Sure, plenty of cases were based on things like the thief pawning stolen goods I may have been hanging out here for too long, but isn't the word "pwning"?
It's simply security through obscurity. The security gained from doing the crypto on the disk is only gained through obscurity. The security baseline in the crypto is security through crypto, not through obscurity.
Hardware based doesn't seem to mean much anymore. [...] [You're] just moving the work from one generic processor to another. There are reasons to do this besides security. A big one is speed: crypto eats a substantial amount of resources (in particular for breakfast). By moving this to dedicated hardware, you free up your CPU to render the movie, compile the code, or whatever.
Also, since the motivation is likely speed (they mention that explicitly in the article), it would seem natural to put the crypto into a custom-built circuit; that way you can do stuff in parallel and be limited speed-wise only by the propagation time of the voltage across the wires. If you know that Fujitsu doesn't do this, please provide a quote (I'm merely curious, not accusing your of lying).
While you may be correct, it's like accusing a screwdriver of being lousy at playing soccer: that's not what they're meant to do.
approach to fighting tracking. Your idea will not work. Here is why it won't work. (One or more of the following may apply to your particular idea, and it may have other flaws which used to vary from state to state before a bad federal law was passed.)
(X) Trackers can easily use it to harvest identities ( ) Mailing lists and other legitimate email uses would be affected ( ) No one will be able to find the guy or collect the money ( ) It is defenseless against brute force attacks ( ) It will stop spam for two weeks and then we'll be stuck with it ( ) Users of email will not put up with it ( ) Microsoft will not put up with it ( ) The police will not put up with it (X) Requires too much cooperation from trackers ( ) Requires immediate total cooperation from everybody at once ( ) Many email users cannot afford to lose business or alienate potential employers ( ) Spammers don't care about invalid addresses in their lists ( ) Anyone could anonymously destroy anyone else's career or business
Specifically, your plan fails to account for
( ) Laws expressly prohibiting it (X) Lack of centrally controlling authority for web behaviour ( ) Open relays in foreign countries ( ) Ease of searching tiny alphanumeric address space of all email addresses ( ) Asshats (X) Jurisdictional problems ( ) Unpopularity of weird new taxes ( ) Public reluctance to accept weird new forms of money ( ) Huge existing software investment in SMTP ( ) Susceptibility of protocols other than SMTP to attack ( ) Willingness of users to install OS patches received by email ( ) Armies of worm riddled broadband-connected Windows boxes ( ) Eternal arms race involved in all filtering approaches ( ) Extreme profitability of spam ( ) Joe jobs and/or identity theft (X) Technically illiterate politicians (X) Extreme stupidity on the part of people who do business with trakers (X) Dishonesty on the part of trackers themselves ( ) Bandwidth costs that are unaffected by client filtering ( ) Outlook
and the following philosophical objections may also apply:
( ) Ideas similar to yours are easy to come up with, yet none have ever been shown practical (X) Any scheme based on opt-out is unacceptable (X) HTTP headers should not be the subject of legislation ( ) Blacklists suck ( ) Whitelists suck ( ) We should be able to talk about Viagra without being censored ( ) Countermeasures should not involve wire fraud or credit card fraud ( ) Countermeasures should not involve sabotage of public networks ( ) Countermeasures must work if phased in gradually ( ) Sending email should be free ( ) Why should we have to trust you and your servers? ( ) Incompatiblity with open source or open source licenses ( ) Feel-good measures do nothing to solve the problem ( ) Temporary/one-time email addresses are cumbersome ( ) I don't want the government reading my email ( ) Killing them that way is not slow and painful enough
Furthermore, this is what I think about you:
( ) Sorry dude, but I don't think it would work. ( ) This is a stupid idea, and you're a stupid person for suggesting it. ( ) Nice try, assh0le! I'm going to find out where you live and burn your house down!
What we need is a reliable way of determining the age of an account. That would require the sender to send that information along, and you to trust the validity of that information.
The first is bipartite prisoners' dilemma: you, as a sender, gets no benefit from including the account age, because until everyone else sends it, receivers will accept mail without that information. You, as a receiver, gets very little benefit from it being there, because it so rarely is.
The second is remote attestation: the sender has to be under your authority, not its own, to a large enough degree that they cannot cheat and put in false information. That most likely requires trusted computing and thus software that's de facto unmodifiable. One problem with this: how does it know you're sending mail? Looking at tcp/25 out is not enough. The mail format is not quite as well-destandardised as HTML, but content analysis will give enough false positives and negatives to piss off users (and we all know how much our non-geeky friends love computers as it is).
A third problem is that account age is a very crude heuristic. The day I create user+latex@example.com, I want to send to latex@example.com right away. Why should I have to wait?
In summary: (X) Countermeasures must work if phased in gradually (X) Incompatiblity with open source and free software ideals (X) Users of email will not put up with it
But three is a pretty good score, so be proud of yourself;)
Quick thoughts: by allowing anonymous posting, you make people post something they wouldn't have posted if they couldn't be anonymous, thus making information more free. Also, isn't the public opinion on/. that you should exercise all your rights and powers even though you don't strictly need to?
The morons still equate "windows" with "computer". But thanks to the 'tubes, TV, and Apple's marketing, that _is_ changing. As exemplified by my ex* saying "look what my new computer can do", referring to some of the installed software.
But it is changing. They will start equating "windows" with "PC" and equate Macs with what they see on Mac screens. I don't see where we can make linux enter the picture, though.
(*not the editor, I've actually had a girlfriend).
Although only 15% of teachers [...] agree. Adults might not want to scoff, however, because 11% of teachers are already using video games in class and they report great results. In other words, more than two thirds of the teachers who think games can be educational are already using them. That's a not too shabby adoption rate.
However, if they are as socially skilled as slashdot gamers, I predict difficulties when it comes to advocacy;)
Games don't equal real life, but the way you play does say something about you at a fundamental level. Let's see... at a fundamental level, it appears I would like to be a penguin (supertux). No wait, a penguin king (chess). In fact, a space-faring (kobodeluxe), italian, plumbing (mario) penguin king with a bow and a grappling hook (Zelda). Hey, that Ilia chick is hot. And I'd like laser blades on my arms (starcraft zealots), an army of skeletons (D2 necro), and a bunch of Japanese letters (kanatest).
FTA:
In response to competitive pressures from DirecTV and Verizon FiOS, Comcast recently decided to sacrifice some quality to improve quantity. Isn't this just great? In response to competition, comcast gives you a crappier product. This also illustrates that Comcast oversubscribes its bandwidth to the point where they have to not deliver the service you expected, just as for their internet services.
But what I find the most frightening is looking at the pictures in the article I quoted, and then realising that "These images were rescaled to half-resolution". Imagine how coarse they must look at twice the size if a downscaling doesn't produce anything more smooth than that.
I'm starting to rediscover my love for that ~15 year old 14" CRT thing I have in my room.
He's probably had sex too. Bastard. Well, if you controlled the whole network, wouldn't you go to redtu... Oooh, you mean with one of these females I keep hearing about.
this sort of model has been tried before and it tends not to work all that well. Cool, you're not bound to repeat history. Could you share the knowledge with me?
And surely a diff is not a derived work in itself - is it? IANAL, TINLA; one might argue that a unified/context diff is a derivative work since it contains parts of the original, whereas a diff on the form (delete [byte range]|insert [bytes] at [position])* isn't, as it doesn't contain parts of the original. I think this argument appeals very much to technical people, but not quite as much to the lawyers.
But, as Jennifer Granick said at defcon 15 (TINLA either): the answer in many cases of technology vs. law is either "we don't know" or "it depends".
Having recently seen Sun buy MySQL, this looks a lot like a "me too"-move. That's not to say that it doesn't make business sense.
Last I checked, IBM makes its money from two things: hardware and support. Note that software is not one of them; the software is (to them) merely what enables them to sell their bread and butter. It's also costing them money to develop and maintain software that drives sales.
That's why they've invested money in Linux, and that's why they're investing money in Postgres: offering software with a good track record and a good reputation drives sales better, and cost is driven down as the software is open source.
you have a logical flaw What's the flaw? Where is it?
So perception of colour and position is faster than that of symbols and their relationships. Woah, hold on, back up. How did color slip in there? You let it slip in there:
coloured and neatly indented code is easier to read than monochromatic unindented code Let's grant you this.
Color (note the correct spelling) Please file a bug report against my dictionary, then. Until it says color, I'm saying colour. I'm thinking one is American, the other is British. You know, like grey versus gray, trivialize versus trivialise and potato versus potato.
I find (personally) that limited use of color can be helpful, but what I believe you are talking about (color1 for this, color2 for that, colorN for this other thing) turns into a hodgepodge. What you believe I'm talking about is limited by N. If the limit on the use of colour you find helpful is finite, then there will exist an M such that your way of doying this uses color1 for this, color2 for that, colorM for this other thing. I know I'm picking nits here, but I'm not doing it for its own sake; I'm trying to explain why I don't understand your point.
But I didn't drag color into this. And if you want it to stay you have to earn it. You let colour in, as I pointed out above, so I have earned what I needed to earn. If you want colour out know, you have to earn that. Isn't proof obligation shifting just fun?;)
Also, "drag into this"? Let's be clear: I said two things about colour:
1. perception is fast and easy. 2. these are my ideas of how one might use colour: [...]
You've agreed with number 1, yet argued against my position. If you want to argue against number 2, please start by reading one or more posts that already do that. Otherwise, what are you saying?
To spell it out, I supported number 1 with the code example. If you want more support, listen to mit_ocw::intropsych::visual_perception (I'm too lazy to find the link for you).
I think the argument for Microsoft's decision is interesting:
To maintain compatibility and be secure by default we didn't want to invoke fallback either, as original web authors might not have intended this behavior. I thought IE8 was about fixing all the broken behaviour (and becoming incompatible in the process)? As for the "web authors might not have intended this behaviour" point... why would web authors expect non-standard behaviour? The only way I can think of that would a web dev expect IE8's behaviour is if the site is coded specifically against IE8's behaviour. I'm thinking security requires predictability: if you don't know what your code is doing, how can you know it's secure?
Slashdot Mirror
Also, since the motivation is likely speed (they mention that explicitly in the article), it would seem natural to put the crypto into a custom-built circuit; that way you can do stuff in parallel and be limited speed-wise only by the propagation time of the voltage across the wires. If you know that Fujitsu doesn't do this, please provide a quote (I'm merely curious, not accusing your of lying).
While you may be correct, it's like accusing a screwdriver of being lousy at playing soccer: that's not what they're meant to do.
Your article advocates a
(X) technical ( ) legislative ( ) market-based ( ) vigilante
approach to fighting tracking. Your idea will not work. Here is why it won't work.
(One or more of the following may apply to your particular idea, and it may
have other flaws which used to vary from state to state before a bad federal
law was passed.)
(X) Trackers can easily use it to harvest identities
( ) Mailing lists and other legitimate email uses would be affected
( ) No one will be able to find the guy or collect the money
( ) It is defenseless against brute force attacks
( ) It will stop spam for two weeks and then we'll be stuck with it
( ) Users of email will not put up with it
( ) Microsoft will not put up with it
( ) The police will not put up with it
(X) Requires too much cooperation from trackers
( ) Requires immediate total cooperation from everybody at once
( ) Many email users cannot afford to lose business or alienate potential
employers
( ) Spammers don't care about invalid addresses in their lists
( ) Anyone could anonymously destroy anyone else's career or business
Specifically, your plan fails to account for
( ) Laws expressly prohibiting it
(X) Lack of centrally controlling authority for web behaviour
( ) Open relays in foreign countries
( ) Ease of searching tiny alphanumeric address space of all email addresses
( ) Asshats
(X) Jurisdictional problems
( ) Unpopularity of weird new taxes
( ) Public reluctance to accept weird new forms of money
( ) Huge existing software investment in SMTP
( ) Susceptibility of protocols other than SMTP to attack
( ) Willingness of users to install OS patches received by email
( ) Armies of worm riddled broadband-connected Windows boxes
( ) Eternal arms race involved in all filtering approaches
( ) Extreme profitability of spam
( ) Joe jobs and/or identity theft
(X) Technically illiterate politicians
(X) Extreme stupidity on the part of people who do business with trakers
(X) Dishonesty on the part of trackers themselves
( ) Bandwidth costs that are unaffected by client filtering
( ) Outlook
and the following philosophical objections may also apply:
( ) Ideas similar to yours are easy to come up with, yet none have ever
been shown practical
(X) Any scheme based on opt-out is unacceptable
(X) HTTP headers should not be the subject of legislation
( ) Blacklists suck
( ) Whitelists suck
( ) We should be able to talk about Viagra without being censored
( ) Countermeasures should not involve wire fraud or credit card fraud
( ) Countermeasures should not involve sabotage of public networks
( ) Countermeasures must work if phased in gradually
( ) Sending email should be free
( ) Why should we have to trust you and your servers?
( ) Incompatiblity with open source or open source licenses
( ) Feel-good measures do nothing to solve the problem
( ) Temporary/one-time email addresses are cumbersome
( ) I don't want the government reading my email
( ) Killing them that way is not slow and painful enough
Furthermore, this is what I think about you:
( ) Sorry dude, but I don't think it would work.
( ) This is a stupid idea, and you're a stupid person for suggesting it.
( ) Nice try, assh0le! I'm going to find out where you live and burn your
house down!
The first is bipartite prisoners' dilemma: you, as a sender, gets no benefit from including the account age, because until everyone else sends it, receivers will accept mail without that information. You, as a receiver, gets very little benefit from it being there, because it so rarely is.
The second is remote attestation: the sender has to be under your authority, not its own, to a large enough degree that they cannot cheat and put in false information. That most likely requires trusted computing and thus software that's de facto unmodifiable. One problem with this: how does it know you're sending mail? Looking at tcp/25 out is not enough. The mail format is not quite as well-destandardised as HTML, but content analysis will give enough false positives and negatives to piss off users (and we all know how much our non-geeky friends love computers as it is).
A third problem is that account age is a very crude heuristic. The day I create user+latex@example.com, I want to send to latex@example.com right away. Why should I have to wait?
In summary:
(X) Countermeasures must work if phased in gradually
(X) Incompatiblity with open source and free software ideals
(X) Users of email will not put up with it
But three is a pretty good score, so be proud of yourself
It's deadly simple!
It should be named COFiN.
Quick thoughts: by allowing anonymous posting, you make people post something they wouldn't have posted if they couldn't be anonymous, thus making information more free. Also, isn't the public opinion on /. that you should exercise all your rights and powers even though you don't strictly need to?
But it is changing. They will start equating "windows" with "PC" and equate Macs with what they see on Mac screens. I don't see where we can make linux enter the picture, though.
(*not the editor, I've actually had a girlfriend).
However, if they are as socially skilled as slashdot gamers, I predict difficulties when it comes to advocacy
That's how fucking cool I'm gonna' be.
12) Our dollar bills would buy the Brooklyn bridge
Captcha: "Patriot".
For starters, who tried it and what happened?
(I find it amusing, and slightly unfitting, that my captcha, "boastful", contains the substring "stfu").
But what I find the most frightening is looking at the pictures in the article I quoted, and then realising that "These images were rescaled to half-resolution". Imagine how coarse they must look at twice the size if a downscaling doesn't produce anything more smooth than that.
I'm starting to rediscover my love for that ~15 year old 14" CRT thing I have in my room.
Yeah, he's a bastard!
But, as Jennifer Granick said at defcon 15 (TINLA either): the answer in many cases of technology vs. law is either "we don't know" or "it depends".
Thanks a lot for the coke shower
--jonaskoelker's employers keyboard.
Please tag NSFW.
--jonaskoelker
Here's a few random thoughts:
Having recently seen Sun buy MySQL, this looks a lot like a "me too"-move. That's not to say that it doesn't make business sense.
Last I checked, IBM makes its money from two things: hardware and support. Note that software is not one of them; the software is (to them) merely what enables them to sell their bread and butter. It's also costing them money to develop and maintain software that drives sales.
That's why they've invested money in Linux, and that's why they're investing money in Postgres: offering software with a good track record and a good reputation drives sales better, and cost is driven down as the software is open source.
Also, "drag into this"? Let's be clear: I said two things about colour:
1. perception is fast and easy.
2. these are my ideas of how one might use colour: [...]
You've agreed with number 1, yet argued against my position. If you want to argue against number 2, please start by reading one or more posts that already do that. Otherwise, what are you saying?
To spell it out, I supported number 1 with the code example. If you want more support, listen to mit_ocw::intropsych::visual_perception (I'm too lazy to find the link for you).