I think this raises an important question. Don't I have a right to install a video surveillance camera in my window, if only so I can put a live view of the park outside my window on my computer screen? How dare these folks attack my right to bear cameras.
There are three, related issues here. Do you have the right to use a camera to record something so long as you are not harassing a given individual and running afoul of their privacy rights (stalking laws). I think it is pretty clear that you do. Does the government have a right to record things. The answer is, the government has no rights, but is legally allowed to record things only when it is working towards one of the goals which it has been empowered to pursue. Third, do corporations have the right to record public places. Corporations being government created entities without any inherent rights, ethically should be allowed to record public places only when there doing so does not jeopardize the rights of individuals. That is to say, sure they can put security cameras in their buildings, but they can't build a network to track individuals.
Personally, I think there is an excellent case for banning handguns, but I'm not an American, and fortunately they're already banned where I live.
Having looked into the numbers fairly extensively, I don't agree. The correlation between gun bans and violent crime is negligible. If you take a look at all the studies with reasonable methodologies you'll note almost all of them showed no statistically significant change in violent crime. Of those that did show a statistically significant change, the majority showed a slight increase in violent crime. I don't see how anyone can make these numbers show the opposite without intentionally ignoring data or incorrectly stating the problem. In fact, the last time we had this conversation I challenged everyone to provide numbers to support a ban and not a single person provided them. A dozen people provided numbers that showed (correctly) that gun bans reduce crimes committed with guns. If your goal is to reduce crimes committed with guns, instead of violent crime overall, then you're probably suffering from a mental disorder.
Anyone interested in lowering violent crime should look at factors that do show large, statistically significant, correlations with violent crime. Decriminalizing illicit drugs, reducing wealth disparity, and providing socialized healthcare (in particular mental health and addiction management) are all methods that have a huge potential for reducing crime. I can't imagine any rational human being who looked objectively at the data deciding that gun control was a good place to start if they are trying to reduce violent crime. If, however, they're looking to cause controversy, get money from lobbyists, and get re-elected it makes a lot of sense.
Thinking you can control behavior by controlling access to technology is just absurd. The concept of "privacy through obscurity" doesn't work any better than "security through obscurity" does.
Actually, security through obscurity does work for many people. It is simply that trusting obscurity presented by someone else when you're working in a homogenous, automated system is less useful. Hiding something is a time tested and very effective security procedure.
A lack of security cameras sure kept Hoover from building dossiers on all sorts of private citizens, didn't it?
Yes, it did. Hoover was only able compile dossiers on select people, instead of using cameras and computers to automatically generate dossiers on everyone and even more detailed dossiers on those select people.
So-called 'security' cameras should be banned because they can be used to invade privacy. So-called P2P file 'sharing' programs should be banned because they can be used to violate copyrights. So-called Web 'forums' should be banned because terrorists might use them to plot crimes.
Who argued security cameras should be banned? There is a difference between banning something and not empowering the government to spend huge amounts of tax dollars to do something. I don't support making it illegal for private citizens to tell lies on TV. I do support making it illegal for official representatives of the government to lie on TV. One is a private citizen with rights. One is an agent of a government with no rights, specifically limited in its actions to minimize the danger it presents to the people. The third and more murky issue is corporations, which are government created entities that currently enjoy many of the rights of citizens, despite not being citizens.
Now how this applies to the article under discussion is something else, but in principal I'm not in favor of granting the government additional power that may be abused, unless there are some enormous benefits that outweigh the potential danger of that abuse.
Your title is an assertion. The constitution has been interpreted by the courts such that the right to be secure in our persons is a right to privacy to some, unspecified, degree. Further, the right to privacy is regarded as a basic human right by most of the civilized world. The constitutionality and the ethics of these cameras are very, very questionable.
Your arguments boil down to, cameras allow the government to protect the people from other people, so they are good. You don't address two important points. First, it is the job of every citizen to protect themselves, not the government. The government has never had the power to protect you and trying to consolidate that much power into so few hands in not without some very large risks. You completely ignore these risks. Mandatory gun registration in Germany reduced the number of illegal guns in circulation, preventing a crime. Does that mean it "worked." Sure, but it also made it easy for the Nazis to confiscate all those guns from the Jewish populace later on. Putting a given power into the hands of the government can have immediate benefits, but you must pay attention to the long term risks.
Consolidation of power to the government is, in principal, a dangerous thing and all such power will be abused eventually. Thus, you need some really, really strong benefits that cannot be accomplished in other ways before I'll support any such consolidation. I think if you want to reduce crime, you're a lot better off attacking the motivations for crime than trying to police everyone. Other countries have amazingly lower crime rates without surveillance. Britain with it's move towards a police state still has fairly high crime rates despite all the cameras and gun control. They also have instances of those cameras being abused by government agents. Why then would you think that they are a good way to deal with the problem?
There is a huge difference between having cameras monitoring public places, as is happening here, and having cameras in every home monitoring everything you do.
There is a difference in the quantity but qualitatively it is not very different at all. They are both a consolidation of power to the central government. Make no mistake, knowledge is power. Knowledge of every place a person ever goes may not always be useful power, but sometimes it is. This power can be used to do good things (catch a killer) or bad things (blackmail political figures). One of the fundamental principals of our government was making sure the government only had the power it absolutely needed to minimize the risks of abuse.
In public, however, everything you do is, by definition, public.
It is not so simple. My expectation of privacy from the average citizen is different from my expectation of privacy from agents of the state. In principal and in law, there is nothing wrong with my neighbor paying attention to the titles one the books I carry home from the library. If I'm carrying them in the open, I have no expectation that my neighbor won't read those titles. I have a different expectation of privacy from the government. It is empowered to use my tax dollars only in certain ways, that do not include posting people outside my house to watch and see if any of my books fit in a certain category. For example, while it is fine for a private detective to watch with a camera to see if I check out books on gun control, it is not fine if that same private detective takes that same action, while on the payroll of the city, unless there is a reason for that behavior that fits with the actions the state is empowered to take.
There is no difference between cameras monitoring what you do in public and people watching you other than the quality of the record.
I think I explained above why it is not just a matter of individuals versus cameras but a matter of private citizens versus government agents. There is, however, a difference between cameras and people. People have rights. The government does not. People have the right to view anything they wish unless that right comes in conflict with the rights of someone else. Government agents and cameras do not have those rights. Cameras can consolidate information and mechanically create a map of information about a person's whereabouts and activities. Individuals cannot, unless they are very, very well organized and dedicated. It is impractical for the government to hire enough people to provide enough information on everyone. It is practical for them to use cameras and computers to obtain that same power without hiring people.
Now I'm not some wacky conspiracy theorist, but I understand the principal that consolidating power is dangerous and leads to abuse. For that reason, there needs to be some real, serious need for power to be centralized in the government before I'll support that. Catching a few serial killers is frankly not enough justification for the risk of all the abuse that could result from constant surveillance. Also, this promotes centralization of power in another way. The wealthy can afford big walls and lasers that stop cameras from recording, and limousines, and to rent out large private establishments to protect their privacy from cameras. The people in general cannot. Should surveillance cameras in public become ubiquitous this information will be used for political purposes. It is human nature. This simply further reduces the chances of someone without a lot of wealth being elected to a public office, further promoting our existing consolidation of government among the ultra wealthy. And what is the gain again?
You'll note that it's the "Month of *APPLE* Bugs," not the month of OS X bugs.
Sadly the second bug announced is in VLC, which is not made by Apple at all, but merely runs on OS X as a platform. So those bitching were correct, but premature.
Full disclosure that is intentionally delayed for a period of time exposing users to risk during that time is certainly unethical, especially when you are financially benefitting from that delay.
This is a classic win-win situation.
Okay you found a potential security hole. Should you A) contact Apple and give them time to fix it before letting all the malware authors know about it? B) release it immediately so that people are aware and can fix it and so Apple is pressured to start work right away? or C) don't tell Apple or the public but sit on the bug until the day it will generate the most publicity for you personally?
In a given situation I can see either A or B as a viable option. If Apple is slow to fix bugs that aren't public and you think the bug is probably being exploited in the wild, sure full disclosure might make sense. Of course Apple has a pretty damn good record in that regard (the last bug fix was released 10 days after Apple was told of the bug) and there is no evidence that either of the "vulnerabilities" announced so far is being actively exploited. What argument can you make to defend option C? If Apple can't work on a fix and the public can't act to defend themselves you've managed to combine the drawbacks to both of the above without any benefit to users. You've made the platform just a tiny bit less secure, in order to get PR. That is unethical and irresponsible.
On the server side, I don't think that OS X is inherently a good platform for virtualization, given the performance issues with the kernel
Virtualization will never be as fast as the "real thing" but for the most part, it doesn't need to be. I don't have any major issues with the speed of VMs on OS X, only with the feature set.
I don't begrudge them on that point. That was a clusterfuck from the start. Honestly, I don't run any more OS 9 apps at all. I still have an occasional old non-carbonized game or two. But I just don't run them. They're taking up disk space. This was a ton of effort for very little payback.
Again, I'm not claiming Apple should be supporting OS 9 emulation or virtualization, but they should make it easy for third parties to do so. The main stumbling block to making this work is getting a valid ROM file downloaded, extracted, and installed because Apple restricts emulators from including or redistributing these ROMs to which they locked their OS. The DMCA makes reverse engineering illegal. Making OS 9 emulation no longer default functionality is very reasonable from a strategic point of view. Making it extraordinarily hard because of Apple's legal position, however, is not.
Why should Apple compete with third-party vendors?
I'm not implying that Apple should be competing with desktop VM providers. I'm saying they should be incorporating APIs and OS level functionality to make those vendor's job easier and their VMs more useful.
As long as their choice of third-party apps includes only fairly widespread apps, I wont' complain. But if they start to find problems in some random odd shareware app that the vast majority of even technically-inclined Mac users don't use, then they'll be pushing it.
Well, that didn't take them long then, huh. Day two has brought a vulnerability in VLC. I'm not sure anyone would describe that as a widespread application.
Seeing how you want me to support arguments I never made, I don't see how I can.
I replied only to what you wrote. If what you wrote was misinterpreted by myself and the moderators and at least one other person who responded, maybe you should admit your statement was misleading?
Do you find spewing hostility on slashdot to be cathartic, or are you like this in real life, too?
You find me hostile? It is interesting how people read certain emotions into the writing of others. Brief snippets of text like this usually don't contain enough info to accurately convey the emotions of the writers. Maybe you should think about why you have categorized my responses as hostile. Am I merely being contradictory? Am I emotionally invested in this conversation?
The truth is I reply on Slashdot much as I speak in person applying the same rules of discourse and trying to apply the same logic. Personal interactions are a richer medium with a lot more feedback and clues, so who knows how much you can equate the two. You're certainly not the first person to take a dislike to me here, as a number of people have marked me as their "foe" although not nearly as many as have marked me as their "friend." In person, I seem to be one of those people who is very social and both liked and respected by most others. So why do you find my writing hostile?
One is the month of bugs. The other is the moth of fixes, a response to the first and a different project by different people. You can at least correctly read the title of the article summary before declaring it a dupe. MOAB != MOAF.
In my humble opinion, OS 9 needed to get the boot.
I think excluding the ability the run OS 9 by default is a reasonable decision. But it's nice to have some more gradual deprecation. They went from supporting OS9 apps out of the box with every machine, to not supporting them even as an option and intentionally making it hard for others to provide that functionality in a single step.
Very few people depend on classic apps, and maintaining the classic environment is just another damn thing to chew up development resources.
How many resources does it take to provide the SheepShaver project with a license to redistribute their ROM? That is pretty much all it would take to make running classic apps a simple, free third party download instead of an exercise in frustration that requires a visit to a warez site, or access to an old machine with OS 9 installed. Official support of the project would be better and would be good PR for Apple playing nice with open source, but even that is more than they need to do.
The big thing for consumers is Windows virtualization on OS X. It's a cool concept, yet it's a human factors nightmare and not the most encouraging thing for application development on OS X.
Applications in a VM will always be second class citizens, thus users will provide demand for native ports. I'm not too worried about VMs running Windows undercutting OS X development, especially in that it is significantly increasing overall market share. Sure a few developers will cancel OS X versions, they will also lose big time to competitors that don't do that.
On one hand, I'd like to buy an Intel Mac and Parallels, on the other hand, I hope virtualized Windows doesn't become the norm for OS X users.
That's just not going to happen. Most users don't know what an OS is and would never consider installing one. They certainly are not going to pay for a Windows license on top of the cost of a Mac. No, the real concern is not that Windows on Mac will ever be a normal situation, but that bad ports via Windows API reimplementations (like WINE) will become the norm, resulting in lots of quick and dirty ports that run slowly with lots of bugs on the Mac. Already one company is selling porting tools and services based upon this premise. It will be transparent to the user, who will just end up buying a crappy, bloated, slow, buggy version of a game that plays well on Windows. Then review sites will talk about how slow OS X is by comparison to Windows and Apple's reputation will be damaged, possibly slowing uptake.
Jabber has a little traction in business and Google is behind it with a tiny market share and Apple is sort of behind it with support in iChat. Unfortunately Microsoft and Yahoo together have a huge chunk and they're partnering for interoperability and likely to dominate the market, thus preventing an open standard from emerging. They hope to collect a toll in advertisements and server licensing and they will probably succeed unless people wise up or the government steps in. If only AOL would throw their weight behind it Jabber would have a real chance.
OK, your other points aside, I got a full-body shivering skeeve with a bit of throw up in my mouth when I had a mental picture of usually-very-nicely designed OSX icons sitting right next to the crap you get on Windows and Linux.
Be that as it may, it makes sense for end users and maintaining a consistent paradigm is important especially for novice users.
Sandbox==good. That way you can keep all the turds in the same place.
I'm all for sandboxing applications, even native ones. I think it is going to have to happen if we ever want a reasonable level of security in mainstream desktops. That doesn't mean you can't still logically represent programs that run in a sandbox, outside of that sandbox. I'm just talking about an icon that is a link to the emulated application, maybe labeled with a Windows symbol or something. Add in a dock representation so you can easily quit or suspend the application without breaking your workflow and you're probably at a level of usability that will appeal more to novice users. Heck, Parallels already runs apps in a windowless mode in the new beta. I'd just like to see OS X provide the hooks needed for the rest, rather than having them hack it together.
Is it theoretically possible to virtualize a few copies of the OS+BIOS+etc. for each program launched to further isolate one program from crashing/infecting others? Or maybe that'd be way too resource intensive?
It is theoretically possible and it is resource intensive. A more workable solution is simply to build strict application level restrictions into the kernel to prevent applications from interacting, and this seems to be the way modern OS's are heading. A VM is useful for running legacy applications that cannot install/run well with these restrictions.
They don't want you to use OS X in a VM, as it makes it trivial to use it on generic PC's, which eliminates the vast majority of their revenue.
I'm sure that is true, but do they have a plan for what happens when/if the industry moves toward virtual machines on the server? Are they just going to let OS X server die, or try to target only really small businesses? What about thin client support? if more and more VMs start running on big hardware and exporting to thin clients do they have a plan to provide better support for those clients? Integrate with those UIs? Are they just assuming none of this will happen?
They don't include virtualization software themselves as Parallels and VMWare are doing a good job if you need such a thing, and they don't want to alienate them.
It is perfectly understandable not to include a VM in their workstation, but that does not preclude kernel level support for virtualization, including API's and hooks for interoperability. What about hooks for supporting virtual machines like Parallels, but treating the apps as more "native" with Windows or Linux binaries showing up as icons in OS X?
And not strictly virtualization, but you mentioned it - they don't want to make it easy to use OS 9.
Depending upon how access to OS 9 apps is accomplished, it certainly is virtualization. I certainly understand not including it in a the default install to discourage the use of OS 9 apps, but making it hard to find and install your own VM of this sort is counterproductive, in my opinion. Even PS3's provide a way to run PS2 games.
Meanwhile, they do nothing to hinder or help SheepShaver and others; the ROM files needed are available from Apple's website (although not easy to find).
SheepShaver is useless without ROMs, the discovery of, extraction of, and installation of is well beyond the capabilities of even many advanced users. Apple does not allow the SheepShaver project to redistribute those ROMS or include them in a pre-build binary. That certainly hinders the project a lot and prevents it from ever being user friendly enough to attract a significant body of developers. It seems like a tiny bit of privilege from Apple would go a long way here, but they withhold it.
It just seems like VM is a very promising new technology that MS and Linux distros are leaping at, and which is finally evolving a few standards. Ignoring it on so many fronts, seems dangerous to me, akin to MS ignoring the internet until the final hour. Ignoring some of the fronts on which VM is making inroads is one thing, but ignoring them all seems almost like a cultural bias. I wonder if maybe the term is taboo at Apple, since they are worried about it one one front and have applied a policy a little too liberally.
Virtualization is usless in a desktop multimedia user environment. Video cards, sound cards and the like are bus mastering devices and you cannot virtualize hardware access unless you own the whole environment. In simple terms, virtualization is only usefull in the server arena and useless on the desktop.
As someone with two VMs running on my OS X laptop right now, I'd have to disagree with you. As for sound cards and video cards the sound works just fine and at least two companies I know of are working on support for allowing hosted OS's full access to video card acceleration.
Just wanted to point out that qemu can also do virtualisation on Linux, just like Vmware, with a closed-source kernel module.
The article lists the following solutions on Linux: Bochs, QEMU, VMware, z/VM, Xen, UML, Linux-VServer, and OpenVZ. I'm not sure why you felt the need to mention QEMU specifically. It does, however, seem like one of the more promising solutions. Have you used it in production?
Two doors can be equally open. One doesn't have to be more open than the other. One is not more unlocked than the other.
Theoretically this might be the case, but this is the real world. One door is always going to be more open than the other, until we develop much, much, much more precise tools. Show me doors engineered and placed down to the level of subatomic particles and I'll recant. Since you're splitting hairs here, I might as well join you:)
This article is an okay overview of many of ways virtualization is now being used. As an aside, has anyone else noticed Apple seems to be missing the boat this time? They're certainly benefitting from virtualization with several players in the market providing emulation solutions and tools now that they are on Intel, but Apple themselves seem to have done nothing and not even provided a strategy. Servers are moving to more virtual servers on one real machine, but OS X's license forbids it from fulfilling that role. Tools for using OS X as a thin client for accessing remote virtual machines are likewise weak. Apple hasn't even provided a virtual machine for their customers to emulate old macs so that users can run OS 9 apps on the new intel machines and they restrict redistribution of their ROM files to make 3rd parties unable to do this. No mention of adding VM technology to OS X has been heard, despite its inclusion in the Linux kernel among others.
Does Apple have something against VM technology? Are they simply behind the times and failing to see the potential?
Publishing the bugs lets people for whom it matters know that they exist and take steps to mitigate them.
I agree that sometimes it is a good idea to publish some info on a vulnerability immediately if their is evidence it is being exploited and there is a way the user can mitigate it. For example, if you find a vulnerability because a hacker uses it on a honeypot machine you have and it exploits a relatively unused service that is enabled by default, it makes sense to publish this fact immediately so people can turn off the unneeded service before more damage is done. Now lets look at the specifics of the month of bugs. They aren't publishing the bug right away or informing Apple of it. They're intentionally delaying publishing bugs in order to space them out and generate more press for themselves. Whether you favor immediate disclosure or informing the vendor first, or make that decision based upon the details, these guys are still doing the wrong thing. They're not publishing immediately or informing the vendor, they're sitting on them, the worst of both scenarios.
I don't have numbers on how often a person in authority lies or how often a person with someone in authority over them lies, but since a lot of people fit in both categories those numbers are hard to come by. It is well documented, however, that facts become more quickly distorted when moving up through an authoritative hierarchy than down. That implies that people are more likely to mislead their bosses than to be misled by them. Logically, this follows since providing the truth to a superior often results in punishment, so people directly benefit from misdirecting their superiors.
No. I started this thread by describing Apple's relationship with security researchers as troubled. Any attempt to drag Windows into it was done by you.
The root post was by bogie (31020) and read "Is Apple as bad as MS when it comes to fixing security flaws?"
You know, it says something about your own biases that I can say "Linux and OS X" and you read "Windows".
No, it says a lot about your ability to express a coherent argument. You wrote "Linux and OS X" in talking about your personal credentials, in a discussion about Windows and OS X. Personally, I use all three daily. Your statement was either highly controversial, or completely irrelevant. I gave you the benefit of the doubt and assumed it was controversial. In future I'll assume you're just writing nonsense and haven't bothered to read what you're replying to.
you made a ridiculous claim, that MS does not respond to security issues
You quoted me and you still think that is what I wrote? I wrote that MS has no motivation to respond to security concerns. This is true. They do not, in general, provide an OS that solves the malware problem they are having. They don't shut down unneeded services, or apply proper defaults. They don't mitigate trojans well. Most of their customers suffer inconvenience or expense as a result. They don't change this because they don't have a strong enough (financial) motivation.
First, this has nothing to do with whether or not Windows is more secure than OS X.
The root cause of a phenomenon has nothing to do with that phenomenon? How... novel.
Second, your statement is quite obviously false, because MS has spend a vast amount of energy trying to fix the security issues in their operating system.
MS has spent vast amounts of money saying they are fixing the security problems. They've spent vast amounts of money implementing certain technologies. Your assertion, however, that those technologies are designed to solve the security problem is conjecture.
So, seeing how you can't correctly parse other people's statements, and you apparently don't even understand the illogic of your own statements, I can't see the point in continuing this discussion.
Yeah, people who can't support their arguments often retreat. Wise decision.
Where the hell did I say Windows is more secure than OS X?
You were responding in a thread discussing the relative security of Windows and OS X and whether or not market share was the only factor. You then made the statement, "Sonny, I write device drivers for a living, on Linux and on Mac. I assure you, the Mac isn't more secure." Since that was the first mention of Linux, I, and probably most other readers assumed the first sentence was a statement of your credentials while latter comment was regarding OS X and Windows. You were thus modded as flamebait, but perhaps you should have been modded as offtopic, depending upon your intention. Then I argued that, "Apple does respond to security concerns on their platform, while MS has little motivation to do so" to which you responded with, "MS releases security patches and updates even more frequently than Apple." If you weren't addressing my point, what were you trying to say?
Work on that reading comprehension, would you?
Having worked as both an editor and a professional author, I can assure you my reading comprehension is fine. Perhaps you should work on your writing skills a little and try to express complete thoughts if you want people to understand what you really mean?
I think this raises an important question. Don't I have a right to install a video surveillance camera in my window, if only so I can put a live view of the park outside my window on my computer screen? How dare these folks attack my right to bear cameras.
There are three, related issues here. Do you have the right to use a camera to record something so long as you are not harassing a given individual and running afoul of their privacy rights (stalking laws). I think it is pretty clear that you do. Does the government have a right to record things. The answer is, the government has no rights, but is legally allowed to record things only when it is working towards one of the goals which it has been empowered to pursue. Third, do corporations have the right to record public places. Corporations being government created entities without any inherent rights, ethically should be allowed to record public places only when there doing so does not jeopardize the rights of individuals. That is to say, sure they can put security cameras in their buildings, but they can't build a network to track individuals.
Personally, I think there is an excellent case for banning handguns, but I'm not an American, and fortunately they're already banned where I live.
Having looked into the numbers fairly extensively, I don't agree. The correlation between gun bans and violent crime is negligible. If you take a look at all the studies with reasonable methodologies you'll note almost all of them showed no statistically significant change in violent crime. Of those that did show a statistically significant change, the majority showed a slight increase in violent crime. I don't see how anyone can make these numbers show the opposite without intentionally ignoring data or incorrectly stating the problem. In fact, the last time we had this conversation I challenged everyone to provide numbers to support a ban and not a single person provided them. A dozen people provided numbers that showed (correctly) that gun bans reduce crimes committed with guns. If your goal is to reduce crimes committed with guns, instead of violent crime overall, then you're probably suffering from a mental disorder.
Anyone interested in lowering violent crime should look at factors that do show large, statistically significant, correlations with violent crime. Decriminalizing illicit drugs, reducing wealth disparity, and providing socialized healthcare (in particular mental health and addiction management) are all methods that have a huge potential for reducing crime. I can't imagine any rational human being who looked objectively at the data deciding that gun control was a good place to start if they are trying to reduce violent crime. If, however, they're looking to cause controversy, get money from lobbyists, and get re-elected it makes a lot of sense.
Thinking you can control behavior by controlling access to technology is just absurd. The concept of "privacy through obscurity" doesn't work any better than "security through obscurity" does.
Actually, security through obscurity does work for many people. It is simply that trusting obscurity presented by someone else when you're working in a homogenous, automated system is less useful. Hiding something is a time tested and very effective security procedure.
A lack of security cameras sure kept Hoover from building dossiers on all sorts of private citizens, didn't it?
Yes, it did. Hoover was only able compile dossiers on select people, instead of using cameras and computers to automatically generate dossiers on everyone and even more detailed dossiers on those select people.
So-called 'security' cameras should be banned because they can be used to invade privacy. So-called P2P file 'sharing' programs should be banned because they can be used to violate copyrights. So-called Web 'forums' should be banned because terrorists might use them to plot crimes.
Who argued security cameras should be banned? There is a difference between banning something and not empowering the government to spend huge amounts of tax dollars to do something. I don't support making it illegal for private citizens to tell lies on TV. I do support making it illegal for official representatives of the government to lie on TV. One is a private citizen with rights. One is an agent of a government with no rights, specifically limited in its actions to minimize the danger it presents to the people. The third and more murky issue is corporations, which are government created entities that currently enjoy many of the rights of citizens, despite not being citizens.
Now how this applies to the article under discussion is something else, but in principal I'm not in favor of granting the government additional power that may be abused, unless there are some enormous benefits that outweigh the potential danger of that abuse.
These cameras ARE Constitutional
Your title is an assertion. The constitution has been interpreted by the courts such that the right to be secure in our persons is a right to privacy to some, unspecified, degree. Further, the right to privacy is regarded as a basic human right by most of the civilized world. The constitutionality and the ethics of these cameras are very, very questionable.
Your arguments boil down to, cameras allow the government to protect the people from other people, so they are good. You don't address two important points. First, it is the job of every citizen to protect themselves, not the government. The government has never had the power to protect you and trying to consolidate that much power into so few hands in not without some very large risks. You completely ignore these risks. Mandatory gun registration in Germany reduced the number of illegal guns in circulation, preventing a crime. Does that mean it "worked." Sure, but it also made it easy for the Nazis to confiscate all those guns from the Jewish populace later on. Putting a given power into the hands of the government can have immediate benefits, but you must pay attention to the long term risks.
Consolidation of power to the government is, in principal, a dangerous thing and all such power will be abused eventually. Thus, you need some really, really strong benefits that cannot be accomplished in other ways before I'll support any such consolidation. I think if you want to reduce crime, you're a lot better off attacking the motivations for crime than trying to police everyone. Other countries have amazingly lower crime rates without surveillance. Britain with it's move towards a police state still has fairly high crime rates despite all the cameras and gun control. They also have instances of those cameras being abused by government agents. Why then would you think that they are a good way to deal with the problem?
There is a huge difference between having cameras monitoring public places, as is happening here, and having cameras in every home monitoring everything you do.
There is a difference in the quantity but qualitatively it is not very different at all. They are both a consolidation of power to the central government. Make no mistake, knowledge is power. Knowledge of every place a person ever goes may not always be useful power, but sometimes it is. This power can be used to do good things (catch a killer) or bad things (blackmail political figures). One of the fundamental principals of our government was making sure the government only had the power it absolutely needed to minimize the risks of abuse.
In public, however, everything you do is, by definition, public.
It is not so simple. My expectation of privacy from the average citizen is different from my expectation of privacy from agents of the state. In principal and in law, there is nothing wrong with my neighbor paying attention to the titles one the books I carry home from the library. If I'm carrying them in the open, I have no expectation that my neighbor won't read those titles. I have a different expectation of privacy from the government. It is empowered to use my tax dollars only in certain ways, that do not include posting people outside my house to watch and see if any of my books fit in a certain category. For example, while it is fine for a private detective to watch with a camera to see if I check out books on gun control, it is not fine if that same private detective takes that same action, while on the payroll of the city, unless there is a reason for that behavior that fits with the actions the state is empowered to take.
There is no difference between cameras monitoring what you do in public and people watching you other than the quality of the record.
I think I explained above why it is not just a matter of individuals versus cameras but a matter of private citizens versus government agents. There is, however, a difference between cameras and people. People have rights. The government does not. People have the right to view anything they wish unless that right comes in conflict with the rights of someone else. Government agents and cameras do not have those rights. Cameras can consolidate information and mechanically create a map of information about a person's whereabouts and activities. Individuals cannot, unless they are very, very well organized and dedicated. It is impractical for the government to hire enough people to provide enough information on everyone. It is practical for them to use cameras and computers to obtain that same power without hiring people.
Now I'm not some wacky conspiracy theorist, but I understand the principal that consolidating power is dangerous and leads to abuse. For that reason, there needs to be some real, serious need for power to be centralized in the government before I'll support that. Catching a few serial killers is frankly not enough justification for the risk of all the abuse that could result from constant surveillance. Also, this promotes centralization of power in another way. The wealthy can afford big walls and lasers that stop cameras from recording, and limousines, and to rent out large private establishments to protect their privacy from cameras. The people in general cannot. Should surveillance cameras in public become ubiquitous this information will be used for political purposes. It is human nature. This simply further reduces the chances of someone without a lot of wealth being elected to a public office, further promoting our existing consolidation of government among the ultra wealthy. And what is the gain again?
You'll note that it's the "Month of *APPLE* Bugs," not the month of OS X bugs.
Sadly the second bug announced is in VLC, which is not made by Apple at all, but merely runs on OS X as a platform. So those bitching were correct, but premature.
In what way is full disclosure unethical?
Full disclosure that is intentionally delayed for a period of time exposing users to risk during that time is certainly unethical, especially when you are financially benefitting from that delay.
This is a classic win-win situation.
Okay you found a potential security hole. Should you A) contact Apple and give them time to fix it before letting all the malware authors know about it? B) release it immediately so that people are aware and can fix it and so Apple is pressured to start work right away? or C) don't tell Apple or the public but sit on the bug until the day it will generate the most publicity for you personally?
In a given situation I can see either A or B as a viable option. If Apple is slow to fix bugs that aren't public and you think the bug is probably being exploited in the wild, sure full disclosure might make sense. Of course Apple has a pretty damn good record in that regard (the last bug fix was released 10 days after Apple was told of the bug) and there is no evidence that either of the "vulnerabilities" announced so far is being actively exploited. What argument can you make to defend option C? If Apple can't work on a fix and the public can't act to defend themselves you've managed to combine the drawbacks to both of the above without any benefit to users. You've made the platform just a tiny bit less secure, in order to get PR. That is unethical and irresponsible.
On the server side, I don't think that OS X is inherently a good platform for virtualization, given the performance issues with the kernel
Virtualization will never be as fast as the "real thing" but for the most part, it doesn't need to be. I don't have any major issues with the speed of VMs on OS X, only with the feature set.
I don't begrudge them on that point. That was a clusterfuck from the start. Honestly, I don't run any more OS 9 apps at all. I still have an occasional old non-carbonized game or two. But I just don't run them. They're taking up disk space. This was a ton of effort for very little payback.
Again, I'm not claiming Apple should be supporting OS 9 emulation or virtualization, but they should make it easy for third parties to do so. The main stumbling block to making this work is getting a valid ROM file downloaded, extracted, and installed because Apple restricts emulators from including or redistributing these ROMs to which they locked their OS. The DMCA makes reverse engineering illegal. Making OS 9 emulation no longer default functionality is very reasonable from a strategic point of view. Making it extraordinarily hard because of Apple's legal position, however, is not.
Why should Apple compete with third-party vendors?
I'm not implying that Apple should be competing with desktop VM providers. I'm saying they should be incorporating APIs and OS level functionality to make those vendor's job easier and their VMs more useful.
As long as their choice of third-party apps includes only fairly widespread apps, I wont' complain. But if they start to find problems in some random odd shareware app that the vast majority of even technically-inclined Mac users don't use, then they'll be pushing it.
Well, that didn't take them long then, huh. Day two has brought a vulnerability in VLC. I'm not sure anyone would describe that as a widespread application.
Seeing how you want me to support arguments I never made, I don't see how I can.
I replied only to what you wrote. If what you wrote was misinterpreted by myself and the moderators and at least one other person who responded, maybe you should admit your statement was misleading?
Do you find spewing hostility on slashdot to be cathartic, or are you like this in real life, too?
You find me hostile? It is interesting how people read certain emotions into the writing of others. Brief snippets of text like this usually don't contain enough info to accurately convey the emotions of the writers. Maybe you should think about why you have categorized my responses as hostile. Am I merely being contradictory? Am I emotionally invested in this conversation?
The truth is I reply on Slashdot much as I speak in person applying the same rules of discourse and trying to apply the same logic. Personal interactions are a richer medium with a lot more feedback and clues, so who knows how much you can equate the two. You're certainly not the first person to take a dislike to me here, as a number of people have marked me as their "foe" although not nearly as many as have marked me as their "friend." In person, I seem to be one of those people who is very social and both liked and respected by most others. So why do you find my writing hostile?
One is the month of bugs. The other is the moth of fixes, a response to the first and a different project by different people. You can at least correctly read the title of the article summary before declaring it a dupe. MOAB != MOAF.
In my humble opinion, OS 9 needed to get the boot.
I think excluding the ability the run OS 9 by default is a reasonable decision. But it's nice to have some more gradual deprecation. They went from supporting OS9 apps out of the box with every machine, to not supporting them even as an option and intentionally making it hard for others to provide that functionality in a single step.
Very few people depend on classic apps, and maintaining the classic environment is just another damn thing to chew up development resources.
How many resources does it take to provide the SheepShaver project with a license to redistribute their ROM? That is pretty much all it would take to make running classic apps a simple, free third party download instead of an exercise in frustration that requires a visit to a warez site, or access to an old machine with OS 9 installed. Official support of the project would be better and would be good PR for Apple playing nice with open source, but even that is more than they need to do.
The big thing for consumers is Windows virtualization on OS X. It's a cool concept, yet it's a human factors nightmare and not the most encouraging thing for application development on OS X.
Applications in a VM will always be second class citizens, thus users will provide demand for native ports. I'm not too worried about VMs running Windows undercutting OS X development, especially in that it is significantly increasing overall market share. Sure a few developers will cancel OS X versions, they will also lose big time to competitors that don't do that.
On one hand, I'd like to buy an Intel Mac and Parallels, on the other hand, I hope virtualized Windows doesn't become the norm for OS X users.
That's just not going to happen. Most users don't know what an OS is and would never consider installing one. They certainly are not going to pay for a Windows license on top of the cost of a Mac. No, the real concern is not that Windows on Mac will ever be a normal situation, but that bad ports via Windows API reimplementations (like WINE) will become the norm, resulting in lots of quick and dirty ports that run slowly with lots of bugs on the Mac. Already one company is selling porting tools and services based upon this premise. It will be transparent to the user, who will just end up buying a crappy, bloated, slow, buggy version of a game that plays well on Windows. Then review sites will talk about how slow OS X is by comparison to Windows and Apple's reputation will be damaged, possibly slowing uptake.
I don't normally respond to my own posts, but two people modded this as "troll?" I'd love to hear an explanation of the logic behind that moderation.
This is why we have Jabber.
Jabber has a little traction in business and Google is behind it with a tiny market share and Apple is sort of behind it with support in iChat. Unfortunately Microsoft and Yahoo together have a huge chunk and they're partnering for interoperability and likely to dominate the market, thus preventing an open standard from emerging. They hope to collect a toll in advertisements and server licensing and they will probably succeed unless people wise up or the government steps in. If only AOL would throw their weight behind it Jabber would have a real chance.
OK, your other points aside, I got a full-body shivering skeeve with a bit of throw up in my mouth when I had a mental picture of usually-very-nicely designed OSX icons sitting right next to the crap you get on Windows and Linux.
Be that as it may, it makes sense for end users and maintaining a consistent paradigm is important especially for novice users.
Sandbox==good. That way you can keep all the turds in the same place.
I'm all for sandboxing applications, even native ones. I think it is going to have to happen if we ever want a reasonable level of security in mainstream desktops. That doesn't mean you can't still logically represent programs that run in a sandbox, outside of that sandbox. I'm just talking about an icon that is a link to the emulated application, maybe labeled with a Windows symbol or something. Add in a dock representation so you can easily quit or suspend the application without breaking your workflow and you're probably at a level of usability that will appeal more to novice users. Heck, Parallels already runs apps in a windowless mode in the new beta. I'd just like to see OS X provide the hooks needed for the rest, rather than having them hack it together.
Is it theoretically possible to virtualize a few copies of the OS+BIOS+etc. for each program launched to further isolate one program from crashing/infecting others? Or maybe that'd be way too resource intensive?
It is theoretically possible and it is resource intensive. A more workable solution is simply to build strict application level restrictions into the kernel to prevent applications from interacting, and this seems to be the way modern OS's are heading. A VM is useful for running legacy applications that cannot install/run well with these restrictions.
They don't want you to use OS X in a VM, as it makes it trivial to use it on generic PC's, which eliminates the vast majority of their revenue.
I'm sure that is true, but do they have a plan for what happens when/if the industry moves toward virtual machines on the server? Are they just going to let OS X server die, or try to target only really small businesses? What about thin client support? if more and more VMs start running on big hardware and exporting to thin clients do they have a plan to provide better support for those clients? Integrate with those UIs? Are they just assuming none of this will happen?
They don't include virtualization software themselves as Parallels and VMWare are doing a good job if you need such a thing, and they don't want to alienate them.
It is perfectly understandable not to include a VM in their workstation, but that does not preclude kernel level support for virtualization, including API's and hooks for interoperability. What about hooks for supporting virtual machines like Parallels, but treating the apps as more "native" with Windows or Linux binaries showing up as icons in OS X?
And not strictly virtualization, but you mentioned it - they don't want to make it easy to use OS 9.
Depending upon how access to OS 9 apps is accomplished, it certainly is virtualization. I certainly understand not including it in a the default install to discourage the use of OS 9 apps, but making it hard to find and install your own VM of this sort is counterproductive, in my opinion. Even PS3's provide a way to run PS2 games.
Meanwhile, they do nothing to hinder or help SheepShaver and others; the ROM files needed are available from Apple's website (although not easy to find).
SheepShaver is useless without ROMs, the discovery of, extraction of, and installation of is well beyond the capabilities of even many advanced users. Apple does not allow the SheepShaver project to redistribute those ROMS or include them in a pre-build binary. That certainly hinders the project a lot and prevents it from ever being user friendly enough to attract a significant body of developers. It seems like a tiny bit of privilege from Apple would go a long way here, but they withhold it.
It just seems like VM is a very promising new technology that MS and Linux distros are leaping at, and which is finally evolving a few standards. Ignoring it on so many fronts, seems dangerous to me, akin to MS ignoring the internet until the final hour. Ignoring some of the fronts on which VM is making inroads is one thing, but ignoring them all seems almost like a cultural bias. I wonder if maybe the term is taboo at Apple, since they are worried about it one one front and have applied a policy a little too liberally.
Virtualization is usless in a desktop multimedia user environment. Video cards, sound cards and the like are bus mastering devices and you cannot virtualize hardware access unless you own the whole environment. In simple terms, virtualization is only usefull in the server arena and useless on the desktop.
As someone with two VMs running on my OS X laptop right now, I'd have to disagree with you. As for sound cards and video cards the sound works just fine and at least two companies I know of are working on support for allowing hosted OS's full access to video card acceleration.
Just wanted to point out that qemu can also do virtualisation on Linux, just like Vmware, with a closed-source kernel module.
The article lists the following solutions on Linux: Bochs, QEMU, VMware, z/VM, Xen, UML, Linux-VServer, and OpenVZ. I'm not sure why you felt the need to mention QEMU specifically. It does, however, seem like one of the more promising solutions. Have you used it in production?
Two doors can be equally open. One doesn't have to be more open than the other. One is not more unlocked than the other.
Theoretically this might be the case, but this is the real world. One door is always going to be more open than the other, until we develop much, much, much more precise tools. Show me doors engineered and placed down to the level of subatomic particles and I'll recant. Since you're splitting hairs here, I might as well join you :)
This article is an okay overview of many of ways virtualization is now being used. As an aside, has anyone else noticed Apple seems to be missing the boat this time? They're certainly benefitting from virtualization with several players in the market providing emulation solutions and tools now that they are on Intel, but Apple themselves seem to have done nothing and not even provided a strategy. Servers are moving to more virtual servers on one real machine, but OS X's license forbids it from fulfilling that role. Tools for using OS X as a thin client for accessing remote virtual machines are likewise weak. Apple hasn't even provided a virtual machine for their customers to emulate old macs so that users can run OS 9 apps on the new intel machines and they restrict redistribution of their ROM files to make 3rd parties unable to do this. No mention of adding VM technology to OS X has been heard, despite its inclusion in the Linux kernel among others.
Does Apple have something against VM technology? Are they simply behind the times and failing to see the potential?
Publishing the bugs lets people for whom it matters know that they exist and take steps to mitigate them.
I agree that sometimes it is a good idea to publish some info on a vulnerability immediately if their is evidence it is being exploited and there is a way the user can mitigate it. For example, if you find a vulnerability because a hacker uses it on a honeypot machine you have and it exploits a relatively unused service that is enabled by default, it makes sense to publish this fact immediately so people can turn off the unneeded service before more damage is done. Now lets look at the specifics of the month of bugs. They aren't publishing the bug right away or informing Apple of it. They're intentionally delaying publishing bugs in order to space them out and generate more press for themselves. Whether you favor immediate disclosure or informing the vendor first, or make that decision based upon the details, these guys are still doing the wrong thing. They're not publishing immediately or informing the vendor, they're sitting on them, the worst of both scenarios.
How often do non-bosses lie?
I don't have numbers on how often a person in authority lies or how often a person with someone in authority over them lies, but since a lot of people fit in both categories those numbers are hard to come by. It is well documented, however, that facts become more quickly distorted when moving up through an authoritative hierarchy than down. That implies that people are more likely to mislead their bosses than to be misled by them. Logically, this follows since providing the truth to a superior often results in punishment, so people directly benefit from misdirecting their superiors.
No. I started this thread by describing Apple's relationship with security researchers as troubled. Any attempt to drag Windows into it was done by you.
The root post was by bogie (31020) and read "Is Apple as bad as MS when it comes to fixing security flaws?"
You know, it says something about your own biases that I can say "Linux and OS X" and you read "Windows".
No, it says a lot about your ability to express a coherent argument. You wrote "Linux and OS X" in talking about your personal credentials, in a discussion about Windows and OS X. Personally, I use all three daily. Your statement was either highly controversial, or completely irrelevant. I gave you the benefit of the doubt and assumed it was controversial. In future I'll assume you're just writing nonsense and haven't bothered to read what you're replying to.
you made a ridiculous claim, that MS does not respond to security issues
You quoted me and you still think that is what I wrote? I wrote that MS has no motivation to respond to security concerns. This is true. They do not, in general, provide an OS that solves the malware problem they are having. They don't shut down unneeded services, or apply proper defaults. They don't mitigate trojans well. Most of their customers suffer inconvenience or expense as a result. They don't change this because they don't have a strong enough (financial) motivation.
First, this has nothing to do with whether or not Windows is more secure than OS X.
The root cause of a phenomenon has nothing to do with that phenomenon? How... novel.
Second, your statement is quite obviously false, because MS has spend a vast amount of energy trying to fix the security issues in their operating system.
MS has spent vast amounts of money saying they are fixing the security problems. They've spent vast amounts of money implementing certain technologies. Your assertion, however, that those technologies are designed to solve the security problem is conjecture.
So, seeing how you can't correctly parse other people's statements, and you apparently don't even understand the illogic of your own statements, I can't see the point in continuing this discussion.
Yeah, people who can't support their arguments often retreat. Wise decision.
Where the hell did I say Windows is more secure than OS X?
You were responding in a thread discussing the relative security of Windows and OS X and whether or not market share was the only factor. You then made the statement, "Sonny, I write device drivers for a living, on Linux and on Mac. I assure you, the Mac isn't more secure." Since that was the first mention of Linux, I, and probably most other readers assumed the first sentence was a statement of your credentials while latter comment was regarding OS X and Windows. You were thus modded as flamebait, but perhaps you should have been modded as offtopic, depending upon your intention. Then I argued that, "Apple does respond to security concerns on their platform, while MS has little motivation to do so" to which you responded with, "MS releases security patches and updates even more frequently than Apple." If you weren't addressing my point, what were you trying to say?
Work on that reading comprehension, would you?
Having worked as both an editor and a professional author, I can assure you my reading comprehension is fine. Perhaps you should work on your writing skills a little and try to express complete thoughts if you want people to understand what you really mean?