Actually, I think that would work, if those not converting are punished.
I think the rest of the world will follow suit. There are enough interesting pages on US-based servers that not offering IPv6 transit is a business non-starter.
Would it be a good idea? "I'm from the government and I'm here to help you". I'm not sure what the outcome would be, and I think that outcomes are ultimately that which we should judge governmental actions by.
The waterboarding and other torture at Gitmo was immoral; shamefully immoral, but was ethical.
If by ethical you mean the same thing as me, it wasn't. If you by ethical mean in accordance with the laws of war, I think there's this thing about not torturing your POWs...
On the other hand, there's the Schiavo case; we can have a long debate about this without coming to any conclusion, but some people believe that it's ethical to kill someone in some cases.
(I'll abstain from stating my view on the matter)
Clearly it's far from the application in question here, but it's not completely oxymoronic.
(You can resume laughing now, parent's joke is still funny.)
I don't see this pattern of thinking in our industry changing
The important question here is of course this: who is making the choices?
Who decides that this is the way it will be? I can only imagine that Debian's popularity-contest was conceived by someone who knows how to write code, and presumably cares about privacy in relation to computers. They may not have the same values as me, but I think it's on their radar. It's probably also written primarily by the person conceiving it.
I'm still in school (although I've dipped my toes in the non-free real world for a year), so I don't know exactly who calls which shots and what the inter-company differences are. But I imagine that the policy regarding the use of the data is not made by techies.
I think they're made by people who worry about either selling stuff, telling the user to buy stuff or making sure the profit is big, while asking those who ensure you won't get your profit sued away. Who there thinks about their computer behaving exactly like they want (as distinct from getting the job done)?
In any case, we probably don't need to target/. to get the message out; but how do we convince those who decide to give the user some input on the decision?
In the UK there might be, but we don't know that your parent poster is from the UK.
I'm from Denmark, some other country on the same side of the pond as the UK, and we don't have any cameras filming the streets.
I haven't read our data protection laws as closely as our copyright laws, but my general recollection is that we don't exactly let everyone talk about who we are. I was recently looking at switching to a free* phone company (*first 50 minutes and 50 SMSes every month, more than enough for me), and their privacy statement---yeah I know, they're not worth that much---said in specific terms that they kept their cards close to the vest.
So if not the UK, could you get enthusiastic about the privacy laws in one of
Last I checked (admittedly more than a year ago), they were still working on a good way of refreshing the key; there were also other problems with DNSSEC that made it not quite ready for prime time.
Does anyone know if the people involved have all said "Yep, it's done now, go use it"?
It'd suck to be in the IPv4 situation: there's this thing we want to migrate to as soon as everyone else does as well.
It's easy to say "let's try out some shit and drop it if it doesn't work" when very few people grow dependent on your work; when the whole world does so, it's a bit more difficult.
While a good suggestion in the cases where you know ahead of time that you'll soon be dead soon, it doesn't work.
It can be adapted easily to unforeseen death, though: hide a slip of paper with the instructions on them inside your computer, and put in your will a request that someone takes apart your computer and follows the instructions. Include instructions for doing so;)
Bring back copyright law/legislation to original/sane levels, and I think that most people will abide/be okay with that.
Really?
I think most people, when they know that they can copy CDs and they have a friend over with their CDs, they'll say "hey, can I burn a copy of that disc?". They'll agree to burn it, and both will observe that no one is harmed.
It's been going on with music casettes, with amiga 500 games on floppies, with PC games [though in the pre-burner era you just installed from your friend's disk]. People want to do it, and they probably don't see anything wrong with it.
I also think the people who know why violating copyright is wrong (according to those who believe it is) but choose to do it anyway will continue to do so. They don't do it because they rebel against the people who make the law, or those who enforce it, or those who use it against them in lawsuits. They do it because it's free and easy. It won't stop being free and easy.
Thirdly, I don't think it's the copyright term that needs fixing; what should be fixed is the rules and practices surrounding the enforcement of copyright law.
Eliminate dragnet surveillance, stop spying on people, kill off the DMCA, give the ISPs who want to stand up against the RIAA members a leg to stand on, don't conscript universities into being RIAA members' guard dogs, and so forth.
Then some of the ill will against the RIAA members will go away, and those who violate copyright law mostly out of spite will lose the motivation to do so.
These are things that people spend years learning about and are constantly learning more about
And the Wall of Sheep shows us that even those highly interested who dedicate large amounts of time to perfecting their understanding and know-how fail to get it right.
this is completely useless against even a moderately sophisticated thief.
Let's just take that at face value. I'm not sure I agree with the words "completely" and "moderately", but I certainly agree with the general sentiment here: unlike Boris Ivanovich Grishenko, it's not invincible.
But let's all stand back and consider the big picture: what are the security objectives, what are the threats, and what are the risks?
The primary main objective is to prevent unauthorized access to data.
The threats are: negligent laptop possessors losing the laptop; incompetent thieves stealing it for profit; competent thieves stealing it for profit; competent thieves stealing it for data.
In the first three cases, you're probably well served by this: you're likely to lock down the laptop before people access the data. In the fourth case, you may be as well; depends on exactly how the theft takes place.
I think I've listed the four scenarios in decreasing frequency. So only for the most unlikely case is this technology maybe going to suck ass.
I've also had my own ideas about why I wouldn't need to purchase anything from anyone to get the same.
Encrypt your disk, first of all; I assume you already do if you care about your data not being accessed if your laptop gets stolen. Have a bluetooth phone.
Whenever the laptop loses contact with the bluetooth phone, activate the screen saver and log out of all VTs.
When the phone has been gone for too long [tune this parameter according to paranoia], shred the master key required to decrypt the disk* and then shut down.
[* assumption: each user u has a password pu, a key ku = pbkdf(p), and an encrypted copy of the master key E_ku(km); the disk, except a small bootstrapping OS in the front, is encrypted with km; you have stored a copy of the master key in your secure backup vault, so that you can easily restore this].
Every so often, download a file at a fixed URL; If it's signed by the correct signing key [your laptop holds the corresponding verification key], run the file as a shell script.
Let's see: against loss and for-money theft, this should work just as well. In fact, even better: once the laptop possessor gets too far away from the laptop, it gets "soft locked". You can do a hard lock straight away if the machine is connected to the internet (by putting the signed shutdown command on your server), or you can the the "soft lock" time expire and have the machine "hard lock" itself.
You can do this yourself. You just need a competent sysadmin. IBM sales people wear nicer ties than your manager's competent sysadmins, though;)
If it's "ssh user@host:port <key>", signed, then ssh into the host using the given key, with reverse port forwarding such that it can ssh back to you.
When it's stolen, you do this:
Generate an ssh key pair and a dummy account with "sleep inf" as its login shell [tie down sshd a bit if you feel like it].
Run ssh on the given port in a chroot jail inside a virtual machine on a diskless spare laptop on the outside of your firewall [take extra security precautions according to your own needs].
They need to have time to study their target and come up with a plan of attack.
Time means living expenses. That means a job, unless you're independently wealthy.
This means that to try once and fail, and then be able to try again, you have to:
- not be identified in your first attempt; or - escape the force of law [including extradition laws] - do the jail time
Escaping the force of law probably makes it untenable to have a job, so that one is only available to people who are independently wealthy. Doing the time means the rate of professional theft gets lowered by a huge bit.
Not succeeding the first time and also not being identified... I have no idea how likely this is, it's not *that* kind of security I try to break professionally;)
Slashdot Mirror
Actually, I think that would work, if those not converting are punished.
I think the rest of the world will follow suit. There are enough interesting pages on US-based servers that not offering IPv6 transit is a business non-starter.
Would it be a good idea? "I'm from the government and I'm here to help you". I'm not sure what the outcome would be, and I think that outcomes are ultimately that which we should judge governmental actions by.
Not sure why I'm +5 informative.... +funny, maybe...
Someone wanted to give you a Karma bonus; points for Funny doesn't give you that.
And even if it's mostly funny at first, the point underneath may very well be insightful.
The waterboarding and other torture at Gitmo was immoral; shamefully immoral, but was ethical.
If by ethical you mean the same thing as me, it wasn't. If you by ethical mean in accordance with the laws of war, I think there's this thing about not torturing your POWs...
"Less risk to our troops" can translate into "we go into more wars"
You don't like wars because people are killed. You're talking about potentially eliminating human casualties in any war.
No he's not. He's talking about this:
Robot wars (heh...) may lead to more lives lost on the battlefields. That's what parent is worried about.
If the lives lost aren't American Lives, does it still matter?
If this question seriously needs to be asked, this world is fucked.
Heh ;)
On the other hand, there's the Schiavo case; we can have a long debate about this without coming to any conclusion, but some people believe that it's ethical to kill someone in some cases.
(I'll abstain from stating my view on the matter)
Clearly it's far from the application in question here, but it's not completely oxymoronic.
(You can resume laughing now, parent's joke is still funny.)
I don't see this pattern of thinking in our industry changing
The important question here is of course this: who is making the choices?
Who decides that this is the way it will be? I can only imagine that Debian's popularity-contest was conceived by someone who knows how to write code, and presumably cares about privacy in relation to computers. They may not have the same values as me, but I think it's on their radar. It's probably also written primarily by the person conceiving it.
I'm still in school (although I've dipped my toes in the non-free real world for a year), so I don't know exactly who calls which shots and what the inter-company differences are. But I imagine that the policy regarding the use of the data is not made by techies.
I think they're made by people who worry about either selling stuff, telling the user to buy stuff or making sure the profit is big, while asking those who ensure you won't get your profit sued away. Who there thinks about their computer behaving exactly like they want (as distinct from getting the job done)?
In any case, we probably don't need to target /. to get the message out; but how do we convince those who decide to give the user some input on the decision?
there's a camera on every corner in your country
No there isn't.
In the UK there might be, but we don't know that your parent poster is from the UK.
I'm from Denmark, some other country on the same side of the pond as the UK, and we don't have any cameras filming the streets.
I haven't read our data protection laws as closely as our copyright laws, but my general recollection is that we don't exactly let everyone talk about who we are. I was recently looking at switching to a free* phone company (*first 50 minutes and 50 SMSes every month, more than enough for me), and their privacy statement---yeah I know, they're not worth that much---said in specific terms that they kept their cards close to the vest.
So if not the UK, could you get enthusiastic about the privacy laws in one of
Denmark, Norway, Sweden, Finland, Iceland, Ireland, Germany, France, Belgium, Switzerland, Austria, Italy, Spain, Portugal, Estonia, Latvia, Lithuania, Russia, Poland, Belarus, Moldovia, Slovakia, The Czech Republic, Bulgaria, Romania, Greece?
(sorry for not mentioning the name of every country listed on http://en.wikipedia.org/wiki/Europe)
Is DNSSEC ready for prime time?
Last I checked (admittedly more than a year ago), they were still working on a good way of refreshing the key; there were also other problems with DNSSEC that made it not quite ready for prime time.
Does anyone know if the people involved have all said "Yep, it's done now, go use it"?
It'd suck to be in the IPv4 situation: there's this thing we want to migrate to as soon as everyone else does as well.
It's easy to say "let's try out some shit and drop it if it doesn't work" when very few people grow dependent on your work; when the whole world does so, it's a bit more difficult.
asking me to do your plumbing
Yeah, there isn't the same good ring to NewYourCountryPlumber.
I'm sorry about your loss.
While a good suggestion in the cases where you know ahead of time that you'll soon be dead soon, it doesn't work.
It can be adapted easily to unforeseen death, though: hide a slip of paper with the instructions on them inside your computer, and put in your will a request that someone takes apart your computer and follows the instructions. Include instructions for doing so ;)
Bring back copyright law/legislation to original/sane levels, and I think that most people will abide/be okay with that.
Really?
I think most people, when they know that they can copy CDs and they have a friend over with their CDs, they'll say "hey, can I burn a copy of that disc?". They'll agree to burn it, and both will observe that no one is harmed.
It's been going on with music casettes, with amiga 500 games on floppies, with PC games [though in the pre-burner era you just installed from your friend's disk]. People want to do it, and they probably don't see anything wrong with it.
I also think the people who know why violating copyright is wrong (according to those who believe it is) but choose to do it anyway will continue to do so. They don't do it because they rebel against the people who make the law, or those who enforce it, or those who use it against them in lawsuits. They do it because it's free and easy. It won't stop being free and easy.
Thirdly, I don't think it's the copyright term that needs fixing; what should be fixed is the rules and practices surrounding the enforcement of copyright law.
Eliminate dragnet surveillance, stop spying on people, kill off the DMCA, give the ISPs who want to stand up against the RIAA members a leg to stand on, don't conscript universities into being RIAA members' guard dogs, and so forth.
Then some of the ill will against the RIAA members will go away, and those who violate copyright law mostly out of spite will lose the motivation to do so.
These are things that people spend years learning about and are constantly learning more about
And the Wall of Sheep shows us that even those highly interested who dedicate large amounts of time to perfecting their understanding and know-how fail to get it right.
this is completely useless against even a moderately sophisticated thief.
Let's just take that at face value. I'm not sure I agree with the words "completely" and "moderately", but I certainly agree with the general sentiment here: unlike Boris Ivanovich Grishenko, it's not invincible.
But let's all stand back and consider the big picture: what are the security objectives, what are the threats, and what are the risks?
The primary main objective is to prevent unauthorized access to data.
The threats are: negligent laptop possessors losing the laptop; incompetent thieves stealing it for profit; competent thieves stealing it for profit; competent thieves stealing it for data.
In the first three cases, you're probably well served by this: you're likely to lock down the laptop before people access the data. In the fourth case, you may be as well; depends on exactly how the theft takes place.
I think I've listed the four scenarios in decreasing frequency. So only for the most unlikely case is this technology maybe going to suck ass.
I've also had my own ideas about why I wouldn't need to purchase anything from anyone to get the same.
Encrypt your disk, first of all; I assume you already do if you care about your data not being accessed if your laptop gets stolen. Have a bluetooth phone.
Whenever the laptop loses contact with the bluetooth phone, activate the screen saver and log out of all VTs.
When the phone has been gone for too long [tune this parameter according to paranoia], shred the master key required to decrypt the disk* and then shut down.
[* assumption: each user u has a password pu, a key ku = pbkdf(p), and an encrypted copy of the master key E_ku(km); the disk, except a small bootstrapping OS in the front, is encrypted with km; you have stored a copy of the master key in your secure backup vault, so that you can easily restore this].
Every so often, download a file at a fixed URL; If it's signed by the correct signing key [your laptop holds the corresponding verification key], run the file as a shell script.
Let's see: against loss and for-money theft, this should work just as well. In fact, even better: once the laptop possessor gets too far away from the laptop, it gets "soft locked". You can do a hard lock straight away if the machine is connected to the internet (by putting the signed shutdown command on your server), or you can the the "soft lock" time expire and have the machine "hard lock" itself.
You can do this yourself. You just need a competent sysadmin. IBM sales people wear nicer ties than your manager's competent sysadmins, though ;)
write a script so anytime your laptop connects automatically reports its ip to a home machine. [...] then ssh to it
Except it may be behind a NAT. To do it right, I think you need to do the following:
When it's stolen, you do this:
They need to have time to study their target and come up with a plan of attack.
Time means living expenses. That means a job, unless you're independently wealthy.
This means that to try once and fail, and then be able to try again, you have to:
- not be identified in your first attempt; or
- escape the force of law [including extradition laws]
- do the jail time
Escaping the force of law probably makes it untenable to have a job, so that one is only available to people who are independently wealthy. Doing the time means the rate of professional theft gets lowered by a huge bit.
Not succeeding the first time and also not being identified... I have no idea how likely this is, it's not *that* kind of security I try to break professionally ;)
People again complain about scaling coffee.
Yeah, I really hate when my cup keeps its shape but gets twice or half as big all of the sudden! ;)
Wouldn't that be like knowingly bringing someone into the world knowing that they are going to be horrendously ugly and live their life lonely?
Really? Some of the boys I see attached to some girls would fit the description "Neanderthal" quite well ;)
Crap, you know the same thing happened to me from AplLawyrBabe80?
Just like blood ninja, You better start writing down their names ;)
Our hearts go out to the 17 victims of the recent internet scam.
Yeah, keeping the code proprietary works great.
Just ask Blizzard, they haven't banned *one* *single* *player* from Battle.net for cheating...
</unimpressed>
you can pick up hookers in San Andreas and engage in something that makes the car bounce.
I can't wait to hear. The suspension's killing me.
As an anonymous coward you don't have karma to lose and thus you get into troll fights all the time.
I discard your evidence-based claims as an argument from authority.
If that "six million dialects of lisp" was supposed to be a C3P0 joke, it failed..
Your looking at the moderation failed more :P
It's c'est la vie. Sorry for being a grammar nazi.
Just install emacs, it has syntax highlighting for over six million dialects of lisp.