If you don't have the GUI design, how the hell do you even know what the bowels of the application should be doing!?
If you don't know what the bowels of the application should be doing, how do you design the GUI? How do you design a GUI if you don't know whether it's for a spreadsheet or a media player?
Well, I have one answer: "Customer focus groups say they want a call block list and a call forwarding feature."
An understanding of what your users want and what you're trying to help them achieve decides what features your application should have.
The desired feature set shapes the back end as well as the way the features are presented to the user for him or her to call upon.
Else, I think you get into nonsensical situations.
but the GUI is what drives the design of the backend!
Compare these two statements:
(1) Because modern computers are equipped with a control key and a Z key and our user interface designer created a menu item labeled "Undo" with C-z as the shortcut, our editor supports undo.
(2) When humans write things on a computer, they make mistakes from time to time, but the notice soon after. To help them correct their mistakes easily, our editor supports undo.
Which one sounds most sensible? In which one does the GUI design drive the feature set? In which one does the feature set drive the GUI design?
Let the design of UI drive the backend, not the other way around.
I think you're confusing "this program should support Undo" with "there should be a rectangle with the word 'Undo' in it". You're confusing things, processes and properties with their visual representation; probably as a reaction against someone confusing them with their implementation.
Good design chooses "Should support Undo" before "Edit/Undo and Control-Z" and also before "maintain a 'vector of state_t', containing all the previous states of the document".
(Oh, and by the way, if you write some code to find out what's possible, you might get good ideas as to what the user wants; you've probably experienced the "Hey, that's cool! I didn't even know I wanted that!". That's what I'm on about here.)
They aren't gonna come bitching to you about how your databases lack some index, but they might complain that your list of videos isn't dropping stop words like "The" or "A".
How is sort order a property of a GUI? Bonus question: same question, but assume the application in question was a command-line one; no curses, just argv and stdin to stdout. How is sort order not completely orthogonal to graphics and interaction?
moving us closer to socialism and the end of The American Way of Life.
Yeah, I know! That would be so horrible!
Instead, you'd have socialism, where your ability to get a good education and a good job doesn't depend on how much money your parents have but how skilled you are at what you do. When you get sick, you get cured instead of gouged. When you buy a cell phone, you get serviced by well-regulated telephone companies---you don't get gouged*.
(* seriously---you're on the hook for 2 years?? I'm on the hook for 6 months, paying 10$/mo. for internet on my N900. My operator doesn't care whether I tether, use skype, or run my landline through asterisk on my laptop via the internet onto my cell; they just give me 1 gig / mo. and 0.10$/minute; and once I'm off the expensive contract, I'm back to getting 50 free minutes and 50 texts per month. That's *free*, zero charge).
A Swede or Norwegian or Finn is able to say "yes, this was a mistake" and not be derided in public for it.
You left out Denmark (... you insensitive clod). Yes, this was a mistake;-)
Also, while I hope we Scandinavians live up to the generally positive image you portray of us, it's not all roses.
Recall The Pirate Bay---police raids of their server farm, law suit? Not good:\
And due to a lawsuit between IFPI ("RIAA international") and Danish ISP A, resulting in the court ordering ISP A to block access to thepiratebay.org, my Danish ISP B also blocks access:(... Ah well, I can read their blog via tor;-)
Exactly what does that mean? That it shouldn't be done as part of your job? But what if your job is tweeting information about your company's products? Or writing documentation for software using the Twitter API?
Okay, so you were talking about journalists---but in that case, you're saying that "Journalists shouldn't say 'tweet' because it's [a thing you shouldn't do if you're working as a journalist]" (i.e. [...]=unprofessional).
But that looks like a circular argument.
I think a less circular argument might go something like this: not using the word "tweet" to mean "post on twitter.com" will make the NYT sell better, because its target audience (1) dislikes that meaning of the word; and/or (2) wants (relatively) slang-free language.
(Which is of course what you're really saying, so I'm in violent agreement with you; but I think the form of the argument is relevant.)
Single-client private computing is realizable via FHE, as we explain below
FHE is Fully Homomorphic Encryption, exactly what Gentry has shown to exist.
(Note, I haven't read your linked article fully, nor have I read Gentry's thesis fully; I may be wrong, but a first guess would suggest that your linked article isn't in conflict with Gentry).
If you can sort your data by plaintext, while still in ciphertext form (ie, without decrypting it on the cloud's hardware AT ALL), then what's stopping your cloud provider from doing it, too?
Nothing. The result will be a list of ciphertexts which won't reveal anything about the plaintexts.
See also the thesis, page 5 (5 on paper, 15 in pdf):
At a high-level, the essence of fully homomorphic encryption is simple: given ciphertexts that encrypt pi_1,..., p_t fully homomorphic encryption should allow anyone (not just the key-holder) to output a ciphertext that encrypts f(pi_1,..., p_t) for any desired function f, as long as that function can be efficiently computed. No information about pi_1,..., p_t or f(pi_1,..., pi_t), or any intermediate plaintext values, should leak; the inputs, output and intermediate values are always encrypted.
So if I give you pi_1 and pi_2, you'll know that E(min(pi_1, pi_2)) = 42 and E(max(pi_1, pi_2)) = 17. What do their encryptions tell you about pi_1 and pi_2?
You're leaking information about your data to your provider, and if they wanted to, they could perform a process of elimination and discover your plaintext.
I don't think it's possible; I must admit I haven't read Gentry's thesis, but I assume he proves what he advertises---that he has a fully homomorphic encryption scheme. In that case, it is indeed possible to carry out any computation on encrypted values without revealing information about neither the plaintext nor the result of the computation.
Of course, if I'm wrong, I would very much like to see your algorithm for discovering the plaintext.
The thing to keep in mind here is that the idea is to make it so your cloud provider has no way to read, or infer information about, your data. I'm in the camp that believes it's not possible, but even if it is possible, known methods (like this one) are neither plausible nor secure.
Gentry's approach uses lattices; his approach should be secure against people whose computational resources are polynomial in the plaintext size, even (I think we think*) if they have quantum computers.
(* I haven't looked closely, so I'm randomly guessing his use of lattices is of the kind where no publicly known quantum attacks exist).
Security isn't an on/off thing. There's a stricter security property Gentry's system either satisfies or doesn't satisfy---that no one can know anything about the plain texts, even if computing on the ciphertexts "forever".
But in-use technology such as SSL, ssh, PGP/GPG doesn't live up to this standard, yet in practical security it's never the *crypto* that's broken.
To say that Gentry's work is not only wrong (not secure) but not plausible I think implies that the PhD committee at Stanford is doing a piss-poor job. Is that really what you mean?
(This is one of the reasons I'm doing my PhD in cryptography: in algorithms, or languages, or $subfield, when there's something you don't know you just know that you don't know how to do X; in cryptography, when there's stuff you don't know, it seems like magic is possible)
Side note: The things people will claim to make this mostly BS idea of the cloud seem to work never cease to amaze me.
If I know anything about \subsection{Motivation}, they're using cloud computing to make fully homomorphic encryption seem* worthwhile.
(* appearances may be true or false but not both).
Academic cryptography has developed the theory necessary for all the important problems people want solved in practice (i.e. public key encryption). That's why we work on the (apparently) less important problems now, and that's why the "motivation" part of our articles are a little... stretched;-)
You can argue that someone ought to work on building and deploying technology based on the good ol' cryptographic theory (i.e. an internet with end-to-end public key cryptography). I won't argue against you, but I think it requires solving problems of internet governance first.
It has nothing to do with figuring out you need to "encrypt everything". It's about needing the two to three decades of research and development required to build an Internet capable of end to end encryption; development that simply has not been done.
Well, here's a rather simple idea: if the encryption needs to be end to end, the receiving end needs to decrypt what's received. That's possible today.
Alternatively, you could have something right before the end do the decryption on the end's behalf (say, at the ISP). Why I (as the receiver) would rather have my ISP decrypt my data than my own computer(s), I'm not really sure. Can anyone explain this to me?
In practical terms: as a slashdot user, I can't force slashdot to accept my password when I transmit it via HTTPS; slashdot only listens to me if I send my password in the clear. Slashdot could accept encrypted logged-in sessions, but they choose not to. Spending two or three decades researching how to force slashdot to adopt the security policy I would like---I'm not sure what's there to research... (?)
So... exactly what should be researched? Better cryptography marketing strategies? Or did I miss something? By all means, give me ideas; researching cryptography is what I do (currently), so it would seem I'm in just the right position to do the research. I just have no idea what people want to do that's not being done for a lack of cryptographic tools rather than policy reasons.
The problem is that criticizing the government is one of the primary reasons to have the notion of "freedom of speech".
I would think that the primary reason for having the notion of freedom of speech is to point out and criticize use and abuse of power. In the colonial America around 1776, the abuse of power came directly or indirectly from governmental power (the English king). Today, there's also use and abuse of power from private and public companies.
Look also at guilt and burden of evidence in civil vs. criminal cases: in civil cases, the verdict is decided based on a "preponderance of evidence" (51-49); in criminal cases, it's "beyond a reasonable doubt". The reasoning behind this is that the government can direct many more resources towards a legal battle than a private person.
Today, private (and public) companies can direct many more resources towards a legal battle than a private (human) person. I hold that an almost equally important use of freedom of speech is to criticize use and abuse of corporate power.
Kind of like FUSE has done for filesystems. Sure, it is easier to write a proprietary filesystem than it has ever been for linux. But it is also vastly easier to write free ones too. The end result is that there are far more Free (tm) and interesting filesystems than there ever were.
There's a sig I see around here, about religions: (paraphrased) "If you need government to enforce your religious rules, what does that say about the strength of your message?"
If we* need to make it impossible for proprietary software to work with free software in order to sell** the free software, what does that say about the strength of our message and our ability to compete, feature/tech-wise?:(
I give all my moral support*** to the GNU project, which has the goal of enabling people to use only Free Software(tm) and Get Their Shit Done(tm). Making free software worse for the purpose of making proprietary software more worse (say, as in non-existent) runs counter to the purpose of the GNU project. Don't do that. Be pro-free, not anti-proprietary.
* The "freetards":D ** lit. "make people use", fig. as in "selling [someone on] an idea". *** including by wearing @gnu.org in my mail address---but I don't represent anyone but myself.
I know this is an unpopular opinion, but the constitution's just a piece of paper. We are a living, breathing society ruled by living, breathing individuals and our laws likewise evolve with us.
Who directs the laws? Who sets their direction?
Why can I make laws restricting what you do (or not, as the case may be)? If party A can make laws restricting the behavior of party B, shouldn't party B get a say in which laws party A can make?
Would you be OK with me making a law that says you should pay me 100% of your earnings in taxes (and all your stuff in property taxes)? No? Is that only because I don't have enough guns to enforce it? Do you believe might makes right?
I'm European, so I probably trust my government more than the average US citizen trust theirs. But I still want my government to be limited in its ability to intrude in my life.
Why would skype over 3g be different than skype over wifi? They are both tcp/ip connections right?
Right. They're not different on my Nokia N900. Are they different on Android? Are they different on European iPhones (since they don't go via AT&T)? Is that different on other phones on AT&T's network?
And implement QoS that shoves BitTorrent packets to the back of the queue to give everything else a chance.
Why shove BitTorrent back? Why not shove HTTP back? Why not give each customer one n'th of the pipe (or weighed by the speed cap of each customer's subscription) to use as he sees fit?
Or were you suggesting temporarily delaying your own BitTorrent while my HTTP goes through, then delaying my non-existing HTTP while your BitTorrent goes through? That I approve of.
Organic wouldn't be the reason people would starve, corporate greed would be.
I think it's more a case of human greed. And human mistrust.
I think that the world has enough arable land to feed its inhabitants; and if enough people would volunteer their time, or their money which could be used to hire other people, we would have that food grown, easily.
But we don't, because people don't give those donations, because they don't know that donating $200 per month rather than $10/m will actually fix it; and maybe it won't, because your neighbor won't know that you will cooperate, and...
What I'm trying to say is this: if "the little man" pooled together their resources, they could accomplish a whole lot. Don't they (we, I) carry some blame for not doing that?
Slashdot Mirror
If you don't know what the bowels of the application should be doing, how do you design the GUI? How do you design a GUI if you don't know whether it's for a spreadsheet or a media player?
Well, I have one answer: "Customer focus groups say they want a call block list and a call forwarding feature."
An understanding of what your users want and what you're trying to help them achieve decides what features your application should have.
The desired feature set shapes the back end as well as the way the features are presented to the user for him or her to call upon.
Else, I think you get into nonsensical situations.
Compare these two statements:
(1) Because modern computers are equipped with a control key and a Z key and our user interface designer created a menu item labeled "Undo" with C-z as the shortcut, our editor supports undo.
(2) When humans write things on a computer, they make mistakes from time to time, but the notice soon after. To help them correct their mistakes easily, our editor supports undo.
Which one sounds most sensible? In which one does the GUI design drive the feature set? In which one does the feature set drive the GUI design?
I think you're confusing "this program should support Undo" with "there should be a rectangle with the word 'Undo' in it". You're confusing things, processes and properties with their visual representation; probably as a reaction against someone confusing them with their implementation.
Good design chooses "Should support Undo" before "Edit/Undo and Control-Z" and also before "maintain a 'vector of state_t', containing all the previous states of the document".
(Oh, and by the way, if you write some code to find out what's possible, you might get good ideas as to what the user wants; you've probably experienced the "Hey, that's cool! I didn't even know I wanted that!". That's what I'm on about here.)
They aren't gonna come bitching to you about how your databases lack some index, but they might complain that your list of videos isn't dropping stop words like "The" or "A".
How is sort order a property of a GUI? Bonus question: same question, but assume the application in question was a command-line one; no curses, just argv and stdin to stdout. How is sort order not completely orthogonal to graphics and interaction?
moving us closer to socialism and the end of The American Way of Life.
Yeah, I know! That would be so horrible!
Instead, you'd have socialism, where your ability to get a good education and a good job doesn't depend on how much money your parents have but how skilled you are at what you do. When you get sick, you get cured instead of gouged. When you buy a cell phone, you get serviced by well-regulated telephone companies---you don't get gouged*.
(* seriously---you're on the hook for 2 years?? I'm on the hook for 6 months, paying 10$/mo. for internet on my N900. My operator doesn't care whether I tether, use skype, or run my landline through asterisk on my laptop via the internet onto my cell; they just give me 1 gig / mo. and 0.10$/minute; and once I'm off the expensive contract, I'm back to getting 50 free minutes and 50 texts per month. That's *free*, zero charge).
I'm not really sure why it works, but Danes are the happiest people on earth (or were in 2007): http://abcnews.go.com/2020/story?id=4086092&page=1
This.
This is why I never talk to sysadmins :(
A Swede or Norwegian or Finn is able to say "yes, this was a mistake" and not be derided in public for it.
You left out Denmark (... you insensitive clod). Yes, this was a mistake ;-)
Also, while I hope we Scandinavians live up to the generally positive image you portray of us, it's not all roses.
Recall The Pirate Bay---police raids of their server farm, law suit? Not good :\
And due to a lawsuit between IFPI ("RIAA international") and Danish ISP A, resulting in the court ordering ISP A to block access to thepiratebay.org, my Danish ISP B also blocks access :( ... Ah well, I can read their blog via tor ;-)
I think someone bricked your dictionary
but the issue is that it's not professional
Exactly what does that mean? That it shouldn't be done as part of your job? But what if your job is tweeting information about your company's products? Or writing documentation for software using the Twitter API?
Okay, so you were talking about journalists---but in that case, you're saying that "Journalists shouldn't say 'tweet' because it's [a thing you shouldn't do if you're working as a journalist]" (i.e. [...]=unprofessional).
But that looks like a circular argument.
I think a less circular argument might go something like this: not using the word "tweet" to mean "post on twitter.com" will make the NYT sell better, because its target audience (1) dislikes that meaning of the word; and/or (2) wants (relatively) slang-free language.
(Which is of course what you're really saying, so I'm in violent agreement with you; but I think the form of the argument is relevant.)
Upon arrival do not speak to St. Peter until spoken to. ... Don't try to kodak him.
And if you do, for god's sake don't Xerox the prints!
HAI! I CAN HAZ TWEETER??
Cool post! Mind if I share it with my friends on facebook?
(And goddammit, why do I use facebook? ... sigh ...)
Quoting from your linked article:
Single-client private computing is realizable via FHE, as we explain below
FHE is Fully Homomorphic Encryption, exactly what Gentry has shown to exist.
(Note, I haven't read your linked article fully, nor have I read Gentry's thesis fully; I may be wrong, but a first guess would suggest that your linked article isn't in conflict with Gentry).
If you can sort your data by plaintext, while still in ciphertext form (ie, without decrypting it on the cloud's hardware AT ALL), then what's stopping your cloud provider from doing it, too?
Nothing. The result will be a list of ciphertexts which won't reveal anything about the plaintexts.
See also the thesis, page 5 (5 on paper, 15 in pdf):
At a high-level, the essence of fully homomorphic encryption is simple: given ciphertexts that encrypt pi_1, ..., p_t fully homomorphic encryption should allow anyone (not just the key-holder) to output a ciphertext that encrypts f(pi_1, ..., p_t) for any desired function f, as long as that function can be efficiently computed. No information about pi_1, ..., p_t or ..., pi_t), or any intermediate plaintext values, should leak; the inputs, output and intermediate values are always encrypted.
f(pi_1,
So if I give you pi_1 and pi_2, you'll know that E(min(pi_1, pi_2)) = 42 and E(max(pi_1, pi_2)) = 17. What do their encryptions tell you about pi_1 and pi_2?
You're leaking information about your data to your provider, and if they wanted to, they could perform a process of elimination and discover your plaintext.
I don't think it's possible; I must admit I haven't read Gentry's thesis, but I assume he proves what he advertises---that he has a fully homomorphic encryption scheme. In that case, it is indeed possible to carry out any computation on encrypted values without revealing information about neither the plaintext nor the result of the computation.
Of course, if I'm wrong, I would very much like to see your algorithm for discovering the plaintext.
The thing to keep in mind here is that the idea is to make it so your cloud provider has no way to read, or infer information about, your data. I'm in the camp that believes it's not possible, but even if it is possible, known methods (like this one) are neither plausible nor secure.
Gentry's approach uses lattices; his approach should be secure against people whose computational resources are polynomial in the plaintext size, even (I think we think*) if they have quantum computers.
(* I haven't looked closely, so I'm randomly guessing his use of lattices is of the kind where no publicly known quantum attacks exist).
Security isn't an on/off thing. There's a stricter security property Gentry's system either satisfies or doesn't satisfy---that no one can know anything about the plain texts, even if computing on the ciphertexts "forever".
But in-use technology such as SSL, ssh, PGP/GPG doesn't live up to this standard, yet in practical security it's never the *crypto* that's broken.
To say that Gentry's work is not only wrong (not secure) but not plausible I think implies that the PhD committee at Stanford is doing a piss-poor job. Is that really what you mean?
(This is one of the reasons I'm doing my PhD in cryptography: in algorithms, or languages, or $subfield, when there's something you don't know you just know that you don't know how to do X; in cryptography, when there's stuff you don't know, it seems like magic is possible)
Side note: The things people will claim to make this mostly BS idea of the cloud seem to work never cease to amaze me.
If I know anything about \subsection{Motivation}, they're using cloud computing to make fully homomorphic encryption seem* worthwhile.
(* appearances may be true or false but not both).
Academic cryptography has developed the theory necessary for all the important problems people want solved in practice (i.e. public key encryption). That's why we work on the (apparently) less important problems now, and that's why the "motivation" part of our articles are a little... stretched ;-)
You can argue that someone ought to work on building and deploying technology based on the good ol' cryptographic theory (i.e. an internet with end-to-end public key cryptography). I won't argue against you, but I think it requires solving problems of internet governance first.
It has nothing to do with figuring out you need to "encrypt everything". It's about needing the two to three decades of research and development required to build an Internet capable of end to end encryption; development that simply has not been done.
Well, here's a rather simple idea: if the encryption needs to be end to end, the receiving end needs to decrypt what's received. That's possible today.
Alternatively, you could have something right before the end do the decryption on the end's behalf (say, at the ISP). Why I (as the receiver) would rather have my ISP decrypt my data than my own computer(s), I'm not really sure. Can anyone explain this to me?
In practical terms: as a slashdot user, I can't force slashdot to accept my password when I transmit it via HTTPS; slashdot only listens to me if I send my password in the clear. Slashdot could accept encrypted logged-in sessions, but they choose not to. Spending two or three decades researching how to force slashdot to adopt the security policy I would like---I'm not sure what's there to research... (?)
So... exactly what should be researched? Better cryptography marketing strategies? Or did I miss something? By all means, give me ideas; researching cryptography is what I do (currently), so it would seem I'm in just the right position to do the research. I just have no idea what people want to do that's not being done for a lack of cryptographic tools rather than policy reasons.
Wait, I thought that was the plot for Quake? ...
"...which can doom</b> any collaborative efforts." I see what you did there.
I see what you didn't there :p
The problem is that criticizing the government is one of the primary reasons to have the notion of "freedom of speech".
I would think that the primary reason for having the notion of freedom of speech is to point out and criticize use and abuse of power. In the colonial America around 1776, the abuse of power came directly or indirectly from governmental power (the English king). Today, there's also use and abuse of power from private and public companies.
Look also at guilt and burden of evidence in civil vs. criminal cases: in civil cases, the verdict is decided based on a "preponderance of evidence" (51-49); in criminal cases, it's "beyond a reasonable doubt". The reasoning behind this is that the government can direct many more resources towards a legal battle than a private person.
Today, private (and public) companies can direct many more resources towards a legal battle than a private (human) person. I hold that an almost equally important use of freedom of speech is to criticize use and abuse of corporate power.
[here's my evidence (of sorts)
Something which may or may not convince you that large companies weren't such a big issue in 1776, the list of companies formed in 1700-1799: http://en.wikipedia.org/wiki/Category:Companies_established_in_the_18th_century
(notice how few there are, and how many are not in north America)
Note also that for the first 100 years since 1776, corporations were not citizens: http://en.wikipedia.org/wiki/Santa_Clara_County_v._Southern_Pacific_Railroad
]
Kind of like FUSE has done for filesystems. Sure, it is easier to write a proprietary filesystem than it has ever been for linux. But it is also vastly easier to write free ones too. The end result is that there are far more Free (tm) and interesting filesystems than there ever were.
There's a sig I see around here, about religions: (paraphrased) "If you need government to enforce your religious rules, what does that say about the strength of your message?"
If we* need to make it impossible for proprietary software to work with free software in order to sell** the free software, what does that say about the strength of our message and our ability to compete, feature/tech-wise? :(
I give all my moral support*** to the GNU project, which has the goal of enabling people to use only Free Software(tm) and Get Their Shit Done(tm). Making free software worse for the purpose of making proprietary software more worse (say, as in non-existent) runs counter to the purpose of the GNU project. Don't do that. Be pro-free, not anti-proprietary.
* The "freetards" :D
** lit. "make people use", fig. as in "selling [someone on] an idea".
*** including by wearing @gnu.org in my mail address---but I don't represent anyone but myself.
I know this is an unpopular opinion, but the constitution's just a piece of paper. We are a living, breathing society ruled by living, breathing individuals and our laws likewise evolve with us.
Who directs the laws? Who sets their direction?
Why can I make laws restricting what you do (or not, as the case may be)? If party A can make laws restricting the behavior of party B, shouldn't party B get a say in which laws party A can make?
Would you be OK with me making a law that says you should pay me 100% of your earnings in taxes (and all your stuff in property taxes)? No? Is that only because I don't have enough guns to enforce it? Do you believe might makes right?
I'm European, so I probably trust my government more than the average US citizen trust theirs. But I still want my government to be limited in its ability to intrude in my life.
Why would skype over 3g be different than skype over wifi? They are both tcp/ip connections right?
Right. They're not different on my Nokia N900. Are they different on Android? Are they different on European iPhones (since they don't go via AT&T)? Is that different on other phones on AT&T's network?
India implemented this law before they had their terrorist attacks last year and it sure did a lot to prevent those eh?
The cell phone registration law prevented 28% of those attacks that didn't happen!
Mathematics is all fun and games until someone loses an i.
And implement QoS that shoves BitTorrent packets to the back of the queue to give everything else a chance.
Why shove BitTorrent back? Why not shove HTTP back? Why not give each customer one n'th of the pipe (or weighed by the speed cap of each customer's subscription) to use as he sees fit?
Or were you suggesting temporarily delaying your own BitTorrent while my HTTP goes through, then delaying my non-existing HTTP while your BitTorrent goes through? That I approve of.
But don't mess with how people use the pipes.
You're skirting the issue ;-)
Organic wouldn't be the reason people would starve, corporate greed would be.
I think it's more a case of human greed. And human mistrust.
I think that the world has enough arable land to feed its inhabitants; and if enough people would volunteer their time, or their money which could be used to hire other people, we would have that food grown, easily.
But we don't, because people don't give those donations, because they don't know that donating $200 per month rather than $10/m will actually fix it; and maybe it won't, because your neighbor won't know that you will cooperate, and ...
What I'm trying to say is this: if "the little man" pooled together their resources, they could accomplish a whole lot. Don't they (we, I) carry some blame for not doing that?
I think if Martin Gardner were still alive and read your post, he would be very happy.
The take-home lesson of that is: let your childhood heroes, your idols and your mentors know that you are thankful while they still live.
(because maybe you will mentor someone and they will come back and thank you for good tutelage.)