I'm glad somdbody said that - otherwise I was going to have to:-) Of course, with basically passive devices, it doesn't actually make sense, since you'd really have one computer system driving all of your implants as output devices.
I thought this suit was pretty tacky - when the forged email and postings were brought to Prodigy's attention, they did a good job of responding quickly and deleting them. It was clearly not their negligence, and especially after cases like Cubby vs. Compuserve, which also found the ISP not liable, this was a good solid decision by the judge.
While the US courts did the right thing in this case (yay!), one implication of the Internet going everywhere on the planet is that almost anything you post can upset someone, somewhere, in a jurisdiction you'd rather not travel to for a trial. One famous case involved an Australian saying bad things about a Brit, who sued for defamation in a British court and won against the respondent, who mailed in a response but didn't show in person for a defense. British libel laws seem biased toward the plaintiff, at least compared to US laws, and many jurisdictions without strong traditions of press freedom will also rule against ISPs (at least unless the ISP has a deal with the local telco monopoly.)
Some countries care about defaming their citizens, at least prominent citizens. Some governments ban defaming the government or government officials ("The King is a fink!"). Some governments ban propagating unapproved religions (non-Islam in many Islamic countries, Scientology in Germany, Fulan Gong in China, Jehovah's Witnesses almost everywhere, lots of things in Singapore.) Some governments ban pictures of women without veils on their faces - your web site could cause you big trouble in Afghanistan, next time you're there. Some governments don't like capitalist activities unless you pay them a
Fortunately, most governments don't care about libel against non-citizens, and most governments don't enforce court judgements against their citizens by other governments for things that aren't illegal at home. But states in the US are pretty cooperative with each other - a New York court may very well hear a defamation suit against a Californian who doesn't want to take the time and money to show up.
On the other hand, you can avoid much of this problem by using internet privacy technologies, like freedom.net, which make it more trouble to track you down and sue you than to respond appropriately, e.g. by flaming back at you on the Internet, or setting up a web page explaining why you're an lying loser and scribbling your pages using Third Voice, or by ignoring you if that's a better approach.
Oh, by the way, all those stupid things allegedly posted by billstewart, that wasn't me, that was somebody else:-)
Eventually it'll be available for non-expensive cars as well, unless the market informs us that nobody really likes it. It'll probably follow the usual cost curve - soak the early adopters for the development costs and find out what features matter, second-wave pricing is much lower due to mass production, then Moore's Law gradually cuts the price further (though maybe not as fast as the computer power price curve, depending on how much of the real job is computer-related as opposed to sensors.)
The real problem I see with HUDs is how to align the display with the rest of the windshield - the easy way is to just carve out a small section of the bottom of the window for the hud display, but if you're trying to project it on the whole window, you've got to figure out where the driver's head and eyes are so you can align the picture with the real world outside the windshield, a computer-intensive job that's probably too inaccurate to be worth doing, but which would be cool if you could get it right.
Of course, your car also needs a "Use The Force, Luke!" interface to turn the stuff off quickly:-)
Sure, if you're reading news with Netscape. The GIF doesn't need to be hidden, either; visible ones work just as well, you just notice them. Since a large fraction of the spam on Usenet is porn anyway, having visible pictures doesn't surprise people.
A well-designed MAC system doesn't interfere with normal work, as long as your normal work doesn't involve kernel hacking or developing trusted applications, or developing networking applications beyond a limited scope. But basic user-level stuff can be very normal.
MAC systems actually made doing system security much easier. You put the operating system files at Security Level 0, and make all the users live at Level 1 or higher (e.g. UNCLASSIFIED), and the no-write-down MAC enforcement means that users can't mess with any critical files, and can't mess with kernel-written logfiles. Other log files can go at System High (if you're not running with stricter No-Write-Up rules) so user-level processes can write to them, but can't read them, or just use a separate security compartment to put them in.
AT&T System V/MLS accomplished most of this by munging the Group ID mechanisms to carry MAC information, both for security levels (UNCLASS, SECRET, etc) and for security compartments (PROJECT X, NUKES, CIA, COMSEC, etc.) This was back in the 80s, and it was the first Unix system to be B1-rated.
What about Superuser? Some B1 systems kept it, and just did a lot of work to limit bugs and damage, while some split it up into multiple less-super users. AT&T System V/MLS kept it. The B2 Least Privilege requirements make it much more difficult to avoid ripping root apart; I don't know what current B2 systems do. Covert Channels are the nasty part of B2 ratings - it was hard enough to hide subtle timing channels and things like that back when machines were much slower - now there's enough horsepower to play even more games, and I'm not convinced a general-purpose machine can do a good job of blocking them.
Secure Attention Key wasn't originally a C2 requirement; it was either B2 or B3, but it's easy enough to implement and solves enough other problems that everybody does it.
Secure Networking was still hairy research back when I was working with this stuff. The problem is that a network really just sends bits back and forth, and you have to be able to use those bits in a way that you can prove who's on the other end of the wire, what they're authorized to do, and that nobody else is doing something unauthorized with the bits you're sending. It's an obvious job for crypto, but that wasn't very usable back then except for DES chips and NSA secret custom stuff. The main technologies people were developing at the time were IPsec-like encrypted ethernets, usually with DES hardware on the ethernet cards, where the crypto primarily provided authentication. Putting crypto on the cards means the security features don't depend on the operating system - this means you can run a multi-level network with single-level dumb MSDOS machines, and worry about how to integrate multi-level OS's separately. (The crude way to integrate a multi-level OS into this system is to use multiple Ethernet boards, one per security level, and use OS protections to limit which boards get to be which security level.) But it's still a hard problem - TCP/IP living in the kernel is much harder to secure than UUCP living in user space.
Encrypted File Systems don't matter for certification - the evaluated configurations assume you have physical control over the machine. If the operating system makes sure only authorized people can have access to files, that's enough (though the definitions of "authorized" and "access" are more stringent in B1 than C2.)
In reality, losing physical access to your machine is a realistic problem, especially for laptops, so encrypted file systems are a good thing, if you've got enough horsepower to run things using them. Back in the early 80s, that wasn't realistic; today it is. Part of the problem is that the choice of algorithms back then was DES (way too slow for software on 1-MIPS machines), or NSA-developed secret algorithms (again, generally done in hardware), or algorithms not developed at the NSA (politically unlikely to get approved, and until the 90s generally either too weak or too slow or both.) But using hardware crypto means you're not using a general-purpose machine, so that's unlikely to be useful. For non-multilevel-secure OS's, I suppose you could put hardware on a disk controller, but most applications that could justify that kind of expense would need to run multi-level security, so why bother.
Unix Groups are basically ACLs - as long as you've got a quasi-friendly group creation interface, they're even useful ACLs.
I'll comment more on MAC/B1/B2 issues in a reply to the parent article, but AT&T System V/MLS, the first B1-rated Unix system, felt very much like regular Unix. There were occasional useful things you couldn't do, and hacking the kernel or anything that required setUID was right out (:-), but it was also easier to secure things when you wanted to.
The big issue in those days was what to do about networking - you couldn't just hang TCP/IP off the kernel, but on the other hand it wasSystem V, not BSD, and while we had TCP/IP it hadn't yet taken over the world - you could still do useful networking with uucp, though you had to set it up in a somewhat limited fashion.
As Anonymous Coward suggests, the Posix services let government buyers check off Posix compliance when deciding to buy a product. To some extent, that's the same reason C2 security is important. On the other hand, it's probably easier to get the auditors to give you a waiver on Posix than on C2.
I used to work for Bell Labs, in the building that's now Lucent. Just after the Great Renaming, I visited my old boss there. His comment on the Lucent name was
They must have paid somebody a lot of money to think up that one:-)
and of course, Dogbert The Consultant used a coffee-cup stain as "The Brown Ring Of Quality" logo for Dilbert's company.
A college housemate of mine, who liked classical music, decided that he already had a good enough stereo system to hear the flaws in the music - his solution was to buy records made by better orchestras with better conductors.
You can buy Neil Stephenson's Cryptonomicon at B&N at B&N URL http://shop.barnesandnoble.com/booksearch/results. asp?title=cryptonomicon&match=exact&opti ons=and&userid=2UTEZHA05P&srefer= You can buy it at Amazon for the same price at Amazon URL http://www.amazon.com/exec/obidos/ISBN=0380973464/ slashdotorg0f/ and if you look at that URL you can see that it's tied to slashdot, presumably some kind of affinity program. Similarly, the URLs for The Perl Cookbook had the same thing, and presumably most of the other book reviews on/. have them. Is this what we want to do, or can/. add some non-Amazon pointers as well?
There's no governmental territory outside Earth, at least according to several large Earth governments. Big deal. Colonize space anyway, and if the government wants to follow you to Mars, let them. Near-earth space is a bit tougher than Mars, because governments can more easily shoot you down, but if colonizing space makes economic sense, they'll be happy to let you go and just tax you.
Re:Uses for large ROM devices, social implications
on
A 140GB CD-ROM?
·
· Score: 1
Somebody mentioned it at a local Cypherpunks meeting, where Duncan Campbell was doing a presentation on the Echelon eavesdropping system. I don't remember who it was, or whether the agency was known (e.g. Livermore Labs, though perhaps acting as a front) or unknown.
Uses for large ROM devices, social implications
on
A 140GB CD-ROM?
·
· Score: 5
According to the story, the technology can support ~10GB WORM drives, or ~140GB ROM technology.
Cost of writeable media and drives isn't listed; 10GB conventional magnetic disks currently cost ~$100, so this may not be particularly superior for backups, but it's still in the interesting range. They say the media cost should be similar to current CD/DVD, which may be realistic for mass-produced storage. They also don't say what kind of resources you need to produce the high-density ROM versions - is it only useful for large production runs, or can it make sense for one-offs?
The US government is said to have recently ordered a 100,000 disk RAID system, capable of holding a petabyte of data, presumably for activities like archiving Usenet, the web, stock market transactions, etc. This technology means that archiving large quantities of data becomes much more convenient for regular people, and for corporations that - remember when a Terabyte of data was huge? (and before that, a GB?) What can you do if you can archive all of your company's transactions, designs, etc., and reproduce them cheaply? How do you design policies on information retention when it's cheap and hard to make sure things got thrown away?
This could be interesting for security - having large WORM drives that are fast enough to run an operating system off, with write-once capability for log files, lets you run much more secure web servers, because it's hard to trash WORMs. How does this affect operating system design? A friend of mine did some work a few years back called "Stiff Unix", trying to find out what parts of the file system space Unix needs to have writeable, and what parts can be ROM. I think this was on *BSD; it'd be interesting to see how Linux can react to this environment.
Interfaces that fit with the available peripherals and peripherals that match the operating environment are important.
For a wearable computer, voice input and output can be quite valuable, though people will look at you funny for mumbling like a gargoyle. (Single-speaker voice recognition has been getting much better, very large vocabularies are available, and easily-portable disk drives for storing the necessary data are getting practical.)
The Data Glove that VR people were using for a while may be a good input technology, if the prices can be low enough - it's possible to do gestures and chords without needing to haul a keyboard around. Some combination of gestures and menus together probably makes the most sense for a non-vocal interface.
Communication is critical for wearables, just as it is for desktops. Some low-speed wide-area communication would be necessary for many uses, e.g. a few kbps for email, voice, and access to the user's other databases. For some uses, higher-speed mobile comms are needed, but in general, it's convenient to have ~1-10Mbps of radio or infrared for transfer to the main network when you're stationary (as opposed to jacking in to a LAN), and it's also valuable to have short-range communication with other users, though low-speed connections are enough for many transactions (e.g. paying for purchases, or stores telling you what's on sale as you walk by, or computers and other hardware providing operator input.)
Physical location is another valuable input, whether it's GPS or something cell-phone based or the kinds of infrared handshakes that some of the Smart Badge projects have used inside buildings. The more precise the location, the more applications are possible, and the more concerns for security are necessary.
Sendmail is a mixed bag. It's big, ugly, and you can use its config files as a Turing machine if you're careful and as a Cuisinart if you're not. It's not really the right model for the mail handling jobs that need to be done in modern environments; it would make sense to learn the lessons we've learned from running sendmail and build a new system from the ground up - like qmail or postfix.
On the other hand, it's had ~15 years of exposure to the real world, and while Creeping Featurism doesn't usually fix fundamental problems, it does have a lot of features people want packed into its monolith, and Sendmail has had an immense of tuning to deal with a wide variety of mailing environments that the original authors couldn't have predicted in advance. I'd certainly pick it for scalability and stability over MSExchange (:-), and while I find it difficult to configure sendmail correctly for complicated applications, there are times it may still be the better choice over newer simpler mail systems.
One of the fundamental problems with sendmail needs operating system help. It's the need to use root permissions to listen on Port 25, and all the different security evils that come from running a huge program with setuid root. It doesn't need root permissions to deliver mail, even in traditional Unix time-sharing environments - System V and predecessors did just fine with setgid=mail providing write access to mailboxes with group mail. But because it's there, it tends to get abused, and the techniques for avoiding root permission aren't universal across operating systems (sigh - it's probably easier on NT:-)
Throwing developers at things doesn't always (often?) work. But a volunteer effort can really benefit from concentrated attention, and RedHat donating a few developers can provide some of that, and can also work on making sure _all_ the loose ends get worked on, which is difficult in a large volunteer project.
We're not talking Gibsonesque brain interfaces or direct thought output here - we're talking about the equivalent of doing Morse Code with some spare synapse or muscle controller.
Tracking electrical activity in the brain and triggering an action when a specific pattern happens isn't that hard - it doesn't require understanding how thought happens in the brain or translating that into words, it's just finding simple not-many-bit output spots and doing some biofeedback training so the user can figure out how to trigger them. If you pick good sensor spots, that's not fundamentally tougher than learning to wiggle your ears or raise only one eyebrow. The medical part of the job is developing electrodes that can interface safely without corrosion or similar problems.
Doing good input to the brain is a much tougher problem - either you piggyback on existing senses, or you need to know an immense amount of currently unknown stuff to get it right (though the brain is flexible enough to work around some of that.)
One of the US government's main jobs is keeping other governments from attacking the US. Keeping US-made weapons out of the hands of potentially hostile governments (while not actually possible with crypto) maybe legitimately part of that job.
Even if it's not a good excuse, it looks sufficiently like a good excuse that they can use it to cover the main purpose of export regulations, which is preventing widespread use of crypto by Americans, by interfering with development and distribution of mass-market user-friendly crypto in everyday software products.
I remember getting the "We Are Under Attack" posting when the worm started flooding the world. The worm itself was mostly script-kiddy work - the interesting question was whether RTM expected the exponential growth to happen (in which case it was an interesting experimental hack) or whether he should have realized it would do that but didn't.
One of the teams working to stop the worm put up a patch for the various bugs in the worm. They weren't going to post the real worm code, in case anybody else wanted to restart it or modify it, but a bug fix was still worthwhile and indicated that they understood the worm better than RTM himself did.
One problem with Usenet discussion groups is it's sometimes hard to tell humor from seriously-intended statements. I'll take your question as humorous:-)
You can find Usenet histories on the net, but it started in about 1981, between Duke and UNC. It was a few years before much of Netnews used the Internet to connect - most of it was UUCP, either on dialup connections or dedicated private lines, and some parts of it were various other protocols such as Berknet. NNTP was a few years later - you can look up the RFC to find out when.
Besides Usenet, there was also the Fidonet distributed BBS network, and various non-forwarding BBSs, and Amateur Packet Radio was growing, and there was the Plato system (ancestor of Notesfiles and Lotus Notes) which was basically a big graphics-capable BBS running on some unusual mainframe with cool plasma-display terminals, and eventually there was Habitat running on C64s.
I was quite surprised by the reactions of people around the net. The Kremvax post was a nicely written spoof, with creatively forged headers. It was posted on April Fool's Day, and mail and news header forgery were well-known simple techniques in those days, and and there wasn't anything blazingly deep about it. It was just a good classic April Fool's post.
But some people got all paranoid about how there were Commies On The Net After Our Precious Bodily Fluids, and more people got all bent out of shape because *Forgery* meant *you couldn't believe everything you read on Usenet!*. Oh, Nooooo!
Two of the lasting effects of the post involved machine names. The first Usenet site in Moscow, a few years later, *was* named kremvax. And kgbvax became the canonical example of where crackers might email files they stole from your machines.
It (probably) didn't make it outside AT&T, but it was on the tape installed by some organizations outside Bell Labs Computer Science Research. If I remember correctly, the login was "ken", and the password was "nih", as in "Not Invented Here".
The ACM Turing Award lecture that Ken gave on it was in 198x, article was printed in CACM, Vol. 27, No. 8, August 1984, pp. 761-763, titled "Reflections on Trusting Trust".
Cuba was a politically repressive kleptocracy before the Communists kicked the pro-American Mafiosi out of power. This doesn't mean that Castro was much better. A Cuban-born friend of mine remembers growing up under the political repression of Batista - people were afraid to say things in their own houses because they'd get hauled away and killed at night. After the revolution, it was better for a few months, but became repressive and unsafe soon after, and his (anti-Batista) parents sent him to the US at age 14 so he wouldn't be drafted and sent to fight in Africa or Bolivia. Didn't like it here, and he's now a Costa Rican.
Oceania has *always* been at war with EastAsia!
on
China Enters Space
·
· Score: 1
Last fall one of our local Democrat Congresscritters, either Anna Eshoo or Zoe Lofgren , commented that the Republicans has discovered that there were still *Commies* in *China*, and they'd be trying to make a big deal about it once they were done embarassing themselves with Monicagate. ["Oh, boy - *Commies* outside of Berkeley and Hahvahd! We haven't known what to do since the Evil Empire fell!"] Always helps to have an occasional Yellow Commie Spy around when you don't have an Arab Terrorist Mastermind handy, and it's so convenient to have Foreigners giving money to AlGore in violation of the campaign finance laws the Demos are trying to embarass you into passing. (Personally, I think the First Amendment is a good campaign finance law, but we're talking about Republicans who don't like level playing fields any more than Democrats do.)
So BE AFRAID! BE VERY AFRAID!
Commies under the bed!
Terrorism and Extremism Must Be Stomped Out!
Latino NarcoCrytographers who didn't go to the School Of The Americas!
and some spare UnAmerican foreigners (the Republicans don't have Pat Buchanan in their primaries, but may have to deal with him if he somehow tricks the Reform Party into nominating him.)
"Beowulf says 'bend your legs'"
I thought this suit was pretty tacky - when the forged email and postings were brought to Prodigy's attention, they did a good job of responding quickly and deleting them. It was clearly not their negligence, and especially after cases like Cubby vs. Compuserve, which also found the ISP not liable, this was a good solid decision by the judge.
:-)
While the US courts did the right thing in this case (yay!), one implication of the Internet going everywhere on the planet is that almost anything you post can upset someone, somewhere, in a jurisdiction you'd rather not travel to for a trial. One famous case involved an Australian saying bad things about a Brit, who sued for defamation in a British court and won against the respondent, who mailed in a response but didn't show in person for a defense. British libel laws seem biased toward the plaintiff, at least compared to US laws, and many jurisdictions without strong traditions of press freedom will also rule against ISPs (at least unless the ISP has a deal with the local telco monopoly.)
Some countries care about defaming their citizens, at least prominent citizens. Some governments ban defaming the government or government officials ("The King is a fink!"). Some governments ban propagating unapproved religions (non-Islam in many Islamic countries, Scientology in Germany, Fulan Gong in China, Jehovah's Witnesses almost everywhere, lots of things in Singapore.) Some governments ban pictures of women without veils on their faces - your web site could cause you big trouble in Afghanistan, next time you're there. Some governments don't like capitalist activities unless you pay them a
Fortunately, most governments don't care about libel against non-citizens, and most governments don't enforce court judgements against their citizens by other governments for things that aren't illegal at home. But states in the US are pretty cooperative with each other - a New York court may very well hear a defamation suit against a Californian who doesn't want to take the time and money to show up.
On the other hand, you can avoid much of this problem by using internet privacy technologies,
like freedom.net, which make it more trouble to track you down and sue you than to respond appropriately, e.g. by flaming back at you on the Internet, or setting up a web page explaining why you're an lying loser and scribbling your pages using Third Voice, or by ignoring you if that's a better approach.
Oh, by the way, all those stupid things allegedly posted by billstewart, that wasn't me, that was somebody else
Eventually it'll be available for non-expensive cars as well, unless the market informs us that nobody really likes it. It'll probably follow the usual cost curve - soak the early adopters for the development costs and find out what features matter, second-wave pricing is much lower due to mass production, then Moore's Law gradually cuts the price further (though maybe not as fast as the computer power price curve, depending on how much of the real job is computer-related as opposed to sensors.)
:-)
The real problem I see with HUDs is how to align the display with the rest of the windshield - the easy way is to just carve out a small section of the bottom of the window for the hud display, but if you're trying to project it on the whole window, you've got to figure out where the driver's head and eyes are so you can align the picture with the real world outside the windshield, a computer-intensive job that's probably too inaccurate to be worth doing, but which would be cool if you could get it right.
Of course, your car also needs a "Use The Force, Luke!" interface to turn the stuff off quickly
Sure, if you're reading news with Netscape. The GIF doesn't need to be hidden, either; visible ones work just as well, you just notice them.
Since a large fraction of the spam on Usenet is porn anyway, having visible pictures doesn't surprise people.
A well-designed MAC system doesn't interfere with normal work, as long as your normal work doesn't involve kernel hacking or developing trusted applications, or developing networking applications beyond a limited scope. But basic user-level stuff can be very normal.
MAC systems actually made doing system security much easier. You put the operating system files at Security Level 0, and make all the users live at Level 1 or higher (e.g. UNCLASSIFIED), and the no-write-down MAC enforcement means that users can't mess with any critical files, and can't mess with kernel-written logfiles. Other log files can go at System High (if you're not running with stricter No-Write-Up rules) so user-level processes can write to them, but can't read them, or just use a separate security compartment to put them in.
AT&T System V/MLS accomplished most of this by munging the Group ID mechanisms to carry MAC information, both for security levels (UNCLASS, SECRET, etc) and for security compartments (PROJECT X, NUKES, CIA, COMSEC, etc.) This was back in the 80s, and it was the first Unix system to be B1-rated.
What about Superuser? Some B1 systems kept it, and just did a lot of work to limit bugs and damage, while some split it up into multiple less-super users. AT&T System V/MLS kept it. The B2 Least Privilege requirements make it much more difficult to avoid ripping root apart; I don't know what current B2 systems do. Covert Channels are the nasty part of B2 ratings - it was hard enough to hide subtle timing channels and things like that back when machines were much slower - now there's enough horsepower to play even more games, and I'm not convinced a general-purpose machine can do a good job of blocking them.
Secure Attention Key wasn't originally a C2 requirement; it was either B2 or B3, but it's easy enough to implement and solves enough other problems that everybody does it.
Secure Networking was still hairy research back when I was working with this stuff. The problem is that a network really just sends bits back and forth, and you have to be able to use those bits in a way that you can prove who's on the other end of the wire, what they're authorized to do, and that nobody else is doing something unauthorized with the bits you're sending. It's an obvious job for crypto, but that wasn't very usable back then except for DES chips and NSA secret custom stuff. The main technologies people were developing at the time were IPsec-like encrypted ethernets, usually with DES hardware on the ethernet cards, where the crypto primarily provided authentication. Putting crypto on the cards means the security features don't depend on the operating system - this means you can run a multi-level network with single-level dumb MSDOS machines, and worry about how to integrate multi-level OS's separately. (The crude way to integrate a multi-level OS into this system is to use multiple Ethernet boards, one per security level, and use OS protections to limit which boards get to be which security level.) But it's still a hard problem - TCP/IP living in the kernel is much harder to secure than UUCP living in user space.
Encrypted File Systems don't matter for certification - the evaluated configurations assume you have physical control over the machine. If the operating system makes sure only authorized people can have access to files, that's enough (though the definitions of "authorized" and "access" are more stringent in B1 than C2.)
In reality, losing physical access to your machine is a realistic problem, especially for laptops, so encrypted file systems are a good thing, if you've got enough horsepower to run things using them. Back in the early 80s, that wasn't realistic; today it is. Part of the problem is that the choice of algorithms back then was DES (way too slow for software on 1-MIPS machines), or NSA-developed secret algorithms (again, generally done in hardware), or algorithms not developed at the NSA (politically unlikely to get approved, and until the 90s generally either too weak or too slow or both.) But using hardware crypto means you're not using a general-purpose machine, so that's unlikely to be useful. For non-multilevel-secure OS's, I suppose you could put hardware on a disk controller, but most applications that could justify that kind of expense would need to run multi-level security, so why bother.
Unix Groups are basically ACLs - as long as you've got a quasi-friendly group creation interface, they're even useful ACLs.
I'll comment more on MAC/B1/B2 issues in a reply to the parent article, but AT&T System V/MLS, the first B1-rated Unix system, felt very much like regular Unix. There were occasional useful things you couldn't do, and hacking the kernel or anything that required setUID was right out (:-), but it was also easier to secure things when you wanted to.
The big issue in those days was what to do about networking - you couldn't just hang TCP/IP off the kernel, but on the other hand it wasSystem V, not BSD, and while we had TCP/IP it hadn't yet taken over the world - you could still do useful networking with uucp, though you had to set it up in a somewhat limited fashion.
As Anonymous Coward suggests, the Posix services let government buyers check off Posix compliance when deciding to buy a product. To some extent, that's the same reason C2 security is important. On the other hand, it's probably easier to get the auditors to give you a waiver on Posix than on C2.
I used to work for Bell Labs, in the building that's now Lucent. Just after the Great Renaming, I visited my old boss there. His comment on the Lucent name was
:-)
They must have paid somebody a lot of money to think up that one
and of course, Dogbert The Consultant used a coffee-cup stain as "The Brown Ring Of Quality" logo for Dilbert's company.
A college housemate of mine, who liked classical music, decided that he already had a good enough stereo system to hear the flaws in the music - his solution was to buy records made by better orchestras with better conductors.
You can buy Neil Stephenson's Cryptonomicon at B&N at B&N URL http://shop.barnesandnoble.com/booksearch/results. asp?title=cryptonomicon&match=exact&opti ons=and&userid=2UTEZHA05P&srefer= / slashdotorg0f/ /. have them. /. add some non-Amazon pointers as well?
You can buy it at Amazon for the same price at Amazon URL http://www.amazon.com/exec/obidos/ISBN=0380973464
and if you look at that URL you can see that it's tied to slashdot, presumably some kind of affinity program. Similarly, the URLs for The Perl Cookbook had the same thing, and presumably most of the other book reviews on
Is this what we want to do, or can
There's no governmental territory outside Earth, at least according to several large Earth governments. Big deal. Colonize space anyway, and if the government wants to follow you to Mars, let them. Near-earth space is a bit tougher than Mars, because governments can more easily shoot you down, but if colonizing space makes economic sense, they'll be happy to let you go and just tax you.
Somebody mentioned it at a local Cypherpunks meeting, where Duncan Campbell was doing a presentation on the Echelon eavesdropping system. I don't remember who it was, or whether the agency was known (e.g. Livermore Labs, though perhaps acting as a front) or unknown.
According to the story, the technology can support ~10GB WORM drives, or ~140GB ROM technology.
Cost of writeable media and drives isn't listed; 10GB conventional magnetic disks currently cost ~$100, so this may not be particularly superior for backups, but it's still in the interesting range. They say the media cost should be similar to current CD/DVD, which may be realistic for mass-produced storage. They also don't say what kind of resources you need to produce the high-density ROM versions - is it only useful for large production runs, or can it make sense for one-offs?
The US government is said to have recently ordered a 100,000 disk RAID system, capable of holding a petabyte of data, presumably for activities like archiving Usenet, the web, stock market transactions, etc. This technology means that archiving large quantities of data becomes much more convenient for regular people, and for corporations that - remember when a Terabyte of data was huge? (and before that, a GB?) What can you do if you can archive all of your company's transactions, designs, etc., and reproduce them cheaply? How do you design policies on information retention when it's cheap and hard to make sure things got thrown away?
This could be interesting for security - having large WORM drives that are fast enough to run an operating system off, with write-once capability for log files, lets you run much more secure web servers, because it's hard to trash WORMs. How does this affect operating system design? A friend of mine did some work a few years back called "Stiff Unix", trying to find out what parts of the file system space Unix needs to have writeable, and what parts can be ROM. I think this was on *BSD; it'd be interesting to see how Linux can react to this environment.
Interfaces that fit with the available peripherals and peripherals that match the operating environment are important.
For a wearable computer, voice input and output can be quite valuable, though people will look at you funny for mumbling like a gargoyle. (Single-speaker voice recognition has been getting much better, very large vocabularies are available, and easily-portable disk drives for storing the necessary data are getting practical.)
The Data Glove that VR people were using for a while may be a good input technology, if the prices can be low enough - it's possible to do gestures and chords without needing to haul a keyboard around. Some combination of gestures and menus together probably makes the most sense for a non-vocal interface.
Communication is critical for wearables, just as it is for desktops. Some low-speed wide-area communication would be necessary for many uses, e.g. a few kbps for email, voice, and access to the user's other databases. For some uses, higher-speed mobile comms are needed, but in general, it's convenient to have ~1-10Mbps of radio or infrared for transfer to the main network when you're stationary (as opposed to jacking in to a LAN), and it's also valuable to have short-range communication with other users, though low-speed connections are enough for many transactions (e.g. paying for purchases, or stores telling you what's on sale as you walk by, or computers and other hardware providing operator input.)
Physical location is another valuable input, whether it's GPS or something cell-phone based or the kinds of infrared handshakes that some of the Smart Badge projects have used inside buildings. The more precise the location, the more applications are possible, and the more concerns for security are necessary.
Sendmail is a mixed bag. It's big, ugly, and you can use its config files as a Turing machine if you're careful and as a Cuisinart if you're not. It's not really the right model for the mail handling jobs that need to be done in modern environments; it would make sense to learn the lessons we've learned from running sendmail and build a new system from the ground up - like qmail or postfix.
:-)
On the other hand, it's had ~15 years of exposure to the real world, and while Creeping Featurism doesn't usually fix fundamental problems, it does have a lot of features people want packed into its monolith, and Sendmail has had an immense of tuning to deal with a wide variety of mailing environments that the original authors couldn't have predicted in advance. I'd certainly pick it for scalability and stability over MSExchange (:-), and while I find it difficult to configure sendmail correctly for complicated applications, there are times it may still be the better choice over newer simpler mail systems.
One of the fundamental problems with sendmail needs operating system help. It's the need to use root permissions to listen on Port 25, and all the different security evils that come from running a huge program with setuid root. It doesn't need root permissions to deliver mail, even in traditional Unix time-sharing environments - System V and predecessors did just fine with setgid=mail providing write access to mailboxes with group mail. But because it's there, it tends to get abused, and the techniques for avoiding root permission aren't universal across operating systems (sigh - it's probably easier on NT
Throwing developers at things doesn't always (often?) work. But a volunteer effort can really benefit from concentrated attention, and RedHat donating a few developers can provide some of that, and can also work on making sure _all_ the loose ends get worked on, which is difficult in a large volunteer project.
We're not talking Gibsonesque brain interfaces or direct thought output here - we're talking about the equivalent of doing Morse Code with some spare synapse or muscle controller.
Tracking electrical activity in the brain and triggering an action when a specific pattern happens isn't that hard - it doesn't require understanding how thought happens in the brain or translating that into words, it's just finding simple not-many-bit output spots and doing some biofeedback training so the user can figure out how to trigger them. If you pick good sensor spots, that's not fundamentally tougher than learning to wiggle your ears or raise only one eyebrow. The medical part of the job is developing electrodes that can interface safely without corrosion or similar problems.
Doing good input to the brain is a much tougher problem - either you piggyback on existing senses, or you need to know an immense amount of currently unknown stuff to get it right (though the brain is flexible enough to work around some of that.)
I remember getting the "We Are Under Attack" posting when the worm started flooding the world.
The worm itself was mostly script-kiddy work - the interesting question was whether RTM expected the exponential growth to happen (in which case it was an interesting experimental hack) or whether he should have realized it would do that but didn't.
One of the teams working to stop the worm put up a patch for the various bugs in the worm. They weren't going to post the real worm code, in case anybody else wanted to restart it or modify it, but a bug fix was still worthwhile and indicated that they understood the worm better than RTM himself did.
One problem with Usenet discussion groups is it's sometimes hard to tell humor from seriously-intended statements. I'll take your question as humorous :-)
You can find Usenet histories on the net, but it started in about 1981, between Duke and UNC. It was a few years before much of Netnews used the Internet to connect - most of it was UUCP, either on dialup connections or dedicated private lines, and some parts of it were various other protocols such as Berknet. NNTP was a few years later - you can look up the RFC to find out when.
Besides Usenet, there was also the Fidonet distributed BBS network, and various non-forwarding BBSs, and Amateur Packet Radio was growing, and there was the Plato system (ancestor of Notesfiles and Lotus Notes) which was basically a big graphics-capable BBS running on some unusual mainframe with cool plasma-display terminals, and eventually there was Habitat running on C64s.
I was quite surprised by the reactions of people around the net. The Kremvax post was a nicely written spoof, with creatively forged headers. It was posted on April Fool's Day, and mail and news header forgery were well-known simple techniques in those days, and and there wasn't anything blazingly deep about it. It was just a good classic April Fool's post.
But some people got all paranoid about how there were Commies On The Net After Our Precious Bodily Fluids, and more people got all bent out of shape because *Forgery* meant *you couldn't believe everything you read on Usenet!*. Oh, Nooooo!
Two of the lasting effects of the post involved machine names. The first Usenet site in Moscow, a few years later, *was* named kremvax. And kgbvax became the canonical example of where crackers might email files they stole from your machines.
It (probably) didn't make it outside AT&T, but it was on the tape installed by some organizations outside Bell Labs Computer Science Research. If I remember correctly, the login was "ken", and the password was "nih", as in "Not Invented Here".
The ACM Turing Award lecture that Ken gave on it was in 198x, article was printed in CACM, Vol. 27, No. 8, August 1984, pp. 761-763, titled "Reflections on Trusting Trust".
Cuba was a politically repressive kleptocracy before the Communists kicked the pro-American Mafiosi out of power. This doesn't mean that Castro was much better. A Cuban-born friend of mine remembers growing up under the political repression of Batista - people were afraid to say things in their own houses because they'd get hauled away and killed at night. After the revolution, it was better for a few months, but became repressive and unsafe soon after, and his (anti-Batista) parents sent him to the US at age 14 so he wouldn't be drafted and sent to fight in Africa or Bolivia. Didn't like it here, and he's now a Costa Rican.
So BE AFRAID! BE VERY AFRAID!