like locking yourself in a secret underground bomb shelter and calling yourself "secure".
I know it is probably more effective to stop spam at the mail servers, but what if users don't want this? What if the spam filters make a 1 in 8192 mistake on an important email? There are already mail-server-side email filters, but this seems like it'd only take that further. I guess simply adding in an "X-Spam" header to be read by the client is okay, since servers add their own "Received" headers anayway... I wonder how this applies to forwarded messages or messages with many recipipents. Are different well-known mail servers around the world to share eachothers' email to compare messages? In any case, if I want spam prevention, I'd prefer to set up my own set of filter rules or borrow a pre-made set from an ISP who provides such a service.
Slashdot Mirror
> will your university continue to allow you to use SSH?
Don't be ridiculous. Banning SSH would basically be banning secure remote logins, which would be so outrageous that nobody would accept it. Besides, universities frequently give students SSH access to various machines for use with classes. Are they going to switch to telnet?!
> ... disguised as web traffic
And it won't look the least bit suspicious when the host is connected to several other hosts, transferring encrypted data at full-speed 24 hours a day.
Well, people may or may not have a right to distribute copyrighted material on the internet. The law says they don't, but the law isn't always right. Many people believe that they do have a right to freely communicate with others, and that this would fall under that same category (transmitting/receiving information or data).
In fact, isn't the YRO category frequently about seemingly unjust laws (or unjust enforcement of laws)?
So, how about when somebody comes along with some chewed bubble gum and sticks it in the coin slots of the old parking meters? People are jerks.
Maybe they could put the solar panels on poles?
... that would be as simple as providing two X terminals and a display manager.
I have a very limited sub-basic-cable package which provides only about 15 to 20 channels (mostly local). Most of what is shown on those few channels is crap, so I can't imagine wanting to receive more crap channels.
Since I primarily watch reruns of older shows, I would be quite happy to pay a little more per channel than the subscribers of ordinary 200+channel cable do, for a customized "rerun channel package" with channels like Nick@Nite, TV-Land, etc. Things like CNN, C-SPAN, and the Weather Channel would be nice too.
It's just a waste to pay for channels that you know you won't watch, and add to that the fact that you are _still_ being bombarded with advertising at the same time.
Right, you can get fixed-disk storage for less than $1/GB, so this should only be necessary for huge off-site backups where you can't use a backup server, right?
Instead of having to patch all these things right away, or having to have the information hidden from the public until the convenient "mass-patch date", why not allow the same people who release patches to release security advisories with verbose and advanced severity ratings which could be used to temporarily bring the vulnerable component down until a patch could be applied? This would obviously not be acceptable for high-traffic servers, but if things were designed with greater modularity, less-used components could be automatically disabled by these up-to-the-hour advisories, without having a fix pushed onto the system. The admins would be notified by email of the problem and would be able to patch the system and re-enable the disabled/vulnerable as soon as they got the message.
> If all patches were released like movies and music, on Tuesdays only...
That's great, but it doesn't change the fact that the issue is still there (as it had already been until discovered), and the numebr one priority for many people is minimizing the window of time that their XYZ is vulnerable to ZYX. I'm sure there are many people who would say "Screw convenience. If there's a problem, I want to know of it and fix it ASAP".
This seems to fall under the category of "temporary security through obscurity" or "security through convenience".
It depends on how it was "stolen". If they had to physically invade my space to acquire it, then they have already crossed the line. If I published it and they copied it, I've not lost anything. It may be illegal, and I may not like it, but I don't think it's the same as actually taking something away. It's also true that the people who distribute music aren't claiming that they created it, which disassociates it from the plagarism you mentioned.
> What about open source? Should they not be held responsible to the same standard as commercial?
If free software developers start having to legally take responsibility for bugs and security flaws in their software, I'll bet a lot of them will just quit doing it. Don't they have a right to put out their software under a license which basically says: "Do what you want with it, but don't hold me responsible for any problems with it".
It's clear that open-source software does tend to get fixed quickly when a problem is discovered, but making it a law would put a lot more risk and pressure in what is otherwise a largely recreational task.
> If your IT department doesn't know how to kep a network secure....
How can they keep a network secure if their own users are working against them by installing crap on their PCs like Kazaa or whatever else they think looks fun? They can't really protect a network if the people inside the network are the problem.
> Surely employees don't have to surf the web at work?
Well, they might as well, but perhaps only through a proxy. That way, the PCs would not need to be exposed directly to the internet, but they would still have limited access to http/other resources. The rest could be done over a company network.
With IPv4 addresses becoming more scarce, it's probably worthwhile to avoid giving each employee their own address anyway, since the proxy would be able to provide sufficient identification of employees to web servers (I'm sure there's some HTTP header like Proxy-Username).
> ...or at least make a Linux client
...manage to get your friends off MSN...
Many people would not like the idea of only being able to use a single binary-only client. If they built "google IM" on an existing protocol such as IRC or Jabber, then people would be much more likely to use it. Releasing protocol specifications in the case of a new protocol would also be a good reason for many people to start liking it.
>
That's what IRC is good for! Give them a nice client like X-Chat, irssi, or maybe even gaim, and there'll be no reason to use MSN/AIM/Yahoo IM.
> We con physically steal the music from stores.
Regardless of your opinion on the issue of copyright infringement or increased prices, stealing a piece of property is "wrong" (isn't it?).
When you or someone else voluntarily copies their music and gives it to others, they are not losing anything. If you steal a CD, somebody has lost their physical property, however worthless it may be (20 cent piece of plastic).
It's important to make this distinction, since too many people are trying to link the two together.
If the tracks that people actually want are to only be sold alongside the other undesired ones, how is purchasing music online then any better than buying those little pieces of plastic that cost $15?
I assume the primary reason peple like to buy songs online is because they get to choose individula tracks. If they are forced to buy an albumsworth, then they'll probably just decide to download illegal copies instead.
...you can always go over or through the fence
...not being able to(YET?) categorically determine that joe is joe.
I emphasize: if the thing behind the [nonexistent] fence is very safe, no "fence" should be necessary. I define the fence as the thing that prevents people from having a chance to interact with the fenced item. In the real world, someone can use their strength to break through a fence or break through a wall within the fence. In the electronic world, there needs to be an actual mistake or problem before a similar thing can happen.
That's done with signatures/public-key cryptography and symmetric cryptography. If that's not sufficient to determine that Joe is Joe, then Joe might need to be a bit more careful Someone installed a keystroke-logger and stole his secret key? Someone is holding a gun to Joe's head? Those are the dangers of the physical world.
How about having DSL/Cable companies give an incentive to customers whose computers do not become infected during the blitz of mass email worms and trojans.
Or how about making the ones who _do_ get infected pay an extra fee? After all, it's more fun to punish the people who cause damage than to reward those who don't.
It would benefit them in that it lowers their costs and increases their reliability if hundreds to thousands of their customers aren't sending DOS, etc.
Well, if it's against their ToS, they might as well just temporarily cut off the service of those infected customers, or at least send them a letter.
Of course, there are issuses such as privacy implications
Maybe monitoring all traffic isn't the solution (uh, to this.. I guess it's already the solution to everything else), but if they receive complaints per-IP-address, then they could keep an eye out for highly suspicious traffic coming from those addresses. I'm sure they already do to a degree.
Openness and security can co-exist ONLY when everyone is trustworthy.
I'm not entirely certain what you mean by that, but I don't think any "open" security details short of handing out keys and passwords should automatically destroy the security. It might make it a lot harder to keep everything going safely, but there are plenty of benefits too. I don't think security requires a "fence" if the thing behind the fence is safe. In the physical world, an invasion involves someone physically entering an area. In the electronic world, someone has to find some way to get the thing behind the fence to do something it wasn't intended to do.
1) If the thing behind the fence is extremely well-designed, it won't allow something like this.
2) If security is "closed", it's only secure because nobody understands it or because nobody has a chance to touch it.
That sounds a lot like locking yourself in a secret underground bomb shelter and calling yourself "secure".
I know it is probably more effective to stop spam at the mail servers, but what if users don't want this? What if the spam filters make a 1 in 8192 mistake on an important email? There are already mail-server-side email filters, but this seems like it'd only take that further. I guess simply adding in an "X-Spam" header to be read by the client is okay, since servers add their own "Received" headers anayway... I wonder how this applies to forwarded messages or messages with many recipipents.
Are different well-known mail servers around the world to share eachothers' email to compare messages?
In any case, if I want spam prevention, I'd prefer to set up my own set of filter rules or borrow a pre-made set from an ISP who provides such a service.