Well, as the article points out, what's interesting is the change of tone. While he was a Microsoftie, he was downplaying the impact of viruses & worms.
Now that he's in the government, these things are apparently more important.
The change of perspective and its timing is....interesting.
good, cheap, fast. Pick two. Seriously, rugged, cheap and accessible (presuming he means easy to use) are about the only things in this section that are actually design requirements. The "genuinely trustable" we'll look at below in the "open specifications" comment. "Well-designed" and "sexy" are not design specifications, as much as marketing pre-planning.
2) "a primarily political and social computer"
ummm....right. This isn't a design spec, it's...well....pointless, actually. We'll ignore it.
3) No corporate or national logos.
Okay. This is a valid design requirement, but probably an impossible one.
4) "The software and communications protocols in this device should be transparent. Honest. Aboveboard. Public. Public-spirited. Fair. Inclusive. Multi-culti. Legitimate. This Is What Democracy Looks Like. All that stuff that computer hardware and software never, ever is"
Right. The IEEE and the IETF are secretly planning to take over the world. Just you wait. and don't get me started on JEDEC. They never take input from the community. This is a design spec, but an insane one.
There's no way. You would, in effect, have to re-design every part of the computer to manage this. This includes a different card spec (PCI and AGP are apparently not multi-culti enough), a different CPU (they display corporate logos, after all), different BIOS (corporate logos again), etc. You would have re-design the entire computer, ignoring all existing specs. This is crazy.
Nah...if it can handle DefCon for 10 years, Vegas can handle a couple of terrorists in the sewers.
Re:Well, part of the reason...
on
Blogspace vs. NPR
·
· Score: 4, Informative
Actually (I used to work for NPR, too), not all that much of their funding comes from the gov't. The majority of their money comes from contributions and the "funded-by" bites. The gov't still contributes a noticable chunk, but it's about 10-20%, IIRC, not the majority.
Of course, I worked at the central office in DC...I don't know what the funding situation was like for individual stations.
Seriously, as cynical as it sounds, this happens every day in security marketing. I've had sales reps look me in the eye and straight-out lie about their products. When caught, they'll back off frantically, or try to talk their way out of it, but never admit that they lied.
The main problem these days is that security software sales are driven not by business decisions, but by fear. Fear of virii, 3v1l h4ck3rz, etc. Once you're buying something out of fear, it's really easy for the sales folks to play off that to make their product sound like it's the ultimate safety blanket.
I hate it. Not just because it's unethical, but also because it makes my job of evaluating products much harder. I can't even trust the feature lists in deciding which products to evaluate, since some of those are full of lies & vaporware. I keep wanting to explain the Tragedy of the Commons to the sales folks that try this c*$p, but they're always too stupid to understand it.
I don't see why government-developed code should be GPL'd. I'd rather see it BSD'd, honestly. The government should not be in the business of setting restrictions on how people distribute or license code. They should be encouraging everyone to use the code they develop. That means they should BSD license everything.
The GPL's great, don't get me wrong, but I don't think it's appropriate for government research. That research should be totally free (beer *and* speech), not copylefted.
There is a concept called the "Right of First Sale", which says that once someone has been sold a physical object (like a book), the seller can't tell them what to do with it. It's theirs to do with as they please.
Now, that does not give them the right to use the product to break other laws (xeroxing the book, scanning it in & posting the results to the net, etc), but if they want to use the book to wallpaper their house, there's nothing the seller can do to stop it.
This gets more complicated when you have to have a license to use what's on the physical thing (like software on a CD), but the First Sale principle is pretty well established in the US.
Why should you care? Because it means that there's no way in hell that used book sales are ever going to be shut down...they're protected by the Right of First Sale. The trading of MP3s is not protected by this, so you can expect a legal fight there.
It's possible to pre-emptively sue (at least in the US, which is where this is all occurring) to ask the courts decide if your actions are legal or not. The idea is to prevent the "chilling effect" of not knowing and being subject to the threat of a lawsuit based on actions that may in fact be legal.
If the courts don't think you have a case, or they think that there's no chilling effect occurring, they'll throw out your suit. If there is legitimate question as to the legality, and legitimate value in deciding early, they'll hear it.
Felten and the EFF tried this a while ago against the DMCA, but the courts dismissed it.
I would modify that statement slightly: people generally ignore laws that they don't like or understand.
People don't generally ignore the laws against murder, for example. Most people agree that outlawing killing people is a good thing, and they understand why, so folks obey that law. Very few people understand why they must drive $value MPH/KPH, so they usually don't, unless there's a danger that they'll be caught.
Okay, who else read the Washington Post article about the "criminal database" and thought "oooh...fun place to insert records...of, say....John Ashcroft..."
Of course, I'm not advocating that...that would be illegal....
Yeah, but they'll do that to folks that have their modems, too...so this saves them nothing.
The only reason I can think of is that *possibly* (and I'm really guessing here) they're trying to keep the older DOCSIS modems (that can be easily uncapped) off their network. Dunno, but it would make more sense than anything else I've heard.
Yes, but the patch doesn't actually *do* what it claims. Therein lies the problem. There has been a steady stream of messages to various security lists today about how this patch does not actually fix many of the issues that it claims to fix, and breaks other stuff in the process. see http://jscript.dk/unpatched/ for the present list of unpatched IE problems, and some commentary on this patch.
I think we misunderstand each other. I acknowledge that they're difficult to duplicate. That's not what I'm worried about. What I'm worried about is how you can deal with duplication.
Duplication/compromise of the system *will* happen, if the reward is high enough. The question becomes, what do you do then? For traditional card systems, you revoke the card. You can't do that with biometrics, which is a concern for any system of this sort.
Unfortunately, this weakens the "uniqueness" of the biometric. Whether it weakens it enough to make it pointless obviously depends on how you take the hash.
Also, if you're only taking the hash, that makes the system easier to spoof, since an attacker doesn't care about the whole print, just its values at certain points.
If a credit card database is compromised, you lose integrity of the card. This means someone else can use the card to impersonate you. But it's a number. You don't really care, since you can get another number and revoke the compromised one.
On the other hand, if a biometric database is compromised, you lose the integrity of a part of your body. This means someone can now use tricks like the gelatin one outlined here to impersonate you. But you can't get another body. You can't revoke the compromised data.
In general, biometrics are more accurate for authentication, but their failure modes are much more severe.
Yeah, that's great...until one of the canisters starts leaking. Then you've just irradiated the entire ocean. Let's not do that one.
b) To the centre of the earth
see a), only with the water table and the mantle. Also, how the heck are you supposed to get it to the centre of the earth? We can barely dig a couple kilometers down with present tech.
c) tops of sheer faced mountains
Ummm...planes/helicoptors? If they're anywhere near our technology level in the future, this won't do.
d) North/South poles
The North Pole is basically water...see a). The South Pole is better, but still faces the ocean problem (the ice does flow off the south pole & into the ocean eventually).
e) Space
See other comments about safely getting it up there without the occasional "problem" dumping irradiated waste into the atmosphere.
That may come across as annoying or foolish, but it's probably also true....just badly worded. The kids are not the ones that will have trouble learing the new technology.
That phrase should be read "No one is worried about the kids [they'll adapt quickly]."
Sure, I would....but I'm just dying with curiousity to see if I can replace the files/ads they send me with my own versions, so I'm probably not the type of person they want "volunteering."
The real problem here is that record companies are more than just distribution chains. They're also advertising agencies. They're good at making folks want to buy the stuff they're selling (and at going the other way: making what they're selling what folks want to buy...cf Nirvana).
It's the advertising element that makes artists famous. That's also a part of why they sign up. (No fame == no sales. No sales == no money. Plenty of folks are presently distributing music for free online....but you never hear about them since they don't have the advertising budget of the major labels.
Personally, I'd love to see a label split into two parts: a distribution channel and an advertising agency. But it'll never happen. The distribution chain only works because the advertising makes the demand. If there wasn't the advertising-created demand, the distribution chains would be worthless.
Wrong. Fair use is not protected in any laws. It originated as a judicial precedent in rulings on copyright. That precedent was used to justify the Audio Home Recording Act (which legalized mix tapes, basically), but there is still no one law that protects (or even defines) fair use.
That one fact alone justifies this bill. Getting a concept of fair use into law would be a *very* good thing.
I did this (put flourescent lamps in a few rooms), and after a few years of experience, I have one main observation:
The light from flourescent lamps sucks.
What's ended up happening is that I use the lamps with "normal" bulbs more than the flourescent ones, because the light just annoys me less. I understand that the fluorescent ones are more efficient. That's why I bought the lamps in the first place. The light that they emit, though, is harsh, cold, brittle and annoying. So I find myself avoiding them.
Given that the electricity difference in my monthly bill in negligable, I choose comfort. Until that equation changes, I don't think fluorescent bulbs are going anywhere.
Okay, you want something constructive they can do to look like they're taking action...I'll tell you what I think they should do...but they're not going to like it, since it's not new law:
Spend money on enforcement.
It's that simple. Software and media piracy is already illegal, we just can't/don't enforce the law. Making more law that we don't enforce (or selectively enforce, which is worse) is pointless.
Unfortunately, you have a bit of a chicken & egg problem:
People won't use Linux unless they hear about it being used successfully elsewhere, and that other folks are happy with it. To get that sort of word out, you have to trumpet the successes. This alerts your competitors, and they try to undercut you.
Yeah, it sucks...but, if you want Linux to come out from the "niche" market, it's going to have to go toe-to-toe w/the Beast for sales eventually. There's really no avoiding it.
Slashdot Mirror
Well, as the article points out, what's interesting is the change of tone. While he was a Microsoftie, he was downplaying the impact of viruses & worms.
Now that he's in the government, these things are apparently more important.
The change of perspective and its timing is....interesting.
Okay, so what exactly are the specs of this platform he's asking for?
1) "genuinely trustable, cheap, well-designed, rugged, sexy, accessible."
good, cheap, fast. Pick two. Seriously, rugged, cheap and accessible (presuming he means easy to use) are about the only things in this section that are actually design requirements. The "genuinely trustable" we'll look at below in the "open specifications" comment. "Well-designed" and "sexy" are not design specifications, as much as marketing pre-planning.
2) "a primarily political and social computer"
ummm....right. This isn't a design spec, it's...well....pointless, actually. We'll ignore it.
3) No corporate or national logos.
Okay. This is a valid design requirement, but probably an impossible one.
4) "The software and communications protocols in this device should be transparent. Honest. Aboveboard. Public. Public-spirited. Fair. Inclusive. Multi-culti. Legitimate. This Is What Democracy Looks Like. All that stuff that computer hardware and software never, ever is"
Right. The IEEE and the IETF are secretly planning to take over the world. Just you wait. and don't get me started on JEDEC. They never take input from the community. This is a design spec, but an insane one.
There's no way. You would, in effect, have to re-design every part of the computer to manage this. This includes a different card spec (PCI and AGP are apparently not multi-culti enough), a different CPU (they display corporate logos, after all), different BIOS (corporate logos again), etc. You would have re-design the entire computer, ignoring all existing specs. This is crazy.
Nah...if it can handle DefCon for 10 years, Vegas can handle a couple of terrorists in the sewers.
Actually (I used to work for NPR, too), not all that much of their funding comes from the gov't. The majority of their money comes from contributions and the "funded-by" bites. The gov't still contributes a noticable chunk, but it's about 10-20%, IIRC, not the majority.
Of course, I worked at the central office in DC...I don't know what the funding situation was like for individual stations.
Seriously, as cynical as it sounds, this happens every day in security marketing. I've had sales reps look me in the eye and straight-out lie about their products. When caught, they'll back off frantically, or try to talk their way out of it, but never admit that they lied.
The main problem these days is that security software sales are driven not by business decisions, but by fear. Fear of virii, 3v1l h4ck3rz, etc. Once you're buying something out of fear, it's really easy for the sales folks to play off that to make their product sound like it's the ultimate safety blanket.
I hate it. Not just because it's unethical, but also because it makes my job of evaluating products much harder. I can't even trust the feature lists in deciding which products to evaluate, since some of those are full of lies & vaporware. I keep wanting to explain the Tragedy of the Commons to the sales folks that try this c*$p, but they're always too stupid to understand it.
sigh.
I don't see why government-developed code should be GPL'd. I'd rather see it BSD'd, honestly. The government should not be in the business of setting restrictions on how people distribute or license code. They should be encouraging everyone to use the code they develop. That means they should BSD license everything.
The GPL's great, don't get me wrong, but I don't think it's appropriate for government research. That research should be totally free (beer *and* speech), not copylefted.
There is a concept called the "Right of First Sale", which says that once someone has been sold a physical object (like a book), the seller can't tell them what to do with it. It's theirs to do with as they please.
Now, that does not give them the right to use the product to break other laws (xeroxing the book, scanning it in & posting the results to the net, etc), but if they want to use the book to wallpaper their house, there's nothing the seller can do to stop it.
This gets more complicated when you have to have a license to use what's on the physical thing (like software on a CD), but the First Sale principle is pretty well established in the US.
Why should you care? Because it means that there's no way in hell that used book sales are ever going to be shut down...they're protected by the Right of First Sale. The trading of MP3s is not protected by this, so you can expect a legal fight there.
It's possible to pre-emptively sue (at least in the US, which is where this is all occurring) to ask the courts decide if your actions are legal or not. The idea is to prevent the "chilling effect" of not knowing and being subject to the threat of a lawsuit based on actions that may in fact be legal.
If the courts don't think you have a case, or they think that there's no chilling effect occurring, they'll throw out your suit. If there is legitimate question as to the legality, and legitimate value in deciding early, they'll hear it.
Felten and the EFF tried this a while ago against the DMCA, but the courts dismissed it.
People don't generally ignore the laws against murder, for example. Most people agree that outlawing killing people is a good thing, and they understand why, so folks obey that law. Very few people understand why they must drive $value MPH/KPH, so they usually don't, unless there's a danger that they'll be caught.
Okay, who else read the Washington Post article about the "criminal database" and thought "oooh...fun place to insert records...of, say....John Ashcroft..."
Of course, I'm not advocating that...that would be illegal....
Yeah, but they'll do that to folks that have their modems, too...so this saves them nothing.
The only reason I can think of is that *possibly* (and I'm really guessing here) they're trying to keep the older DOCSIS modems (that can be easily uncapped) off their network. Dunno, but it would make more sense than anything else I've heard.
Because no one cares.
Yes, but the patch doesn't actually *do* what it claims. Therein lies the problem. There has been a steady stream of messages to various security lists today about how this patch does not actually fix many of the issues that it claims to fix, and breaks other stuff in the process. see http://jscript.dk/unpatched/ for the present list of unpatched IE problems, and some commentary on this patch.
I think we misunderstand each other. I acknowledge that they're difficult to duplicate. That's not what I'm worried about. What I'm worried about is how you can deal with duplication.
Duplication/compromise of the system *will* happen, if the reward is high enough. The question becomes, what do you do then? For traditional card systems, you revoke the card. You can't do that with biometrics, which is a concern for any system of this sort.
Unfortunately, this weakens the "uniqueness" of the biometric. Whether it weakens it enough to make it pointless obviously depends on how you take the hash.
Also, if you're only taking the hash, that makes the system easier to spoof, since an attacker doesn't care about the whole print, just its values at certain points.
If a credit card database is compromised, you lose integrity of the card. This means someone else can use the card to impersonate you. But it's a number. You don't really care, since you can get another number and revoke the compromised one.
On the other hand, if a biometric database is compromised, you lose the integrity of a part of your body. This means someone can now use tricks like the gelatin one outlined here to impersonate you. But you can't get another body. You can't revoke the compromised data.
In general, biometrics are more accurate for authentication, but their failure modes are much more severe.
Let see...
a) Deep under the ocean
Yeah, that's great...until one of the canisters starts leaking. Then you've just irradiated the entire ocean. Let's not do that one.
b) To the centre of the earth
see a), only with the water table and the mantle. Also, how the heck are you supposed to get it to the centre of the earth? We can barely dig a couple kilometers down with present tech.
c) tops of sheer faced mountains
Ummm...planes/helicoptors? If they're anywhere near our technology level in the future, this won't do.
d) North/South poles
The North Pole is basically water...see a). The South Pole is better, but still faces the ocean problem (the ice does flow off the south pole & into the ocean eventually).
e) Space
See other comments about safely getting it up there without the occasional "problem" dumping irradiated waste into the atmosphere.
Keep trying...
That may come across as annoying or foolish, but it's probably also true....just badly worded. The kids are not the ones that will have trouble learing the new technology.
That phrase should be read "No one is worried about the kids [they'll adapt quickly]."
Sure, I would....but I'm just dying with curiousity to see if I can replace the files/ads they send me with my own versions, so I'm probably not the type of person they want "volunteering."
The real problem here is that record companies are more than just distribution chains. They're also advertising agencies. They're good at making folks want to buy the stuff they're selling (and at going the other way: making what they're selling what folks want to buy...cf Nirvana).
It's the advertising element that makes artists famous. That's also a part of why they sign up. (No fame == no sales. No sales == no money. Plenty of folks are presently distributing music for free online....but you never hear about them since they don't have the advertising budget of the major labels.
Personally, I'd love to see a label split into two parts: a distribution channel and an advertising agency. But it'll never happen. The distribution chain only works because the advertising makes the demand. If there wasn't the advertising-created demand, the distribution chains would be worthless.
Wrong. Fair use is not protected in any laws. It originated as a judicial precedent in rulings on copyright. That precedent was used to justify the Audio Home Recording Act (which legalized mix tapes, basically), but there is still no one law that protects (or even defines) fair use.
That one fact alone justifies this bill. Getting a concept of fair use into law would be a *very* good thing.
I did this (put flourescent lamps in a few rooms), and after a few years of experience, I have one main observation:
The light from flourescent lamps sucks.
What's ended up happening is that I use the lamps with "normal" bulbs more than the flourescent ones, because the light just annoys me less. I understand that the fluorescent ones are more efficient. That's why I bought the lamps in the first place. The light that they emit, though, is harsh, cold, brittle and annoying. So I find myself avoiding them.
Given that the electricity difference in my monthly bill in negligable, I choose comfort. Until that equation changes, I don't think fluorescent bulbs are going anywhere.
Okay, you want something constructive they can do to look like they're taking action...I'll tell you what I think they should do...but they're not going to like it, since it's not new law:
Spend money on enforcement.
It's that simple. Software and media piracy is already illegal, we just can't/don't enforce the law. Making more law that we don't enforce (or selectively enforce, which is worse) is pointless.
Unfortunately, you have a bit of a chicken & egg problem:
People won't use Linux unless they hear about it being used successfully elsewhere, and that other folks are happy with it. To get that sort of word out, you have to trumpet the successes. This alerts your competitors, and they try to undercut you.
Yeah, it sucks...but, if you want Linux to come out from the "niche" market, it's going to have to go toe-to-toe w/the Beast for sales eventually. There's really no avoiding it.
And being able to fly/see through walls/regenerate/etc keeps me from being loved and loving exactly how?
Sure, the real world is much richer than the comic book one...flying would still be cool, though.