Ellison sez:
Two hundred years ago, Thomas Jefferson warned us that our liberties were at risk unless we exercised "eternal vigilance." Jefferson lived in an age of aristocrats and monarchs. We live with the threat of terrorists getting their hands on weapons with the capacity to destroy entire cities.
George II is issuing executive orders left and right, and he's conductiing a war, though none has been declared by Congress. Ellison flies around in a Gulfstream and considers his right to land at night is more important than the San Jose ordinance that forbids it.
These two look like a monarch and an aristocrat to me.
Jefferson WAS a visionary, and his words are even more appropriate and revelant today.
``Wouldn't you feel better if everyone who walked into an airport showed their ID card and put their thumb in the scanner and you knew they were who they said they were?''
No Larry, I would not feel better. I might feel safer, but not by very much. Besides, is what we want to feel better about flying, or do we want to feel safer about flying? Or do we want to actually BE safer while flying?
How about that for a novel approach? Instead of trying to get the public to be willing to board a plane, why not improve safety for real? Put those National Guardsmen to work checking bags.
Do you realize that STILL, 9 out of 10 checked bags are placed into the cargo compartment of commercial jets, without so much as a passing glance? It's true.
You can also STILL check a bag on a flight, and then not get on that flight, and your bag will be carried anyway. You think we were caught with our pants down on 9/11? What will our leaders tell us about air safety when the next attack is a classical bomb-in-checked-bag-but-terrorist-missed-flight, like the Lockerbie disaster?
Culp argues in the essay that software flaws--whether in Windows, Linux or another operating system--are not going to go away.
"While the industry can and should deliver more secure products, it's unrealistic to expect that we will ever achieve perfection," he said.
If perfection is the standard, then I agree - no software will ever achieve that state. However, there is plenty of solid code available gratis and for fee that is for all practical purposes, perfectly secure. Take qmail, or djbdns; the OpenBSD kernel; various "trusted" OS; many embedded OS are practically perfect as far as security goes.
You can even take an older Linux distro, install it, and disable all services but those that are required (and upgrade those to the latest stable versions), and you have a box that will resist almost every exploit, and certainly all of the common ones.
You could do this with Windows, but for the fact that sometimes unnecessary services cannot be turned off. This is where Microsoft - and RedHat (who learned) - have made their biggest security blunders, by enabling unneeded servers out of the box. Stop that, and most of the worm problems go away, or are severely limited in scope.
As both someone who's worked at an ISP, and who has worked at a University, what they're doing by disallowing outbound port 25 connections is a GOOD thing, as it keeps spammers from using a throwaway account to originate and inject to open relays.
It also keeps customers from using an outside email service, and anti-spam reasoning can be used to justify anti-competitive practices, exactly as has been done in this case. I think this is cutting off one's nose to spite one's face. Stopping spam does not have to take priority over every other consideration. Shuting down all email servers would stop the spam problem, but it would make email quite a bit less useful (sarcasm). The same thing goes for blocking port egress to port 25. Exercising prior restraint by blocking traffic like this is going to far. Controlling spam is not so important that the ability to choose your email provider should be sacrificed to the cause.
If they just charged everyone a nominal fee for downloading the music that they _don't_ own then they'd be raking in the cash.
They do. It's an added surcharge to the CD-R media and other recording media you buy. You pay the RIAA a royalty for the privilege of recording your own music, that is original to you, copyrighted by you.
It seems to me that they have judged our tribute to be inadequate, and it is time to set fire to the crops.
For this to work, the bogus nodes would have to substantially outnumber user nodes, and the bogus data files (keys) would have to substantially outnumber the popular keys.
This is a very quick and efficient way to force legitimate data out of the caches of various nodes.
Only if storage space allocated on the nodes is very small and easily overrun, resulting in frequent and sweeping cache purges, can this happen. The attacker also has no control over which data a particular node will throw away, except that he can be sure that it was less popular than what would remain.
It seems to me that Freenet is immune to the tactic described in the article:
The software technology, according to industry sources, would essentially act as a downloader, repeatedly requesting the same file and downloading it very slowly, essentially preventing others from accessing the file. While stopping short of a full denial-of-service attack, the method could substantially clog the target computer's Internet connection.
This will never work on the Freenet. Attempting to do so will cause each node along the request path to store a copy. Attempting this on Freenet will cause the targeted files to be spread more widely, making them MORE available, not less.
"We have a legitimate concern that the measure currently being debated could unintentionally take away a remedy currently available to us under law that helps us combat piracy," said RIAA spokesman Jano Cabrera.
Your concern is noted, but I'm afraid that just now, we're a little busy trying to figure out how to keep crazy people from crashing airplanes into buildings, while not giving the Homeland away to the FBI in the process.
So if you'd kindly put a sock in it, we'd be grateful. Really.
Slashdot requires you to wait 20 seconds between hitting 'reply' and submitting a comment.
It's been 14 seconds since you hit 'reply'!
If you this error seems to be incorrect, please provide the following in your report to SourceForge:
Browser type
User ID/Nickname or AC
What steps caused this error
Whether or not you know your ISP to be using a proxy or some sort of service that gives you an IP that others are using simultaneously.
How many posts to this form you successfully submitted during the day
* Please choose 'formkeys' for the category!
Thank you.
I propose that we create an organization called the World Wide Web Consortium.
There is already an organization by that (appropriate) name, they are at the obvious URL, doing the obvious standards-setting things regarding the world wide web.
Furthermore, since DNS != HTTP, and the Internet != The Web, the name you propose is badly misleading.
ICANN, by the way, is exactly the sort of organization you propose. Thanks, but no thanks. Been there, done that, didn't even get a T-shirt.
I work for a company a lot of people love to hate, and we're pretty protective of our marks, but not to the point of registering the *sucks.com versions of our marks (thanks largely to me).
We got a message from our registrar (who shall go nameless) telling us that we had a few more weeks to get our "applications" in for our marks under the.biz TLD, and that many Fortune 500 companies were putting in 1000 or more applications for the major marks, and 100-500 for their minor marks. For only $5 per application, our registrar was willing to make the applications for our marks on our behalf. Well isn't that nice.
Our attorneys (who turn to me whenever confronted with anything remotely technical, guess I'm lucky that way) have decided not to pursue any additional applications, in.biz or in.info. Of course, being famous, all our applications have been contested, and are subject to this "lottery". Our lawyers simply realized that no matter what the outcome of the lottery, our marks are still our marks and the winner does not win the right to infringe.
They used to tell me "go register this domain for us please, it's cheaper than sending a cease & desist letter." This time however, they decided that sending a C&D to the "winner" is going to cost much less than playing along with the silly lottery.
They also associate ICANN and NSI with increased workload due to all these nuisance issues that come up with domains. I have educated them well.:)
The problem with a roving wiretap, is precisely that it follows the suspect around, and can capture the conversations of non-suspects in the suspect's vicinity. Still, I think it's a needed reform, but it is not without its problems. We need to be mindful of these problems, and construct adequate protections for non-suspects that inadvertently come into the sphere of surveillance that follows a suspect around.
Of course, time and thoughfulness are in very short supply, as is the willingness to make time, and to be thoughtful.
.. if putting harsh restrictions on cryptography can hinder him as well, what all is lost?
Since restricting lawful people from using strong, backdoor-free encryption has no effect on bin Laden's use of strong backdoor-free encryption, what is lost is the ability of lawful people to use strong backdoor-free encryption.
How hard is this to understand? I am willing to give up some liberties for a short while, as long as doing so contributes to the effectiveness of our response to this problem. I am not willing to give up any liberties at all otherwise, and certainly not for window-dressing activities like national ID cards.
Effective limitations on liberties for a short time, with clearly stated goals and intent, and a sunset period - sign me up. Throwing up our hands and giving Carte Blanche to the police - hell no.
I'm sorry, but questioning government policy could be construed as opposition to the government, which of course, is one step removed from attempting to overthrow it. You'll have to come with me. For the sake of Unity, of course.
This is an honest question, not trying to make anyone angry: What's the big deal? How does a national ID infringe on liberties?
This is not the point. What does a national ID card do to enhance our security? Nothing. All the hijackers presented valid ID before boarding their flights. I think not even Scott McNealy, brazen as he is, would try to assert that Sun can build a system impervious to subversion. I am certain that in Germany's system it is not impossible to obtain a fake ID.
I am not at all opposed to giving up some liberties for a short time, as long as doing so supports measures that are effective. I am not willing to give up any liberties at all, based on theory or conjecture, or these days, on the bald unsupported declaration that this is how it must be. I want to know that my sacrifice means something, that it is effective in support of our efforts. Otherwise, no deal, I won't go along with it.
Of course this scenario requires a trusted server in a trusted location -- but that's not too hard to get...
Hmmm...
Of course it isn't hard. This is why you should have no fear of handing over your keys to the escrow agent. They have one of those easily obtained trusted systems in a trusted location, ready to go!
I worry about Linus and also Linux. I feel like Linus is trying to disassociate himself from Linux because he has two dynamics at work inside him.
1. Linus realizes that he really is the leader of a large and idealistic movement, and would like to see the Good Things(tm) keep rolling.
2. Linus either feels that he is not the man to lead, or he realizes that he cannot be the leader forever.
3. Linus never wanted to lead, and is trying now to gently discourage people from seeing him as a leader. If you don't get the hint, he will soon have to resort to Shatner-like get-a-life outbursts aimed at his would-be followers...
Linux is a religion these days. Really. It may not have gods, but it has a fiercly defended ideology that really does border on the metaphysical.
Human knowledge is libre is not so much a radical notion, but its particular application to technology is very radical--bordering on the spiritual.
...starting with you, personally. Geezus. It's a piece of code, not a holy book.
"You're constantly looking for a balance, of how you're balancing the complexity and the simplicity in the time we need," he (Microsoft spokesman Dan Leach ) said. "The fact so many customers are showing up, at least in this survey, having concerns or confusion shows just in part how complicated it has become. That's one reason we're trying to make the program simpler, easier to understand and easier to administer."
Well let's see, in the case of RedHat, you go down to the local CDROM store, buy a single copy, and install it at your leisure on as many machines as you care to. When it makes sense to do so, upgrade.
How complicated does it need to be? You're buying software, not aerobraking into Mars orbit.
Yeah, that came out sounding a little silly, didn't it? What I meant was, that in light of 9/11, the little games we sometimes play to avoid logging in to the NYT site just didn't seem appropriate, since it's basically a small way of saying "fuck you". So I stopped. And then Slashdot goes ahead and starts publishing the no-login links. Ironic.
Slashdot Mirror
That's rich.
Ellison sez:
Two hundred years ago, Thomas Jefferson warned us that our liberties were at risk unless we exercised "eternal vigilance." Jefferson lived in an age of aristocrats and monarchs. We live with the threat of terrorists getting their hands on weapons with the capacity to destroy entire cities.
George II is issuing executive orders left and right, and he's conductiing a war, though none has been declared by Congress. Ellison flies around in a Gulfstream and considers his right to land at night is more important than the San Jose ordinance that forbids it.
These two look like a monarch and an aristocrat to me.
Jefferson WAS a visionary, and his words are even more appropriate and revelant today.
So what do you think?
I think you should forget about quitting your day job to pursue a career in politics.
``Wouldn't you feel better if everyone who walked into an airport showed their ID card and put their thumb in the scanner and you knew they were who they said they were?''
No Larry, I would not feel better. I might feel safer, but not by very much. Besides, is what we want to feel better about flying, or do we want to feel safer about flying? Or do we want to actually BE safer while flying?
How about that for a novel approach? Instead of trying to get the public to be willing to board a plane, why not improve safety for real? Put those National Guardsmen to work checking bags.
Do you realize that STILL, 9 out of 10 checked bags are placed into the cargo compartment of commercial jets, without so much as a passing glance? It's true.
You can also STILL check a bag on a flight, and then not get on that flight, and your bag will be carried anyway. You think we were caught with our pants down on 9/11? What will our leaders tell us about air safety when the next attack is a classical bomb-in-checked-bag-but-terrorist-missed-flight, like the Lockerbie disaster?
Oh for gods' sakes. Anyone who exposes their GroupWise environment to strangers is just asking for it, patch or not.
Culp argues in the essay that software flaws--whether in Windows, Linux or another operating system--are not going to go away.
"While the industry can and should deliver more secure products, it's unrealistic to expect that we will ever achieve perfection," he said.
If perfection is the standard, then I agree - no software will ever achieve that state. However, there is plenty of solid code available gratis and for fee that is for all practical purposes, perfectly secure. Take qmail, or djbdns; the OpenBSD kernel; various "trusted" OS; many embedded OS are practically perfect as far as security goes.
You can even take an older Linux distro, install it, and disable all services but those that are required (and upgrade those to the latest stable versions), and you have a box that will resist almost every exploit, and certainly all of the common ones.
You could do this with Windows, but for the fact that sometimes unnecessary services cannot be turned off. This is where Microsoft - and RedHat (who learned) - have made their biggest security blunders, by enabling unneeded servers out of the box. Stop that, and most of the worm problems go away, or are severely limited in scope.
Our entire system of government is designed to slow things down so that rash and unwise decisions don't get made too quickly.
You're right, it is much better if the rash and unwise decisions are made after a few weeks of deliberation.
As both someone who's worked at an ISP, and who has worked at a University, what they're doing by disallowing outbound port 25 connections is a GOOD thing, as it keeps spammers from using a throwaway account to originate and inject to open relays.
It also keeps customers from using an outside email service, and anti-spam reasoning can be used to justify anti-competitive practices, exactly as has been done in this case. I think this is cutting off one's nose to spite one's face. Stopping spam does not have to take priority over every other consideration. Shuting down all email servers would stop the spam problem, but it would make email quite a bit less useful (sarcasm). The same thing goes for blocking port egress to port 25. Exercising prior restraint by blocking traffic like this is going to far. Controlling spam is not so important that the ability to choose your email provider should be sacrificed to the cause.
If they just charged everyone a nominal fee for downloading the music that they _don't_ own then they'd be raking in the cash.
They do. It's an added surcharge to the CD-R media and other recording media you buy. You pay the RIAA a royalty for the privilege of recording your own music, that is original to you, copyrighted by you.
It seems to me that they have judged our tribute to be inadequate, and it is time to set fire to the crops.
For this to work, the bogus nodes would have to substantially outnumber user nodes, and the bogus data files (keys) would have to substantially outnumber the popular keys.
This is a very quick and efficient way to force legitimate data out of the caches of various nodes.
Only if storage space allocated on the nodes is very small and easily overrun, resulting in frequent and sweeping cache purges, can this happen. The attacker also has no control over which data a particular node will throw away, except that he can be sure that it was less popular than what would remain.
This will never work on the Freenet. Attempting to do so will cause each node along the request path to store a copy. Attempting this on Freenet will cause the targeted files to be spread more widely, making them MORE available, not less.
"We have a legitimate concern that the measure currently being debated could unintentionally take away a remedy currently available to us under law that helps us combat piracy," said RIAA spokesman Jano Cabrera.
Your concern is noted, but I'm afraid that just now, we're a little busy trying to figure out how to keep crazy people from crashing airplanes into buildings, while not giving the Homeland away to the FBI in the process.
So if you'd kindly put a sock in it, we'd be grateful. Really.
How do I tell what my kharma score is in the first place?
OK, second's up. Now what?
Slashdot requires you to wait 20 seconds between hitting 'reply' and submitting a comment.
It's been 14 seconds since you hit 'reply'!
If you this error seems to be incorrect, please provide the following in your report to SourceForge:
Browser type
User ID/Nickname or AC
What steps caused this error
Whether or not you know your ISP to be using a proxy or some sort of service that gives you an IP that others are using simultaneously.
How many posts to this form you successfully submitted during the day
* Please choose 'formkeys' for the category!
Thank you.
I propose that we create an organization called the World Wide Web Consortium.
There is already an organization by that (appropriate) name, they are at the obvious URL, doing the obvious standards-setting things regarding the world wide web.
Furthermore, since DNS != HTTP, and the Internet != The Web, the name you propose is badly misleading.
ICANN, by the way, is exactly the sort of organization you propose. Thanks, but no thanks. Been there, done that, didn't even get a T-shirt.
I work for a company a lot of people love to hate, and we're pretty protective of our marks, but not to the point of registering the *sucks.com versions of our marks (thanks largely to me).
.biz TLD, and that many Fortune 500 companies were putting in 1000 or more applications for the major marks, and 100-500 for their minor marks. For only $5 per application, our registrar was willing to make the applications for our marks on our behalf. Well isn't that nice.
.biz or in .info. Of course, being famous, all our applications have been contested, and are subject to this "lottery". Our lawyers simply realized that no matter what the outcome of the lottery, our marks are still our marks and the winner does not win the right to infringe.
:)
We got a message from our registrar (who shall go nameless) telling us that we had a few more weeks to get our "applications" in for our marks under the
Our attorneys (who turn to me whenever confronted with anything remotely technical, guess I'm lucky that way) have decided not to pursue any additional applications, in
They used to tell me "go register this domain for us please, it's cheaper than sending a cease & desist letter." This time however, they decided that sending a C&D to the "winner" is going to cost much less than playing along with the silly lottery.
They also associate ICANN and NSI with increased workload due to all these nuisance issues that come up with domains. I have educated them well.
You are wrong. In fact, they are endowed rights. Exactly those words are used in the document defining the American experiment:
So no, the laws do not define our rights. The rights are there, and the laws are supposed to recognize and protect those rights.
The problem with a roving wiretap, is precisely that it follows the suspect around, and can capture the conversations of non-suspects in the suspect's vicinity. Still, I think it's a needed reform, but it is not without its problems. We need to be mindful of these problems, and construct adequate protections for non-suspects that inadvertently come into the sphere of surveillance that follows a suspect around.
Of course, time and thoughfulness are in very short supply, as is the willingness to make time, and to be thoughtful.
.. if putting harsh restrictions on cryptography can hinder him as well, what all is lost?
Since restricting lawful people from using strong, backdoor-free encryption has no effect on bin Laden's use of strong backdoor-free encryption, what is lost is the ability of lawful people to use strong backdoor-free encryption.
How hard is this to understand? I am willing to give up some liberties for a short while, as long as doing so contributes to the effectiveness of our response to this problem. I am not willing to give up any liberties at all otherwise, and certainly not for window-dressing activities like national ID cards.
Effective limitations on liberties for a short time, with clearly stated goals and intent, and a sunset period - sign me up. Throwing up our hands and giving Carte Blanche to the police - hell no.
I'm sorry, but questioning government policy could be construed as opposition to the government, which of course, is one step removed from attempting to overthrow it. You'll have to come with me. For the sake of Unity, of course.
This is an honest question, not trying to make anyone angry: What's the big deal? How does a national ID infringe on liberties?
This is not the point. What does a national ID card do to enhance our security? Nothing. All the hijackers presented valid ID before boarding their flights. I think not even Scott McNealy, brazen as he is, would try to assert that Sun can build a system impervious to subversion. I am certain that in Germany's system it is not impossible to obtain a fake ID.
I am not at all opposed to giving up some liberties for a short time, as long as doing so supports measures that are effective. I am not willing to give up any liberties at all, based on theory or conjecture, or these days, on the bald unsupported declaration that this is how it must be. I want to know that my sacrifice means something, that it is effective in support of our efforts. Otherwise, no deal, I won't go along with it.
ICANN, VeriSign, that whole lot? Pretty please?
Of course this scenario requires a trusted server in a trusted location -- but that's not too hard to get...
Hmmm...
Of course it isn't hard. This is why you should have no fear of handing over your keys to the escrow agent. They have one of those easily obtained trusted systems in a trusted location, ready to go!
I worry about Linus and also Linux. I feel like Linus is trying to disassociate himself from Linux because he has two dynamics at work inside him.
1. Linus realizes that he really is the leader of a large and idealistic movement, and would like to see the Good Things(tm) keep rolling.
2. Linus either feels that he is not the man to lead, or he realizes that he cannot be the leader forever.
3. Linus never wanted to lead, and is trying now to gently discourage people from seeing him as a leader. If you don't get the hint, he will soon have to resort to Shatner-like get-a-life outbursts aimed at his would-be followers...
Linux is a religion these days. Really. It may not have gods, but it has a fiercly defended ideology that really does border on the metaphysical.
Human knowledge is libre is not so much a radical notion, but its particular application to technology is very radical--bordering on the spiritual.
...starting with you, personally. Geezus. It's a piece of code, not a holy book.
Nice one, good link. Mod up the parent.
"You're constantly looking for a balance, of how you're balancing the complexity and the simplicity in the time we need," he (Microsoft spokesman Dan Leach ) said. "The fact so many customers are showing up, at least in this survey, having concerns or confusion shows just in part how complicated it has become. That's one reason we're trying to make the program simpler, easier to understand and easier to administer."
Well let's see, in the case of RedHat, you go down to the local CDROM store, buy a single copy, and install it at your leisure on as many machines as you care to. When it makes sense to do so, upgrade.
How complicated does it need to be? You're buying software, not aerobraking into Mars orbit.
Yeah, that came out sounding a little silly, didn't it? What I meant was, that in light of 9/11, the little games we sometimes play to avoid logging in to the NYT site just didn't seem appropriate, since it's basically a small way of saying "fuck you". So I stopped. And then Slashdot goes ahead and starts publishing the no-login links. Ironic.