Those are some good points, and I'm reconsidering - you may be correct that where a single vulnerability is concerned, full disclosure has a greater (on average) damaging effect. I still disagree that it's the most responsible response, however, because I don't think that computer users should be focused only on the latest vulnerability - there's a bigger picture that's often overlooked.
Computer software today is, on the whole, extremely insecure. We may never perfect it, but it could be a whole lot better than it is now - there are very few technical roadblocks to developing far more secure software, just economic and political ones.
As long as software developers can make money from insecure software with few repercussions, they will do so. And if a standard develops where security researchers reveal bugs secretly to software developers, there will be even less incentive to develop securely in the first place - after all, if you were a CEO would you waste manpower doing bug-testing that an army of volunteers is going to do for you anyway? Would you be concerned about security flaws if you knew the public would never find out about them?
Full disclosure keeps software developers honest. It's whistleblowing, and should have the same protections as someone who reveals a safety hazard in any other consumer product. Keeping ugly issues under the table may make a particular incident go smoother, but bringing everything out in the open in front of consumers, government, and even hackers is the only way to ultimately force the software industry to reform their irresponsible practices.
the damage inflicted due to a vulnerability is proportional to the number of people who have the knowledge required to exploit it multiplied by the amount of time each person has knowledge required to exploit it.
Your equation makes intuitive sense, but it doesn't model an important factor - the number of people who know about the vulnerability is not nearly as important as who they are. Here are some classes of people, and how disclosure affects them:
Skilled black hat hackers: These people are often security researchers themselves, and usually have knowledge of 0day vulnerabilities which either they or their associates have discovered but not announced. These exploits are hoarded and used sparingly (so as to keep them low profile) but against very important targets like credit card databases, government identity records, etc. Since these people are experts, their exploitation of vulnerabilities is much harder to detect than the massive disruption caused by a worm or botnet attack. If the vulnerability wasn't disclosed, it would please these people, because it would mean they could continue to exploit it under the radar.
Skilled white hat hackers: When a new vulnerability is disclosed, these people often respond immediately with workarounds and patches to fix the problem - often faster than the software companies themselves. If the vulnerability wasn't disclosed, they wouldn't be able to develop fixes.
"Script Kiddies": These are the people who are interested in breaking into or disrupting computers, but don't have the knowledge, connections, or motivation to seek out 0day vulnerabilities. Instead, they find vulnerabilities that have been disclosed and try to exploit them. These people can cause serious damage in the form of worms, but more frequently cause annoying but relatively minimal levels of damage, since they have neither the expertise nor the profit-motive of a professional black hat. If the vulnerability wasn't disclosed, these people wouldn't be able to exploit it, and would have to go play outside or something:)
Software companies: These guys write the vulnerable software in the first place, but have a vested interest in convincing the public that it's not vulnerable. They generally give less attention to security than is needed to create a solidly secure app in order to save time, money, and increase features. When vulnerabilities are disclosed, it both makes the company look sloppy and creates more unpaid work for them in the form of patches. If the vulnerability wasn't disclosed, these people would be delighted, because it would mean they didn't have to work on a patch, and their software wouldn't be publicly blamed when professional black hats (who still know of the flaw) break into their customer's networks.
Software users: This is the general software using public, which is most of us here on Slashdot. We don't know about a vulnerability until it's announced, or often until a patch is released. When vulnerabilities are released, we often suffer from the actions of "script kiddies" hammering at our servers or sending us virus emails. These are very identifiable problems and annoyances, so they are seen as the central significant result of disclosure. However, disclosure also gives us quick patches and fixes from white hats, and usually expedites solutions from software companies. We therefore benefit from the added invisible protection against a skilled attacker who might seek to use this previously un-patched vulnerability to attack our system(s). Most importantly, it allows consumers to make informed decisions about what software companies they trust to produce secure apps, thereby creating market pressure for more secure software development practices. If the vulnerability wasn't disclosed, we would be totally unaware of the threats to our security and privacy that lurk within the software we trust. We would be safe from the obnoxious and sometimes genuinely destructive "script kiddies", but we'd continue to be vulnerable to the real threat - black hats who are intelligent, dedicated, and motivated enough to use 0day vulnerabilities to attack us.
My point was that yes, they did introduce such functionality first, but the reason wasn't because they were technological visionaries who came up with the idea of interoperability before everyone else. Plenty of programmers and software companies had ideas about making things compatible and interoperable, but the software scene was so balkanized that it was impossible on a practical level to get all these different software vendors to cooperate on standards of interoperability.
Microsoft's advantage was (and is) that it doesn't/have/ to cooperate with anyone, because their own company controls all of the major software. They want a new feature or a new standard, they can just add it. It's sort of like the difference between a democracy - where you have to spend a lot of time convincing and organizing disparate groups in order to make a social change - and an autocracy, where the leader makes a decree and the entire society shifts immediately to accommodate it. Autocrats can certainly make more dramatic changes to a society, and some of them will maybe even be good ones, but it's not because they're skilled statesmen, they just have a lot of power.
I'm not denying that Microsoft created things that never existed before, I'm just pointing out that the reason was more because of their cutthroat business posture and economic dominance rather than any technical innovation.
Try embedding an Excel spreadsheet into your non-MS calendar, or pasting a MS Word doc into a non-MS email app. It doesn't work so well, does it? The incredible inter-operability and compatibility that you're describing exists because MS has direct control over all the specifications and interfaces for pretty much all the apps most people use today.
MS didn't "innovate" the idea of getting everyone to use only MS apps for everything. If any company held such a powerful monopoly, they could do something similar. MS enjoys a greater degree of compatibility and interoperability in their software because they control the whole game - the OS, the browser, the word processor, the spreadsheet, etc. are all totally under the control of MS. If a small company has a truly innovative idea, they have to fit it within the existing inflexible MS specs and APIs, or they're out of luck. Meanwhile, if MS has even the slightest idea for a new feature, they can just re-mold the entire OS and application architecture to implement it.
What if you could get better gas mileage in a Ford, but you could only use Ford gas and drive on Ford roads? Would that be considered "innovative"? Requiring people to commit themselves to a restricted proprietary environment in order to get the benefits of interoperability is a sign of lazy development at best and anti-competitive profiteering at worst - but if that's what they call "innovation" these days, who am I to argue?
Is it because you can't afford to buy gold yourself? That's what I think. I think you're jealous.
In a way, you may be right. I think of people who spend RL money to increase their in-game power sort of the same way I think of people who use their extreme wealth to make friends.
On one hand, it's kind of sad, because it's likely that the rich person is either unable or unwilling to make the effort that most people do to develop a real friendship - like spending time with each other, listening to their ideas, sharing interests, doing each other favors - so they instead use their money to shortcut the process. There are plenty of people out there who will act friendly to you if you buy them expensive things and give them money.
On the other hand, it's frustrating and angering. This rich person is using this huge advantage they have in money to compensate for their inability to make friends, and that doesn't seem fair. Why should some rich asshole be incredibly popular, while nice folks like you and I are mostly ignored?
It's the same thing in games, only more so. You can argue that money makes the real world go 'round, and that it's inevitable that money will bring you favor in other areas, but people often play games to escape from that.
Many people play MMORPGs because they enjoy "being in a different world". Having people be able to gain power in the game by virtue of their RL wealth ruins the illusion that the game is truly a different world, where actions and efforts within the game are what determines people's power and influence.
Maybe the entire idea of a "different world", set apart from the influence of RL wealth is just a fantasy anyway, but I like the concept, and I hope that gaming communities can find a way to preserve it.
The automobile is, ironically, one of the central causes of some of the more politicized problems in society.
American automobiles have created the greatest single demand for oil in the world. Demand for oil and the need to control oil supplies was one of the key reasons for invading Iraq, and why we are so reluctant to leave now.
Automobiles are one of the greatest contributors to atmospheric pollution, which kills many people from things like cancer and severe lung problems.
There are definitely people who see cars as one of the most harmful, irresponsibly used technologies in the modern era. I'm one of them, which is why I choose not to drive cars and instead use a bicycle or efficient mass-transit for transportation. I'd encourage other people to re-evaluate the "car culture" that is so universal in the US - who would think that such a ubiquitous aspect of American life could be the source of so many problems?
Secrets are there for good reason. The public can't be trusted with everything.
The ability to keep secrets from the public is a form of power. This power can be used sparingly and responsibly - like your example of keeping battle plans secret before the battle. I don't think anyone would claim that absolute transparency should be expected - I don't want the nuclear launch procedures and authentication information to be public information!
Like most forms power, the ability to keep secrets can also be exploited and abused for the benefit of those in power. The ability to keep documents detailing your wrongdoings out of the public eye empowers you to commit even greater and more brazen wrongdoings without fear of reprisal - nobody will know until it's too late.
I'm of the opinion that government officials tend to abuse and exploit the power granted to them most of the time, and we should therefore be working to strip them of all power that's not absolutely necessary for the functioning of society. While a limited power of secrecy is understandable, the degree of power that officials have over information today is far, far beyond what is beneficial to society.
The trouble is that although the government infrastructure which keeps things secret no longer serves the interest of the public, it does serve the interest of the vast majority of our government officials. I suspect that it will take a vast, radical change to the structure and philosophy of our government before we can expect officials to voluntarily relinquish the power which insulates them all from the repercussions of their actions.
Good for you! I also do my best to avoid exposure to advertising as a policy - I avoid television and newspapers the same way you do. But I also realize that as long as I'm consuming modern information and entertainment, it's very likely that I'm being advertised to.
Sure you can skip past the previews in a movie, but some of the highest-priced ads are actually located in the movie itself. You can get your information from free websites, but odds are, a lot of that information is slanted and influenced by marketing dollars, and some of it is even straight-up industry funded advertisement in disguise.
I guess the moral of my story is to/always/ be critical, consider the agenda of any information you absorb and why that agenda might not actually be in your best interest. Avoiding ads is a worthy pursuit, but don't be fooled into thinking that you've escaped the influence of the marketing industry - that's exactly what they want you to think!
The biggest trick ads ever pulled was convincing the world they didn't exist...
The most interesting thing about advertising is that it's become so ubiquitous that even the people it's targeted at don't realize they're seeing it. People filter ads out all the time, ignoring them in order to pay attention to the information that's interesting to them at the time. People look past billboards, flip past ads in magazines, turn to have a conversation during TV commercials - we tend to ignore ads, but they leave an impression on us anyway.
The human brain is a very powerful pattern recognition device, and when we see things that fit into a pattern, for example the same logo in many places, our brain notes that, even if we don't intellectually take interest in it.
Much of modern advertisement is about this, which is why logos have become so much more important than the message of advertisement. A logo is a compressed, subliminally accessible image that people can't help but notice. If people see the same image, or hear the same slogan or jingle enough times, it becomes familiar. Familiarity offers a huge bonus to the marketing of a product. Even if the consumer has never tried it, s/he feels a slight level of familiarity with it, and so is likely to trust it more than the competition.
I don't mean to seem like a raving tin-foil-hat-wearer, but people who do in-depth media studies will tell you that the public's belief about the effect advertising has on them is/way/ different from the effect that it actually has, observable through actual market research. Most people's actions are very much influenced by an advertising environment that we cannot even identify.
Do you pay to watch movies? Do you pay for cable/satellite TV? Hell, have you ever paid for a newspaper or magazine?
If you do any of these things, you do indeed pay to watch ads. Wherever there is concentrated public attention combined with greed, advertising will find a way. Movies include ads both at the beginning, and included throughout the feature in the form of product placement. Some movies are even produced so cynically that the entire film can even be thought of as an ad for a product line primarily, and a film secondarily (Spiderman, for example).
Pay-TV does the same thing. While you may not be exposed to "after these messages"-type ads, there are definitely large amounts of advertising dollars and interests having their way with your HBO Original Series. What brand of cars do they drive? Why do Cisco-brand routers happen to save the day from the hacker attack?
Advertising does not always come in the form of 30-second TV spots or banner ads. Much of the most valuable advertising is subtle enough that it usually isn't identified as advertising. A glowing product review on a web site, a movie star seen using a certain brand of cell phone, a story on your local news station about a new video game system...
What kinds of entities do we humans believe deserve to have individual civil rights?
This is a very good question, and I agree with your implication - we tend to demand rights for things that we feel sympathetic towards. We are up in arms when a single child in our neighborhood is harmed, but strangely silent when thousands of children are painfully killed in other parts of the world. We respond with genuine sympathy and outrage when we see a pet dog being kicked or otherwise abused, but think nothing of the countless animals that die to feed us.
Our societies have made a lot of sweeping assertions about how rights are universal, etc. But the practical reality is that many people feel more passionately about the treatment of their goldfish, or their virtual game avatar, than they do about real humans in Darfur.
This is an interesting inconsistency, and to me it suggests that people will give robots rights at the same point that they give anything else rights - when robots become sympathetic enough that people can relate to them, and feel some level of emotional connection.
Wow, that's amazingly restrictive if it's true. You could try doing things like downloading a file over an https:/// link or transferring data over an encrypted tunnel - if those are slow too, then they must be throttling all unrecognizable traffic, which is totally fucked up and probably worthy of a complaint to your ISP, since they're blocking all sorts of legitimate services.
If not, they may have some other method of figuring out what is and isn't bit torrent traffic. I suspect your experiences would be interesting to those designing ways to get around throttling.
My problem with clearwire is that they throttle p2p networking
Use Azureus, with protocol encryption enabled. As far as I know, the current throttling methods don't work for obfuscated/encrypted streams. If enough people resist throttling, maybe it'll persuade ISPs to use local torrent caching instead, which will cut down on their bandwidth bill and increase our speeds too.
But would they be unhappy enough to do something about it? Probably not.
It's true - computer users are often lazy when it comes to security, and it drives me crazy. But, I'm not so bitter and aloof that I would say that users should be punished for failing to secure their data. We're computer experts here, so it seems like a fairly small undertaking for someone to encrypt their email, but there are a lot of people who have just barely grasped how to send email in the first place.
No matter if these people are lazy, uneducated, or stupid, I don't think that the "right to learn about and use encryption" is a sufficient guarantee of our basic "right to privacy".
You shouldn't have your privacy violated just because you were too lazy or inept to figure out how to use encryption, just as you shouldn't get your ass kicked just because you don't know Kung Fu.
Since it is easy to use end-to-end encryption, it should be incumbent on the user
If it was really easy to use end-to-end encryption, that might be a reasonable expectation. But it's not really easy. The proof is that almost nobody encrypts their emails today, but if you told them that strangers were reading their emails, they'd be unhappy about it.
Compare the email situation with many other security precedents. There are phone-tap detecting devices out there that could be used to prevent eavesdropping on phone calls. It wouldn't be too hard to phone users to employ these, but there's also a law which says you can't tap people's phones (at least there used to be!). It's reasonable to expect you to lock your door, but there's also a law which says you can't trespass in someone's home, even if they don't have a lock. It's a good idea to learn self defense and carry a weapon if you're going to an area where you might be accosted, but there's also a law which says people can't attack you.
Personally, I don't trust the government to protect any of the rights they supposedly guarantee me, but that doesn't mean that they shouldn't guarantee them. At least with a legal guarantee I have some kind of recourse, and there's a deterrent for the law-abiding people or officials who might otherwise try to snoop on me.
I agree that we need easier and more powerful privacy technology, but it'd be awfully nice if I didn't have to defend my privacy by force all the time.
150,000 Euros is a lot for soon-to-be abandonware software
First of all, it probably won't become abandonware if the community fails to buy it - it'll be sold to some other corporation who will chop it up and use parts of the IP for some other cookie-cutter MMORPG.
Second, even if it did become abandonware, that wouldn't be nearly as good as having it legally open-source. Abandonware exists because the company who owns the copyright chooses not to enforce it, because there's not really any money to be made by doing so. But if the Ryzom code was developed into a great, free, community owned MMORPG, there'd always be the threat that the copyright holders would come knocking one day and shut it all down - sort of like how if there really was "abandonware" SCO code in Linux, it'd be a deadly blow to the open source movement.
Third, it's not possible to pirate an MMORPG the same way one pirates Quake. As soon as ID stops enforcing the copyright on Quake, we can all get free copies from our friends, but with an MMORPG, the server code is the most important part, and nobody has that but the company. They need to be persuaded to actually bother to share that.
It depends on the vector of attack. If you're sitting outside a web site, trying to log in with someone else's credentials, it's likely that even a weak password will be enough to hold you off.
People tend to imagine this as the usual attack scenario, but it's not. Usually the attacker who carries out a massive hack already has a foothold in the target network.
If you've got a foothold and want to increase your access, you'd probably start by finding password hashes. You can easily find hashed passwords by sniffing local traffic, looking in database tables, and grabbing password files for certain apps. None of these hashes are useful unless you can brute force the passwords, and the simpler the password, the easier it is to brute force.
If everyone used complex passwords, the ease of doing these types of privilege escalation attacks would go way down.
Additionally, you can be the smartest security professional - never get personally taken in by social engineering - and still have your password hash exposed due to poor security management by the hosting company. If your password is weak, you're still 0wned.
I say we focus on those instead of crying over what is essentially a sad but unimportant story.
Did it occur to you that bee monoculture was a problem until you read that story? Yeah, me neither. See that's the problem. If we could tell which species and ecosystems were important to protect, I'd be right behind you: "pay attention to the ones that matter, and who gives a fuck about the rest?!?!"
But the problem is, we don't know what the hell we're doing. We don't know what species are important, what environmental variables do what, and we generally don't find out until things have gotten out of hand and shit like entire species have been destroyed. You can find innumerable examples where a seemingly insignificant change in an environment caused some fairly significant and harmful cascade.
Because we don't understand exactly how ecosystems work yet, we're limited to leaving them mostly alone and keeping them the way they are, because as every programmer knows, getting excited and trying to fiddle with a system you don't understand frequently leads to a crash. And unlike on a computer, we can't just reboot the planet.
The "naturalness" of a phenomenon is usually not a useful criteria for deciding whether it's "OK" or not. Whether it helps or harms our needs as human beings living in a complex ecosystem is a useful criteria, however.
Sometimes natural phenomena are harmful to our needs, and sometimes unnatural phenomena are helpful to our needs. But, this doesn't mean we can adopt some kind of "post-environmentalist" attitude where we no longer care about ecosystems. The reality is that disruption of ecosystems, especially ones that people depend on, very often has sweeping negative effects on people.
It doesn't matter whether the extinction of this species was natural or unnatural, part of evolution or an aberration of evolution, the practical reality is that this species' destruction may cause serious repercussions for other life in and around the river, including people - not to mention all of the potential scientific and medicinal resources that have been lost forever with its extinction.
This non-concept of "economy of sharing" goes like: I have something, which you want, and I am morally obligated to give it to you
I think the "economy of sharing" is more a reference to the "gift economy", in which people exchange things with each other not because they stand to gain personally from the transaction, but because they want to. There's nothing obligatory about the gift economy, quite the opposite. It's the voluntary nature of gift giving that makes it what it is. If a market economy is organized around the greed/competition instinct of humanity, a gift economy is organized around the group affinity/nuture instinct.
I know this concept flies in the face of everything people learn at Harvard Business School, and pretty much invalidates most market theory, so I'm not going to waste my time going into much detail, but the fact is that many, many exchanges throughout the world take place through the gift economy, and it is the primary form of economic exchange in many successful communities - the Free Software Community being one of them.
Actually the pope has made multiple statements opposing the war in Iraq, and has been generally a voice for peace in recent history. In fact, many Catholic organizations, such as the Catholic Workers have actively opposed US wars.
I could also see the terrorists increasing the sensitivity of the trip wires
Yeah, that's the first countermeasure I thought of too - but we're talking about such a small change in weight/pressure that the wire would probably be tripped by a breeze or strong vibration.
I can't really think of any other good ways to make the tripwire undetectable, but it'd be pretty trivial to exploit the silly string IED detection method by producing false positives. Just string up fishing line in dark rooms all over the city, and US bomb squads will be stretched to their limit (like they aren't already) with false alarms. After all, silly string can't really detect IEDs, only wires - and if wires are a common thing, detecting them really isn't that useful.
For those with a philosophical bent, I recommend Finite and Infinite Games. A very thought provoking exploration of what constitutes a game, and how they blend with reality.
As someone has already explained, we probably capitalize ID (the abrv.) to distinguish is from the id (ego).
I figured it was capitalized to reflect the way we say it (eye dee) - spelling out the letters instead of pronouncing it as a word. I guess the most correct way to do that would be to write it I.D., but people tend to drop those periods, hence "ID".
Slashdot Mirror
I still disagree that it's the most responsible response
s/it's/"responsible disclosure" is/
Those are some good points, and I'm reconsidering - you may be correct that where a single vulnerability is concerned, full disclosure has a greater (on average) damaging effect. I still disagree that it's the most responsible response, however, because I don't think that computer users should be focused only on the latest vulnerability - there's a bigger picture that's often overlooked.
Computer software today is, on the whole, extremely insecure. We may never perfect it, but it could be a whole lot better than it is now - there are very few technical roadblocks to developing far more secure software, just economic and political ones.
As long as software developers can make money from insecure software with few repercussions, they will do so. And if a standard develops where security researchers reveal bugs secretly to software developers, there will be even less incentive to develop securely in the first place - after all, if you were a CEO would you waste manpower doing bug-testing that an army of volunteers is going to do for you anyway? Would you be concerned about security flaws if you knew the public would never find out about them?
Full disclosure keeps software developers honest. It's whistleblowing, and should have the same protections as someone who reveals a safety hazard in any other consumer product. Keeping ugly issues under the table may make a particular incident go smoother, but bringing everything out in the open in front of consumers, government, and even hackers is the only way to ultimately force the software industry to reform their irresponsible practices.
the damage inflicted due to a vulnerability is proportional to the number of people who have the knowledge required to exploit it multiplied by the amount of time each person has knowledge required to exploit it.
:)
Your equation makes intuitive sense, but it doesn't model an important factor - the number of people who know about the vulnerability is not nearly as important as who they are. Here are some classes of people, and how disclosure affects them:
Skilled black hat hackers: These people are often security researchers themselves, and usually have knowledge of 0day vulnerabilities which either they or their associates have discovered but not announced. These exploits are hoarded and used sparingly (so as to keep them low profile) but against very important targets like credit card databases, government identity records, etc. Since these people are experts, their exploitation of vulnerabilities is much harder to detect than the massive disruption caused by a worm or botnet attack. If the vulnerability wasn't disclosed, it would please these people, because it would mean they could continue to exploit it under the radar.
Skilled white hat hackers: When a new vulnerability is disclosed, these people often respond immediately with workarounds and patches to fix the problem - often faster than the software companies themselves. If the vulnerability wasn't disclosed, they wouldn't be able to develop fixes.
"Script Kiddies": These are the people who are interested in breaking into or disrupting computers, but don't have the knowledge, connections, or motivation to seek out 0day vulnerabilities. Instead, they find vulnerabilities that have been disclosed and try to exploit them. These people can cause serious damage in the form of worms, but more frequently cause annoying but relatively minimal levels of damage, since they have neither the expertise nor the profit-motive of a professional black hat. If the vulnerability wasn't disclosed, these people wouldn't be able to exploit it, and would have to go play outside or something
Software companies: These guys write the vulnerable software in the first place, but have a vested interest in convincing the public that it's not vulnerable. They generally give less attention to security than is needed to create a solidly secure app in order to save time, money, and increase features. When vulnerabilities are disclosed, it both makes the company look sloppy and creates more unpaid work for them in the form of patches. If the vulnerability wasn't disclosed, these people would be delighted, because it would mean they didn't have to work on a patch, and their software wouldn't be publicly blamed when professional black hats (who still know of the flaw) break into their customer's networks.
Software users: This is the general software using public, which is most of us here on Slashdot. We don't know about a vulnerability until it's announced, or often until a patch is released. When vulnerabilities are released, we often suffer from the actions of "script kiddies" hammering at our servers or sending us virus emails. These are very identifiable problems and annoyances, so they are seen as the central significant result of disclosure. However, disclosure also gives us quick patches and fixes from white hats, and usually expedites solutions from software companies. We therefore benefit from the added invisible protection against a skilled attacker who might seek to use this previously un-patched vulnerability to attack our system(s). Most importantly, it allows consumers to make informed decisions about what software companies they trust to produce secure apps, thereby creating market pressure for more secure software development practices. If the vulnerability wasn't disclosed, we would be totally unaware of the threats to our security and privacy that lurk within the software we trust. We would be safe from the obnoxious and sometimes genuinely destructive "script kiddies", but we'd continue to be vulnerable to the real threat - black hats who are intelligent, dedicated, and motivated enough to use 0day vulnerabilities to attack us.
My point was that yes, they did introduce such functionality first, but the reason wasn't because they were technological visionaries who came up with the idea of interoperability before everyone else. Plenty of programmers and software companies had ideas about making things compatible and interoperable, but the software scene was so balkanized that it was impossible on a practical level to get all these different software vendors to cooperate on standards of interoperability.
/have/ to cooperate with anyone, because their own company controls all of the major software. They want a new feature or a new standard, they can just add it. It's sort of like the difference between a democracy - where you have to spend a lot of time convincing and organizing disparate groups in order to make a social change - and an autocracy, where the leader makes a decree and the entire society shifts immediately to accommodate it. Autocrats can certainly make more dramatic changes to a society, and some of them will maybe even be good ones, but it's not because they're skilled statesmen, they just have a lot of power.
Microsoft's advantage was (and is) that it doesn't
I'm not denying that Microsoft created things that never existed before, I'm just pointing out that the reason was more because of their cutthroat business posture and economic dominance rather than any technical innovation.
Try embedding an Excel spreadsheet into your non-MS calendar, or pasting a MS Word doc into a non-MS email app. It doesn't work so well, does it? The incredible inter-operability and compatibility that you're describing exists because MS has direct control over all the specifications and interfaces for pretty much all the apps most people use today.
MS didn't "innovate" the idea of getting everyone to use only MS apps for everything. If any company held such a powerful monopoly, they could do something similar. MS enjoys a greater degree of compatibility and interoperability in their software because they control the whole game - the OS, the browser, the word processor, the spreadsheet, etc. are all totally under the control of MS. If a small company has a truly innovative idea, they have to fit it within the existing inflexible MS specs and APIs, or they're out of luck. Meanwhile, if MS has even the slightest idea for a new feature, they can just re-mold the entire OS and application architecture to implement it.
What if you could get better gas mileage in a Ford, but you could only use Ford gas and drive on Ford roads? Would that be considered "innovative"? Requiring people to commit themselves to a restricted proprietary environment in order to get the benefits of interoperability is a sign of lazy development at best and anti-competitive profiteering at worst - but if that's what they call "innovation" these days, who am I to argue?
Is it because you can't afford to buy gold yourself? That's what I think. I think you're jealous.
In a way, you may be right. I think of people who spend RL money to increase their in-game power sort of the same way I think of people who use their extreme wealth to make friends.
On one hand, it's kind of sad, because it's likely that the rich person is either unable or unwilling to make the effort that most people do to develop a real friendship - like spending time with each other, listening to their ideas, sharing interests, doing each other favors - so they instead use their money to shortcut the process. There are plenty of people out there who will act friendly to you if you buy them expensive things and give them money.
On the other hand, it's frustrating and angering. This rich person is using this huge advantage they have in money to compensate for their inability to make friends, and that doesn't seem fair. Why should some rich asshole be incredibly popular, while nice folks like you and I are mostly ignored?
It's the same thing in games, only more so. You can argue that money makes the real world go 'round, and that it's inevitable that money will bring you favor in other areas, but people often play games to escape from that.
Many people play MMORPGs because they enjoy "being in a different world". Having people be able to gain power in the game by virtue of their RL wealth ruins the illusion that the game is truly a different world, where actions and efforts within the game are what determines people's power and influence.
Maybe the entire idea of a "different world", set apart from the influence of RL wealth is just a fantasy anyway, but I like the concept, and I hope that gaming communities can find a way to preserve it.
The automobile is, ironically, one of the central causes of some of the more politicized problems in society.
American automobiles have created the greatest single demand for oil in the world. Demand for oil and the need to control oil supplies was one of the key reasons for invading Iraq, and why we are so reluctant to leave now.
Automobiles are one of the greatest contributors to atmospheric pollution, which kills many people from things like cancer and severe lung problems.
There are definitely people who see cars as one of the most harmful, irresponsibly used technologies in the modern era. I'm one of them, which is why I choose not to drive cars and instead use a bicycle or efficient mass-transit for transportation. I'd encourage other people to re-evaluate the "car culture" that is so universal in the US - who would think that such a ubiquitous aspect of American life could be the source of so many problems?
Secrets are there for good reason. The public can't be trusted with everything.
The ability to keep secrets from the public is a form of power. This power can be used sparingly and responsibly - like your example of keeping battle plans secret before the battle. I don't think anyone would claim that absolute transparency should be expected - I don't want the nuclear launch procedures and authentication information to be public information!
Like most forms power, the ability to keep secrets can also be exploited and abused for the benefit of those in power. The ability to keep documents detailing your wrongdoings out of the public eye empowers you to commit even greater and more brazen wrongdoings without fear of reprisal - nobody will know until it's too late.
I'm of the opinion that government officials tend to abuse and exploit the power granted to them most of the time, and we should therefore be working to strip them of all power that's not absolutely necessary for the functioning of society. While a limited power of secrecy is understandable, the degree of power that officials have over information today is far, far beyond what is beneficial to society.
The trouble is that although the government infrastructure which keeps things secret no longer serves the interest of the public, it does serve the interest of the vast majority of our government officials. I suspect that it will take a vast, radical change to the structure and philosophy of our government before we can expect officials to voluntarily relinquish the power which insulates them all from the repercussions of their actions.
Good for you! I also do my best to avoid exposure to advertising as a policy - I avoid television and newspapers the same way you do. But I also realize that as long as I'm consuming modern information and entertainment, it's very likely that I'm being advertised to.
/always/ be critical, consider the agenda of any information you absorb and why that agenda might not actually be in your best interest. Avoiding ads is a worthy pursuit, but don't be fooled into thinking that you've escaped the influence of the marketing industry - that's exactly what they want you to think!
Sure you can skip past the previews in a movie, but some of the highest-priced ads are actually located in the movie itself. You can get your information from free websites, but odds are, a lot of that information is slanted and influenced by marketing dollars, and some of it is even straight-up industry funded advertisement in disguise.
I guess the moral of my story is to
The biggest trick ads ever pulled was convincing the world they didn't exist...
The most interesting thing about advertising is that it's become so ubiquitous that even the people it's targeted at don't realize they're seeing it. People filter ads out all the time, ignoring them in order to pay attention to the information that's interesting to them at the time. People look past billboards, flip past ads in magazines, turn to have a conversation during TV commercials - we tend to ignore ads, but they leave an impression on us anyway.
/way/ different from the effect that it actually has, observable through actual market research. Most people's actions are very much influenced by an advertising environment that we cannot even identify.
The human brain is a very powerful pattern recognition device, and when we see things that fit into a pattern, for example the same logo in many places, our brain notes that, even if we don't intellectually take interest in it.
Much of modern advertisement is about this, which is why logos have become so much more important than the message of advertisement. A logo is a compressed, subliminally accessible image that people can't help but notice. If people see the same image, or hear the same slogan or jingle enough times, it becomes familiar. Familiarity offers a huge bonus to the marketing of a product. Even if the consumer has never tried it, s/he feels a slight level of familiarity with it, and so is likely to trust it more than the competition.
I don't mean to seem like a raving tin-foil-hat-wearer, but people who do in-depth media studies will tell you that the public's belief about the effect advertising has on them is
But I do not pay to watch ads.
Do you pay to watch movies? Do you pay for cable/satellite TV? Hell, have you ever paid for a newspaper or magazine?
If you do any of these things, you do indeed pay to watch ads. Wherever there is concentrated public attention combined with greed, advertising will find a way. Movies include ads both at the beginning, and included throughout the feature in the form of product placement. Some movies are even produced so cynically that the entire film can even be thought of as an ad for a product line primarily, and a film secondarily (Spiderman, for example).
Pay-TV does the same thing. While you may not be exposed to "after these messages"-type ads, there are definitely large amounts of advertising dollars and interests having their way with your HBO Original Series. What brand of cars do they drive? Why do Cisco-brand routers happen to save the day from the hacker attack?
Advertising does not always come in the form of 30-second TV spots or banner ads. Much of the most valuable advertising is subtle enough that it usually isn't identified as advertising. A glowing product review on a web site, a movie star seen using a certain brand of cell phone, a story on your local news station about a new video game system...
What kinds of entities do we humans believe deserve to have individual civil rights?
This is a very good question, and I agree with your implication - we tend to demand rights for things that we feel sympathetic towards. We are up in arms when a single child in our neighborhood is harmed, but strangely silent when thousands of children are painfully killed in other parts of the world. We respond with genuine sympathy and outrage when we see a pet dog being kicked or otherwise abused, but think nothing of the countless animals that die to feed us.
Our societies have made a lot of sweeping assertions about how rights are universal, etc. But the practical reality is that many people feel more passionately about the treatment of their goldfish, or their virtual game avatar, than they do about real humans in Darfur.
This is an interesting inconsistency, and to me it suggests that people will give robots rights at the same point that they give anything else rights - when robots become sympathetic enough that people can relate to them, and feel some level of emotional connection.
Wow, that's amazingly restrictive if it's true. You could try doing things like downloading a file over an https:/// link or transferring data over an encrypted tunnel - if those are slow too, then they must be throttling all unrecognizable traffic, which is totally fucked up and probably worthy of a complaint to your ISP, since they're blocking all sorts of legitimate services.
If not, they may have some other method of figuring out what is and isn't bit torrent traffic. I suspect your experiences would be interesting to those designing ways to get around throttling.
My problem with clearwire is that they throttle p2p networking
Use Azureus, with protocol encryption enabled. As far as I know, the current throttling methods don't work for obfuscated/encrypted streams. If enough people resist throttling, maybe it'll persuade ISPs to use local torrent caching instead, which will cut down on their bandwidth bill and increase our speeds too.
But would they be unhappy enough to do something about it? Probably not.
It's true - computer users are often lazy when it comes to security, and it drives me crazy. But, I'm not so bitter and aloof that I would say that users should be punished for failing to secure their data. We're computer experts here, so it seems like a fairly small undertaking for someone to encrypt their email, but there are a lot of people who have just barely grasped how to send email in the first place.
No matter if these people are lazy, uneducated, or stupid, I don't think that the "right to learn about and use encryption" is a sufficient guarantee of our basic "right to privacy".
You shouldn't have your privacy violated just because you were too lazy or inept to figure out how to use encryption, just as you shouldn't get your ass kicked just because you don't know Kung Fu.
Since it is easy to use end-to-end encryption, it should be incumbent on the user
If it was really easy to use end-to-end encryption, that might be a reasonable expectation. But it's not really easy. The proof is that almost nobody encrypts their emails today, but if you told them that strangers were reading their emails, they'd be unhappy about it.
Compare the email situation with many other security precedents. There are phone-tap detecting devices out there that could be used to prevent eavesdropping on phone calls. It wouldn't be too hard to phone users to employ these, but there's also a law which says you can't tap people's phones (at least there used to be!). It's reasonable to expect you to lock your door, but there's also a law which says you can't trespass in someone's home, even if they don't have a lock. It's a good idea to learn self defense and carry a weapon if you're going to an area where you might be accosted, but there's also a law which says people can't attack you.
Personally, I don't trust the government to protect any of the rights they supposedly guarantee me, but that doesn't mean that they shouldn't guarantee them. At least with a legal guarantee I have some kind of recourse, and there's a deterrent for the law-abiding people or officials who might otherwise try to snoop on me.
I agree that we need easier and more powerful privacy technology, but it'd be awfully nice if I didn't have to defend my privacy by force all the time.
150,000 Euros is a lot for soon-to-be abandonware software
First of all, it probably won't become abandonware if the community fails to buy it - it'll be sold to some other corporation who will chop it up and use parts of the IP for some other cookie-cutter MMORPG.
Second, even if it did become abandonware, that wouldn't be nearly as good as having it legally open-source. Abandonware exists because the company who owns the copyright chooses not to enforce it, because there's not really any money to be made by doing so. But if the Ryzom code was developed into a great, free, community owned MMORPG, there'd always be the threat that the copyright holders would come knocking one day and shut it all down - sort of like how if there really was "abandonware" SCO code in Linux, it'd be a deadly blow to the open source movement.
Third, it's not possible to pirate an MMORPG the same way one pirates Quake. As soon as ID stops enforcing the copyright on Quake, we can all get free copies from our friends, but with an MMORPG, the server code is the most important part, and nobody has that but the company. They need to be persuaded to actually bother to share that.
It depends on the vector of attack. If you're sitting outside a web site, trying to log in with someone else's credentials, it's likely that even a weak password will be enough to hold you off.
People tend to imagine this as the usual attack scenario, but it's not. Usually the attacker who carries out a massive hack already has a foothold in the target network.
If you've got a foothold and want to increase your access, you'd probably start by finding password hashes. You can easily find hashed passwords by sniffing local traffic, looking in database tables, and grabbing password files for certain apps. None of these hashes are useful unless you can brute force the passwords, and the simpler the password, the easier it is to brute force.
If everyone used complex passwords, the ease of doing these types of privilege escalation attacks would go way down.
Additionally, you can be the smartest security professional - never get personally taken in by social engineering - and still have your password hash exposed due to poor security management by the hosting company. If your password is weak, you're still 0wned.
I say we focus on those instead of crying over what is essentially a sad but unimportant story.
Did it occur to you that bee monoculture was a problem until you read that story? Yeah, me neither. See that's the problem. If we could tell which species and ecosystems were important to protect, I'd be right behind you: "pay attention to the ones that matter, and who gives a fuck about the rest?!?!"
But the problem is, we don't know what the hell we're doing. We don't know what species are important, what environmental variables do what, and we generally don't find out until things have gotten out of hand and shit like entire species have been destroyed. You can find innumerable examples where a seemingly insignificant change in an environment caused some fairly significant and harmful cascade.
Because we don't understand exactly how ecosystems work yet, we're limited to leaving them mostly alone and keeping them the way they are, because as every programmer knows, getting excited and trying to fiddle with a system you don't understand frequently leads to a crash. And unlike on a computer, we can't just reboot the planet.
The "naturalness" of a phenomenon is usually not a useful criteria for deciding whether it's "OK" or not. Whether it helps or harms our needs as human beings living in a complex ecosystem is a useful criteria, however.
Sometimes natural phenomena are harmful to our needs, and sometimes unnatural phenomena are helpful to our needs. But, this doesn't mean we can adopt some kind of "post-environmentalist" attitude where we no longer care about ecosystems. The reality is that disruption of ecosystems, especially ones that people depend on, very often has sweeping negative effects on people.
It doesn't matter whether the extinction of this species was natural or unnatural, part of evolution or an aberration of evolution, the practical reality is that this species' destruction may cause serious repercussions for other life in and around the river, including people - not to mention all of the potential scientific and medicinal resources that have been lost forever with its extinction.
This non-concept of "economy of sharing" goes like: I have something, which you want, and I am morally obligated to give it to you
I think the "economy of sharing" is more a reference to the "gift economy", in which people exchange things with each other not because they stand to gain personally from the transaction, but because they want to. There's nothing obligatory about the gift economy, quite the opposite. It's the voluntary nature of gift giving that makes it what it is. If a market economy is organized around the greed/competition instinct of humanity, a gift economy is organized around the group affinity/nuture instinct.
I know this concept flies in the face of everything people learn at Harvard Business School, and pretty much invalidates most market theory, so I'm not going to waste my time going into much detail, but the fact is that many, many exchanges throughout the world take place through the gift economy, and it is the primary form of economic exchange in many successful communities - the Free Software Community being one of them.
Actually the pope has made multiple statements opposing the war in Iraq, and has been generally a voice for peace in recent history. In fact, many Catholic organizations, such as the Catholic Workers have actively opposed US wars.
I could also see the terrorists increasing the sensitivity of the trip wires
Yeah, that's the first countermeasure I thought of too - but we're talking about such a small change in weight/pressure that the wire would probably be tripped by a breeze or strong vibration.
I can't really think of any other good ways to make the tripwire undetectable, but it'd be pretty trivial to exploit the silly string IED detection method by producing false positives. Just string up fishing line in dark rooms all over the city, and US bomb squads will be stretched to their limit (like they aren't already) with false alarms. After all, silly string can't really detect IEDs, only wires - and if wires are a common thing, detecting them really isn't that useful.
For those with a philosophical bent, I recommend Finite and Infinite Games. A very thought provoking exploration of what constitutes a game, and how they blend with reality.
As someone has already explained, we probably capitalize ID (the abrv.) to distinguish is from the id (ego).
I figured it was capitalized to reflect the way we say it (eye dee) - spelling out the letters instead of pronouncing it as a word. I guess the most correct way to do that would be to write it I.D., but people tend to drop those periods, hence "ID".