Yeah, but it immensely complicates incident recovery. Rebuilding a compromised system isn't enough if you can't trust the BIOS anymore. It's only a matter of time before the compromised BIOS' adapt to re-compromise the new BIOS as it's written, so re-flashing the BIOS of a compromised computer isn't a good long-term fix.
Does this make a compromised computer basically a paperweight? That's going to turn IT into a really expensive scene really quickly.
That has its own set of consequences, though. Your rule would have the side-effect of guaranteeing that anyone working in the regulatory agency will be completely ignorant of how the industry they're regulating works.
1) Part of the reason this whole thing is coming up is that Apple said that were going to modify the encryption on iPhones so that they couldn't decrypt them either. It's at that point that the big push for breakable encryption started. So, saying that this is just about companies giving the NSA data that the companies already have isn't true. A subpoena/NSL/FISA court order is sufficient for legal access to data that the companies already have. If that were all the NSA/FBI/etc wanted, then they already have the tools to get that data.
2) given that, it is imperative upon the people asking for the change to explain why supoenas/NSLs/FISA court orders are insufficient. I haven't heard a single thing about that, *except* in the context of companies like Apple enabling encryption and *not* escrowing the keys. That puts a lie to the idea that this is just about accessing data that the companies already have.
Lastly, please don't make "talk like adults" sideswipes...you're assuming bad faith on the part of your commenters, (me, in this case) which you have no evidence of. This is a very passive-aggressive way of insulting your debate partner. If you'd really like to debate, this is not helpful.
There are multiple problems with your statement. Lets look at them all, shall we:
What he "wants", when US-based companies hold data that still can technically be accessed for legitimate foreign intelligence purposes supported by our system of law
No. The trigger for this isn't that companies are holding data...it's that users have data, and the NSA wants to force the companies to keep/get access their users data even if the company doesn't want to, so that the NSA can access it also. This is a *very* different proposition. If Apple doesn't want to hold its user's data, why should the NSA force them to just so that the NSA can read it? That seems to be the NSA's problem, not Apple's.
If, on the other hand, you live in a world where simply crying "Encryption!" is some kind of barrier that magically sanctifies the underlying data
Saying "encryption" does not make the data magical, but it also doesn't entitle the NSA to special treatment. If they can break it, fine. If they can't, there is no valid reason for me to make it easy for them.
then I would ask what you think about the German and Japanese codes in WWII?
Attacking RSA/DSA/AES/etc is the NSA's job. If they can do that, fine. Deliberately weakening an existing system to make it *easier* for them to do those attacks isn't our job, or our problem. If they want to beat their heads against AES, go for it. But that's not a valid reason for country-wide key escrow.
Lastly, on the specialness of America: Do we really believe that the US is the only one who has the "right" to access any backdoor/golden-key/whatever? That's absolute nonsense. If the US forces Apple, Google, MS, etc to build key escrow into their devices so that the NSA can read the data on them, then that key will be used by every government on the earth. If you really believe that the NSA will manage to keep exclusive control of a master key for all encryption for a given major vendor, then I'm going to call you delusional.
There's one problem it won't fix: the Greek debts to EU are not going to shift to the a currency just because Greece does. The debts to the rest of the EU will remain in Euros, and if the Greek "new Drachma" devalues massively compared to the Euro, the relative loan repayments in new Drachma will go up correspondingly.
Greece can't print their way out of the loans. They can print their way to cheaper exports, yes....but the can't print their way out of the loans.
No, the Earth really is slowing down very, very gradually. The tidal forces from the moon is slowly leeching off rotational energy from the Earch (as heat). See here: http://en.wikipedia.org/wiki/T...
I've often wondered about the possibility of not re-burying the trench: make the trench shallower, cover it with a walkable grate, and just leave it that way. Sure, the grate will get covered by leaves, and the trench will fill with water (have to have a way to drain that), but those seem like minor problems. The cable would be shielded from the vast majority of problems (falling branches, cars hitting poles, squirrels). And since it's just a grate covering, it's just as easy to find problems & service as if they were on a pole. I'm sure I'm missing some reason why this isn't feasible, though...
This is true with one big caveat: the kernel still comes from the cromeOS partition, not the linux partition. I learned this the hard way with my chromebook....I could never get it to a 2.6 Kernel (never mind 3.x) because the system had actually booted the kernel from the chromeOS partition, but the rest of linux from my ubuntu partition.
I'm beginning to think that the lack of difference between the party policies isn't that they're the same party...I think the institutional attitudes of various agencies doesn't change with government rotation because most of the employees of the agencies don't change. That can be as good (if the party you disagree with is in power, it's hard for them to gut an agency they don't like), and it can be bad (an out of control agency can almost do whatever the hell they like, since they know they can outwait any mangement they disagree with).
I'm not sure how to solve this one, though...if you clean out the entire upper echelon of an agency at administration rollover, then you risk seriously politicising even the most bland agencies. On the other hand, some of these agencies clearly need an attitude adjustment, and I really do think the attitude problem is endemic to the entire culture of the agency, not just their leadership.
Maybe a max term for any federal employee that they can't work for any one agency for more than 10 years?
Agree. The moon's dust problem alone makes it problematic. I'd argue for L4 or L5 before the moon. There's still some dust at L4 & L5, but the sheer amount of it is much lower, and the gravity well to get there (and leave again) is much lower. It's not as inpsiring to say "we're on L4!", but it's also a first-person-gets-it kinda situation...you can have multiple moon bases, but really only one at L4 or L5.
The difference, which the summary alludes to, but doesn't call out, is that it's very typical for book contracts to contain a clause that reverts all copyrights back to the author after the book falls out of print for some period of time. Music contracts very rarely have that. Music contracts may or may not have covered the right to distribute the works digitally, but the music publishers still have *some* rights to old works, where the book publishers will have none.
It's not quite that simple. The GP post is correct that Cogent has a horrible reputation in the industry. Here's a synopsis of the most common Cogent dispute:
1) User in New York on ISP A requests data from Server in San Francisco on Cogent. 2) ISP A and Cogent interconnect in San Francisco and New York. 3) ISP A wants Cogent to carry the traffic to New York and drop it onto the ISP's network as close a possible to the customer (cold-potato routing), Cogent wants it off their network as soon as possible so they drop it onto the ISP A San Francisco interconnect (hot potato routing).
The question boils down to: which one of them is going to have to build a bigger national backbone to handle the extra traffic from the user in New York? Neither one wants to, and wants to force the other one to do it.
As to why ISPs are not blacklisting Cogent: they are. That's what all these bandwidth problems with Netflix are about: ISPs are playing chicken with Cogent, trying to force Cogent's customers to bully them into upgrading their network. ISPs aren't limiting Netflix: they're refusing to upgrade interconnects with Cogent until Cogent starts using cold-potato routing.
In this case, one of Cogent's customers blinked before Cogent did, and side-stepped the problem.
The original series had hot babes in filmy, barely-there outfits and paper-thin allegories about the cold war, but very little science. The next generation had morality plays, and tried (and failed) to do science by changing of the polarization of the deflector dish (or whatever "insert sciency bit here" they did that week). The others I didn't bother to watch (though I hear there's an episode where a character is "evolved" into a lizard and then back again.....really?).
Star Trek has always been terrible at the "serious" sci-fi. It's just terrible at serious scifi in a very different way than Star Wars is.
If you run an ISP and still don't understand that you're not the interesting part of the internet, then you have never understood your place on the 'net. ISPs exist for one reason, and one reason only: to allow people to access content. Period. The "Economic Balance" isn't "tipping towards content companies"...the content companies *are* *the* *things* *your* *customers* *want*. The only thing they want from you is to get to those companies (or each other). You are a conduit, a tube, even. Nothing more.
The regulations prohibit ISPs from charging more when content providers waste bandwidth
If your users want the traffic, then the content providers aren't "wasting" it...your customers (who are already paying you for those bits, I should point out) are using what they've paid for. Saying that content providers are wasting bandwidth is basically complaining that your users are actually *using* what you sold them...which is really not a winning argument.
Spam was and still is an enormous economic incentive to replace SMTP....and yet, after a decade of avalanches of spam, we haven't replaced SMTP with something that addresses any of the aspects of SMTP that permit spam to happen. This situation isn't even on the same order of magnitude of economic burden as spam is every single day. So, yes, the current situation *economically* is exactly like it was the last decade: we're paying for the design decisions of SMTP, and will continue to do so until something shinier comes along that people move to. That migration will happen slowly, over years, and SMTP will slowly wither away as the migration happens.
I'm even hearing rumors about replacing SMTP altogether with a more secure protocol.
There have been "rumors" and "proposals" to replace SMTP for almost a decade. It'll never happen. SMTP will die slowly, the same way NNTP is slowly dying. And that will only happen when there's a way to communicate that surpasses it. Web discussion boards basically killed NNTP. I don't think there's anything out there yet to kill SMTP.
Also, encrypting your mail misses the point. Groups like the NSA can still do traffic analysis on the SMTP envelope to know who you're talking with even without reading the contents of the email. The fact that you're in regular communication with a "target" is enough to make you interesting. If the "target" is subject to an full-on investigation (not the browsing that they appear to be doing), then being in regular contact with that target, would be sufficient grounds to apply for (and probably get) a court order to put a keylogger put on your machine.
Expect a lot of wailing and gnashing-of-teeth from the government, proposals to make this or that protocol "illegal" or to require government backdoor access, but in the end it will come down to simple economics.
There won't be much public wailing...they've got the laws they need. Just like what happened with Lavabit, they don't need to ban anything anymore, they'll just show up at any provider & say "give us all of the data you have on person . If you don't have any, start collecting it. Now."
Also, moving data out of the US (to Germany, for example), just means that the NSA has to ask the local spy agency (like the BND in germany) for the information. The Western governmental spy agencies seem to have no problem providing it. In fact, the NSA spying on data overseas would be *less* unconstitutional than what they're doing now....they'd love that.
Face it, the only way forward is something like freenet. The problem is, freenet withered on the vine.
While I find the idea interesting, I'm annoyed at the fact that it's useless without WigWam's cloud service. I've been burned too many times already, so I'm not particularly willing to build a complex home automation setup just to have the whole thing turned to a set of bricks because WigWam got bought by Yahoo (who seem to shut down every startup they buy), or just ran out of money.
I think both stats could be right: people are buying them, and then wiping them to install something useful. It's not the chromebook that's failing...it's chromeOS that people don't want.
Thirded...installing chrUbuntu takes it from a google-leashed mostly-useless toy into a really reasonable, cheap minilaptop. I'm quite happy with mine...as long as it's running linux, not chromeOS.
That list is just companies that trade in financial information (credit scores, loan companies, etc). Notice that google doesn't show up in that list at all, but google *definitely* has information about me (whether I like it or not). So, your list is woefully incomplete. I suspect the full list of companies that collect personal information doesn't exist. That's kinda my point. Is the tacit expectation of this law that people will have to find out (somehow...) which companies *might* have information on them, and then blanket-mail all of them demanding to see their info? That isn't as big a step forward as one might think.
Interesting side problem: how do you know which corporations have data about you? The big companies like Google are known, but there's alot of other data brokers around...how can I demand data from a company I don't know about?
Slashdot Mirror
Yeah, but it immensely complicates incident recovery. Rebuilding a compromised system isn't enough if you can't trust the BIOS anymore. It's only a matter of time before the compromised BIOS' adapt to re-compromise the new BIOS as it's written, so re-flashing the BIOS of a compromised computer isn't a good long-term fix.
Does this make a compromised computer basically a paperweight? That's going to turn IT into a really expensive scene really quickly.
That has its own set of consequences, though. Your rule would have the side-effect of guaranteeing that anyone working in the regulatory agency will be completely ignorant of how the industry they're regulating works.
A few more thoughts:
1) Part of the reason this whole thing is coming up is that Apple said that were going to modify the encryption on iPhones so that they couldn't decrypt them either. It's at that point that the big push for breakable encryption started. So, saying that this is just about companies giving the NSA data that the companies already have isn't true. A subpoena/NSL/FISA court order is sufficient for legal access to data that the companies already have. If that were all the NSA/FBI/etc wanted, then they already have the tools to get that data.
2) given that, it is imperative upon the people asking for the change to explain why supoenas/NSLs/FISA court orders are insufficient. I haven't heard a single thing about that, *except* in the context of companies like Apple enabling encryption and *not* escrowing the keys. That puts a lie to the idea that this is just about accessing data that the companies already have.
Lastly, please don't make "talk like adults" sideswipes...you're assuming bad faith on the part of your commenters, (me, in this case) which you have no evidence of. This is a very passive-aggressive way of insulting your debate partner. If you'd really like to debate, this is not helpful.
There are multiple problems with your statement. Lets look at them all, shall we:
No. The trigger for this isn't that companies are holding data...it's that users have data, and the NSA wants to force the companies to keep/get access their users data even if the company doesn't want to, so that the NSA can access it also. This is a *very* different proposition. If Apple doesn't want to hold its user's data, why should the NSA force them to just so that the NSA can read it? That seems to be the NSA's problem, not Apple's.
Saying "encryption" does not make the data magical, but it also doesn't entitle the NSA to special treatment. If they can break it, fine. If they can't, there is no valid reason for me to make it easy for them.
Attacking RSA/DSA/AES/etc is the NSA's job. If they can do that, fine. Deliberately weakening an existing system to make it *easier* for them to do those attacks isn't our job, or our problem. If they want to beat their heads against AES, go for it. But that's not a valid reason for country-wide key escrow.
Lastly, on the specialness of America: Do we really believe that the US is the only one who has the "right" to access any backdoor/golden-key/whatever? That's absolute nonsense. If the US forces Apple, Google, MS, etc to build key escrow into their devices so that the NSA can read the data on them, then that key will be used by every government on the earth. If you really believe that the NSA will manage to keep exclusive control of a master key for all encryption for a given major vendor, then I'm going to call you delusional.
There's one problem it won't fix: the Greek debts to EU are not going to shift to the a currency just because Greece does. The debts to the rest of the EU will remain in Euros, and if the Greek "new Drachma" devalues massively compared to the Euro, the relative loan repayments in new Drachma will go up correspondingly.
Greece can't print their way out of the loans. They can print their way to cheaper exports, yes....but the can't print their way out of the loans.
Note to self: get more sleep before commenting....it's losing rotational energy to pushing the moon farther away. Gah.
No, the Earth really is slowing down very, very gradually. The tidal forces from the moon is slowly leeching off rotational energy from the Earch (as heat). See here: http://en.wikipedia.org/wiki/T...
I've often wondered about the possibility of not re-burying the trench: make the trench shallower, cover it with a walkable grate, and just leave it that way. Sure, the grate will get covered by leaves, and the trench will fill with water (have to have a way to drain that), but those seem like minor problems. The cable would be shielded from the vast majority of problems (falling branches, cars hitting poles, squirrels). And since it's just a grate covering, it's just as easy to find problems & service as if they were on a pole. I'm sure I'm missing some reason why this isn't feasible, though...
"Science data" as opposed to "telemetry data". It's a bit of a jargon term, but makes sense to me.
This is true with one big caveat: the kernel still comes from the cromeOS partition, not the linux partition. I learned this the hard way with my chromebook....I could never get it to a 2.6 Kernel (never mind 3.x) because the system had actually booted the kernel from the chromeOS partition, but the rest of linux from my ubuntu partition.
I'm beginning to think that the lack of difference between the party policies isn't that they're the same party...I think the institutional attitudes of various agencies doesn't change with government rotation because most of the employees of the agencies don't change. That can be as good (if the party you disagree with is in power, it's hard for them to gut an agency they don't like), and it can be bad (an out of control agency can almost do whatever the hell they like, since they know they can outwait any mangement they disagree with).
I'm not sure how to solve this one, though...if you clean out the entire upper echelon of an agency at administration rollover, then you risk seriously politicising even the most bland agencies. On the other hand, some of these agencies clearly need an attitude adjustment, and I really do think the attitude problem is endemic to the entire culture of the agency, not just their leadership.
Maybe a max term for any federal employee that they can't work for any one agency for more than 10 years?
Agree. The moon's dust problem alone makes it problematic. I'd argue for L4 or L5 before the moon. There's still some dust at L4 & L5, but the sheer amount of it is much lower, and the gravity well to get there (and leave again) is much lower. It's not as inpsiring to say "we're on L4!", but it's also a first-person-gets-it kinda situation...you can have multiple moon bases, but really only one at L4 or L5.
The difference, which the summary alludes to, but doesn't call out, is that it's very typical for book contracts to contain a clause that reverts all copyrights back to the author after the book falls out of print for some period of time. Music contracts very rarely have that. Music contracts may or may not have covered the right to distribute the works digitally, but the music publishers still have *some* rights to old works, where the book publishers will have none.
It's not quite that simple. The GP post is correct that Cogent has a horrible reputation in the industry. Here's a synopsis of the most common Cogent dispute:
1) User in New York on ISP A requests data from Server in San Francisco on Cogent.
2) ISP A and Cogent interconnect in San Francisco and New York.
3) ISP A wants Cogent to carry the traffic to New York and drop it onto the ISP's network as close a possible to the customer (cold-potato routing), Cogent wants it off their network as soon as possible so they drop it onto the ISP A San Francisco interconnect (hot potato routing).
The question boils down to: which one of them is going to have to build a bigger national backbone to handle the extra traffic from the user in New York? Neither one wants to, and wants to force the other one to do it.
As to why ISPs are not blacklisting Cogent: they are. That's what all these bandwidth problems with Netflix are about: ISPs are playing chicken with Cogent, trying to force Cogent's customers to bully them into upgrading their network. ISPs aren't limiting Netflix: they're refusing to upgrade interconnects with Cogent until Cogent starts using cold-potato routing.
In this case, one of Cogent's customers blinked before Cogent did, and side-stepped the problem.
now? Let's find out:
Piñata
Mötley Crüe
€
Star Trek was "serious scifi"? Since when?
The original series had hot babes in filmy, barely-there outfits and paper-thin allegories about the cold war, but very little science. The next generation had morality plays, and tried (and failed) to do science by changing of the polarization of the deflector dish (or whatever "insert sciency bit here" they did that week). The others I didn't bother to watch (though I hear there's an episode where a character is "evolved" into a lizard and then back again.....really?).
Star Trek has always been terrible at the "serious" sci-fi. It's just terrible at serious scifi in a very different way than Star Wars is.
If you run an ISP and still don't understand that you're not the interesting part of the internet, then you have never understood your place on the 'net. ISPs exist for one reason, and one reason only: to allow people to access content. Period. The "Economic Balance" isn't "tipping towards content companies"...the content companies *are* *the* *things* *your* *customers* *want*. The only thing they want from you is to get to those companies (or each other). You are a conduit, a tube, even. Nothing more.
If your users want the traffic, then the content providers aren't "wasting" it...your customers (who are already paying you for those bits, I should point out) are using what they've paid for. Saying that content providers are wasting bandwidth is basically complaining that your users are actually *using* what you sold them...which is really not a winning argument.
Spam was and still is an enormous economic incentive to replace SMTP....and yet, after a decade of avalanches of spam, we haven't replaced SMTP with something that addresses any of the aspects of SMTP that permit spam to happen. This situation isn't even on the same order of magnitude of economic burden as spam is every single day. So, yes, the current situation *economically* is exactly like it was the last decade: we're paying for the design decisions of SMTP, and will continue to do so until something shinier comes along that people move to. That migration will happen slowly, over years, and SMTP will slowly wither away as the migration happens.
I'm even hearing rumors about replacing SMTP altogether with a more secure protocol.
There have been "rumors" and "proposals" to replace SMTP for almost a decade. It'll never happen. SMTP will die slowly, the same way NNTP is slowly dying. And that will only happen when there's a way to communicate that surpasses it. Web discussion boards basically killed NNTP. I don't think there's anything out there yet to kill SMTP.
Also, encrypting your mail misses the point. Groups like the NSA can still do traffic analysis on the SMTP envelope to know who you're talking with even without reading the contents of the email. The fact that you're in regular communication with a "target" is enough to make you interesting. If the "target" is subject to an full-on investigation (not the browsing that they appear to be doing), then being in regular contact with that target, would be sufficient grounds to apply for (and probably get) a court order to put a keylogger put on your machine.
Expect a lot of wailing and gnashing-of-teeth from the government, proposals to make this or that protocol "illegal" or to require government backdoor access, but in the end it will come down to simple economics.
There won't be much public wailing...they've got the laws they need. Just like what happened with Lavabit, they don't need to ban anything anymore, they'll just show up at any provider & say "give us all of the data you have on person . If you don't have any, start collecting it. Now."
Also, moving data out of the US (to Germany, for example), just means that the NSA has to ask the local spy agency (like the BND in germany) for the information. The Western governmental spy agencies seem to have no problem providing it. In fact, the NSA spying on data overseas would be *less* unconstitutional than what they're doing now....they'd love that.
Face it, the only way forward is something like freenet. The problem is, freenet withered on the vine.
While I find the idea interesting, I'm annoyed at the fact that it's useless without WigWam's cloud service. I've been burned too many times already, so I'm not particularly willing to build a complex home automation setup just to have the whole thing turned to a set of bricks because WigWam got bought by Yahoo (who seem to shut down every startup they buy), or just ran out of money.
criminal:
Until he's charged and convicted, he's not a criminal.
I think both stats could be right: people are buying them, and then wiping them to install something useful. It's not the chromebook that's failing...it's chromeOS that people don't want.
Thirded...installing chrUbuntu takes it from a google-leashed mostly-useless toy into a really reasonable, cheap minilaptop. I'm quite happy with mine...as long as it's running linux, not chromeOS.
That list is just companies that trade in financial information (credit scores, loan companies, etc). Notice that google doesn't show up in that list at all, but google *definitely* has information about me (whether I like it or not). So, your list is woefully incomplete. I suspect the full list of companies that collect personal information doesn't exist. That's kinda my point. Is the tacit expectation of this law that people will have to find out (somehow...) which companies *might* have information on them, and then blanket-mail all of them demanding to see their info? That isn't as big a step forward as one might think.
Interesting side problem: how do you know which corporations have data about you? The big companies like Google are known, but there's alot of other data brokers around...how can I demand data from a company I don't know about?