I have sent emails to my senators (I am a US citizen), expressing my anger not at the contents of the treaty, but at the fact that the treaty was negotiated in secret and labeled a national security concern by the Obama administration (and thus, I really cannot say much about the treaty itself). Whether my email will matter to my senator is another story though; my senators are both Democrats, and receive a lot of attention from the copyright lobby.
"I could handle blocking wi-fi in lecture theatres."
That is exactly what came to mind when I saw this article: the problem is not the laptops, it is that fact that they are constantly connected to the Internet. Just request that WiFi be disabled in the lecture halls, and suddenly laptops are not a distraction, but a note-taking tool with the potential to do a lot more than pen and paper could.
Yes, a determined student could find a way around this, but if students are determined to not pay attention, the problem is much deeper than laptops...
Do not get your hopes up. I just see 663 politicians who are about to get visits from copyright lobbyists, it remains to be seen how easily these people can be bought.
So, they made a single error (not releasing Solaris under the GPL 10 years earlier) and wound up losing one battle because of it. They did not lose the Java battle (although if Oracle does not pull it together, Java may yet be crushed by.NET) and they did not lose the OpenOffice.org/StarOffice battle (they do not have Microsoft's market share, but adoption of OpenOffice.org is certainly growing), and those two are probably much more important than Solaris, in the long run; had Sun realized this sooner, perhaps they would not have been taken over.
Forms...like, oh, Slashdot? I am using an HTML4 form right now to post. No Javascript needed, friend.
As for Flash, well, perhaps I just do not immerse myself deeply enough in the world of Flash provided content. I really do not watch Youtube or Hulu or any of the other dozens of "rich" websites...
If Ars cannot make its payroll without intrusive ads, then Ars needs to go out of business. To be honest, their articles are not really worth paying for (at least not for me), so it would seem that basic economics should kick in...
Which sites are ruined by not having javascript enabled? Which sites are ruined by not having Flash installed? Certainly not Ars, which I browse without either. Slashdot seems fine. I guess I am missing out on the major new developments on the web or something like that...
"While personally I don't like facebook, I have lots of friends on it so I do use it."
You know, it is not that hard to stay off Facebook, even if your friends are on it. I would guess that all of my friends are on Facebook, but the fact that I am not has not caused any major problems...
"This is usually the same thing on discussions about piracy too - there's always someone pointing out that "duplicating" that content to sell it to you doesn't cost anything."
Which is true? In modern times, it costs nothing to make a copy -- that is why so many people are doing it from the comfort of their homes. We have moved past the age of requiring industrial equipment just to duplicate a song or a book, and you seem to be angry about that.
"That may not cost much, but it's creating it that does and those costs are got back from selling it to people."
First of all, many people produce creative works without turning a profit on it -- friends in a band, as an example -- so what is your point, exactly? That they should be turning a profit? That they should not be creating art if there is no money in it?
That being said, the answer to the issue of recouping the cost of production is not attacking modern technology, it is finding a new way to make money on creativity or moving to a completely different model of paying for creative works. It is not acceptable to create a system in which duplicating something is a crime, just because the publishing/recording/etc. industries fear the loss of their business, which is what this is really about.
Seriously, why do people keep attacking modern technology, just because it is a game changer? Yes, the reality is that computers have changed the nature of distributing creative works, and instead of embracing this new age of instant and unfettered available, people like you are attacking it and claiming that there is an inherent problem with mass availability. The incredible thing about it is that the copyright lobby (RIAA/MPAA/BSA/etc.) has been caught in lie after lie, and yet nobody questions their assertions, even when those assertions could not possibly be true (do you really think that recording companies are losing billions of dollars a year because of file sharing? Billions of dollars a year for over a decade, yet still throwing lavish A-list parties and somehow not going bankrupt?). Seriously, why defend such people?
As always, the problem is that the overwhelming majority of people do not think about anything. Nobody stops to think about the other registries we have, or the fact that we are publicly shaming people for less and less serious crimes, or the fact that people who are released from prison are supposed to have the right to put the past behind them.
This is not a system that can last forever, but it is going to get a hell of a lot worse before it falls apart.
This is a side channel attack, not an attack on the mathematics. AES, which is often used for encryption in SSL (the public key crypto is only used to establish a shared secret for symmetric ciphers like AES), is also vulnerable to side channel attacks, and there is a large body of published literature on that. 3DES, which is also commonly used, is vulnerable to fault injection attacks too. There is nothing scary about any of this -- side channels attacks are just a fact of life, and for high security installations, measures are taken to protect against them.
This is just a fault injection attack. People have been doing similar things to block ciphers for years, it is not a mathematical weakness, just a side channel attack, and an active one at that. Cool that they did it against RSA, but not really headline news...
I own property -- the real, physical kind -- as well as stock; I would say I have a lot to lose. Yet, I still say that downloading music is a good thing, the moral equivalent of listening to the radio, and that the RIAA needs to stop attacking the general public and abusing our legal system. Maybe I am just weird, but really, property owners can still advocate decency...
People do not care about the approval process until it bites them in the rear; for example, when Apple refuses to approve Google voice for the iPhone. Suddenly, people who never cared about the issue were up in arms.
Granted, I am not talking about the standard, apathetic, "this is cool so I want it" crowd...
You missed the most important thing: a netbook will run any application I want it to run. I do not need someone's permission to run the programs I want to run. No app stores, no being denied software, no being treated like an imbecile.
I could not agree more, but what bothers me the most is the absolute apathy most people seem to have. Most people are not just unaware of what is happening, but they do not care at all even after they are told -- and that is when they bother to listen at all. People just do not care about these issues, so long as they can see the latest celebrity scandal or play with some new high tech toys.
You know, this was all way before my time, but back then, security was not a common concern on university computers. People working in a lab trusted each other; thus, those who used Unix (or a similar system) would leave their home directories world readable, and as another example, ITS had the ability to observe another user's keystrokes. Things changed in the 1980s as more students got computer access and as proprietary software became the norm.
There are still echoes of the trust that existed back then. For example, where I am now, anyone in the CS department can remotely access any computer system located in the department, and the permissions on home directories are 755 by default. The only firewall is on the gateway between the department the general campus network, but port 22 is open for any system so you can always ssh through the firewall. We are given root upon request on our assigned desktops. There are plenty of ways that I could subvert others in the department, I could even bring the entire department to its knees by running a simple fork bomb on every system we have, but I do not do any of that because I am not here to attack people or make their lives difficult.
Any particular recommendations? I read a lot of conference and journal papers, and I obtain virtually all of them online; it would be nice not to have stacks and stacks of papers on my desk.
Google's IMAP implementation is horrible, to the point of only barely being usable. I get frequent IMAP errors regarding folders not being found, even when the folders are being reported by the server -- and I am not the only one. Google has been aware of these problems for years now and done absolutely nothing about it.
Of course, my main objective to universities switching to Google has nothing to do with functionality. GMail is proprietary software, and universities should not be locking themselves into solutions provided by specific corporations. Hey, maybe I am just too much of a free software guy, but if nobody voices the concern...
Except, of course, that there are dozens of institutions that now rely on Google for email, and some even for office applications. Yes, if Google failed, there would be alternatives, but that is a much more complicated process for a large organization than for an individual (if you have seen how much effort it takes to transition to Google, not even counting the red tape, you know what I am talking about).
Yes, in the industry, people know all of your points, and this is what they know about them:
Red Hat's prices are cheap. Really, really cheap. This is why Red Hat has such impressive results during recessions; take a look at their earnings over the past 18 months if you are interested.
GNU, Linux, Apache, BIND, and dozens of other systems are well established and have been around for a very long time.
Which is why people like me speak of free as in free speech, not free beer. Red Hat's model of selling RHEL along with selling support contracts is perfectly fine, and companies are saving money with it. Likewise with Novell SLES and Mandriva.
The lifecycle of RHEL is well documented, guaranteed, and when RHEL reaches EOL, Red Hat will upgrade your systems to a more recent version as part of your support contract.
Only niche markets lack in libre software, and while those cases are unfortunate, they are a fact of life. In many of those cases, the vendor has released a binary for a libre operating system, because it is so common for their customers to be running one.
So in the end, the "hidden costs" really do not exist. Sure, I am just some random grad student, but perhaps you can ask the dozens of Fortune 500 companies that rely on Linux and Apache in their server rooms what sort of hidden costs they are encountering and why they are sticking with libre software under the conditions you described.
However, once the internal wiring of the chip is known, this attack will become much easier and require a lot less skill to pull off. Really, once people start to get experience pulling it off, it may come to the point where the time it takes to successfully perform the attack is small enough that the fact that the device is missing may go unnoticed until it is too late (and thus, authentication credentials may be compromised). I see organized crime rings pulling this off, particularly on systems belonging to banks or credit card companies.
I have sent emails to my senators (I am a US citizen), expressing my anger not at the contents of the treaty, but at the fact that the treaty was negotiated in secret and labeled a national security concern by the Obama administration (and thus, I really cannot say much about the treaty itself). Whether my email will matter to my senator is another story though; my senators are both Democrats, and receive a lot of attention from the copyright lobby.
"I could handle blocking wi-fi in lecture theatres."
That is exactly what came to mind when I saw this article: the problem is not the laptops, it is that fact that they are constantly connected to the Internet. Just request that WiFi be disabled in the lecture halls, and suddenly laptops are not a distraction, but a note-taking tool with the potential to do a lot more than pen and paper could.
Yes, a determined student could find a way around this, but if students are determined to not pay attention, the problem is much deeper than laptops...
Do not get your hopes up. I just see 663 politicians who are about to get visits from copyright lobbyists, it remains to be seen how easily these people can be bought.
So, they made a single error (not releasing Solaris under the GPL 10 years earlier) and wound up losing one battle because of it. They did not lose the Java battle (although if Oracle does not pull it together, Java may yet be crushed by .NET) and they did not lose the OpenOffice.org/StarOffice battle (they do not have Microsoft's market share, but adoption of OpenOffice.org is certainly growing), and those two are probably much more important than Solaris, in the long run; had Sun realized this sooner, perhaps they would not have been taken over.
That is in HTTP, it is called Digest Authentication. The real issue is that Facebook does not use it.
Forms...like, oh, Slashdot? I am using an HTML4 form right now to post. No Javascript needed, friend.
As for Flash, well, perhaps I just do not immerse myself deeply enough in the world of Flash provided content. I really do not watch Youtube or Hulu or any of the other dozens of "rich" websites...
If Ars cannot make its payroll without intrusive ads, then Ars needs to go out of business. To be honest, their articles are not really worth paying for (at least not for me), so it would seem that basic economics should kick in...
Which sites are ruined by not having javascript enabled? Which sites are ruined by not having Flash installed? Certainly not Ars, which I browse without either. Slashdot seems fine. I guess I am missing out on the major new developments on the web or something like that...
"While personally I don't like facebook, I have lots of friends on it so I do use it."
You know, it is not that hard to stay off Facebook, even if your friends are on it. I would guess that all of my friends are on Facebook, but the fact that I am not has not caused any major problems...
"This is usually the same thing on discussions about piracy too - there's always someone pointing out that "duplicating" that content to sell it to you doesn't cost anything."
Which is true? In modern times, it costs nothing to make a copy -- that is why so many people are doing it from the comfort of their homes. We have moved past the age of requiring industrial equipment just to duplicate a song or a book, and you seem to be angry about that.
"That may not cost much, but it's creating it that does and those costs are got back from selling it to people."
First of all, many people produce creative works without turning a profit on it -- friends in a band, as an example -- so what is your point, exactly? That they should be turning a profit? That they should not be creating art if there is no money in it?
That being said, the answer to the issue of recouping the cost of production is not attacking modern technology, it is finding a new way to make money on creativity or moving to a completely different model of paying for creative works. It is not acceptable to create a system in which duplicating something is a crime, just because the publishing/recording/etc. industries fear the loss of their business, which is what this is really about.
Seriously, why do people keep attacking modern technology, just because it is a game changer? Yes, the reality is that computers have changed the nature of distributing creative works, and instead of embracing this new age of instant and unfettered available, people like you are attacking it and claiming that there is an inherent problem with mass availability. The incredible thing about it is that the copyright lobby (RIAA/MPAA/BSA/etc.) has been caught in lie after lie, and yet nobody questions their assertions, even when those assertions could not possibly be true (do you really think that recording companies are losing billions of dollars a year because of file sharing? Billions of dollars a year for over a decade, yet still throwing lavish A-list parties and somehow not going bankrupt?). Seriously, why defend such people?
As always, the problem is that the overwhelming majority of people do not think about anything. Nobody stops to think about the other registries we have, or the fact that we are publicly shaming people for less and less serious crimes, or the fact that people who are released from prison are supposed to have the right to put the past behind them.
This is not a system that can last forever, but it is going to get a hell of a lot worse before it falls apart.
This is a side channel attack, not an attack on the mathematics. AES, which is often used for encryption in SSL (the public key crypto is only used to establish a shared secret for symmetric ciphers like AES), is also vulnerable to side channel attacks, and there is a large body of published literature on that. 3DES, which is also commonly used, is vulnerable to fault injection attacks too. There is nothing scary about any of this -- side channels attacks are just a fact of life, and for high security installations, measures are taken to protect against them.
This is just a fault injection attack. People have been doing similar things to block ciphers for years, it is not a mathematical weakness, just a side channel attack, and an active one at that. Cool that they did it against RSA, but not really headline news...
I own property -- the real, physical kind -- as well as stock; I would say I have a lot to lose. Yet, I still say that downloading music is a good thing, the moral equivalent of listening to the radio, and that the RIAA needs to stop attacking the general public and abusing our legal system. Maybe I am just weird, but really, property owners can still advocate decency...
People do not care about the approval process until it bites them in the rear; for example, when Apple refuses to approve Google voice for the iPhone. Suddenly, people who never cared about the issue were up in arms.
Granted, I am not talking about the standard, apathetic, "this is cool so I want it" crowd...
Yes, because we assumed it would be a useful machine -- USB ports, disc space, webcam...
You missed the most important thing: a netbook will run any application I want it to run. I do not need someone's permission to run the programs I want to run. No app stores, no being denied software, no being treated like an imbecile.
I could not agree more, but what bothers me the most is the absolute apathy most people seem to have. Most people are not just unaware of what is happening, but they do not care at all even after they are told -- and that is when they bother to listen at all. People just do not care about these issues, so long as they can see the latest celebrity scandal or play with some new high tech toys.
You know, this was all way before my time, but back then, security was not a common concern on university computers. People working in a lab trusted each other; thus, those who used Unix (or a similar system) would leave their home directories world readable, and as another example, ITS had the ability to observe another user's keystrokes. Things changed in the 1980s as more students got computer access and as proprietary software became the norm.
There are still echoes of the trust that existed back then. For example, where I am now, anyone in the CS department can remotely access any computer system located in the department, and the permissions on home directories are 755 by default. The only firewall is on the gateway between the department the general campus network, but port 22 is open for any system so you can always ssh through the firewall. We are given root upon request on our assigned desktops. There are plenty of ways that I could subvert others in the department, I could even bring the entire department to its knees by running a simple fork bomb on every system we have, but I do not do any of that because I am not here to attack people or make their lives difficult.
Any particular recommendations? I read a lot of conference and journal papers, and I obtain virtually all of them online; it would be nice not to have stacks and stacks of papers on my desk.
Personally, I would have said my deskjet printer. Reading on a computer is a serious strain on the eyes.
Google's IMAP implementation is horrible, to the point of only barely being usable. I get frequent IMAP errors regarding folders not being found, even when the folders are being reported by the server -- and I am not the only one. Google has been aware of these problems for years now and done absolutely nothing about it.
Of course, my main objective to universities switching to Google has nothing to do with functionality. GMail is proprietary software, and universities should not be locking themselves into solutions provided by specific corporations. Hey, maybe I am just too much of a free software guy, but if nobody voices the concern...
Except, of course, that there are dozens of institutions that now rely on Google for email, and some even for office applications. Yes, if Google failed, there would be alternatives, but that is a much more complicated process for a large organization than for an individual (if you have seen how much effort it takes to transition to Google, not even counting the red tape, you know what I am talking about).
So in the end, the "hidden costs" really do not exist. Sure, I am just some random grad student, but perhaps you can ask the dozens of Fortune 500 companies that rely on Linux and Apache in their server rooms what sort of hidden costs they are encountering and why they are sticking with libre software under the conditions you described.
However, once the internal wiring of the chip is known, this attack will become much easier and require a lot less skill to pull off. Really, once people start to get experience pulling it off, it may come to the point where the time it takes to successfully perform the attack is small enough that the fact that the device is missing may go unnoticed until it is too late (and thus, authentication credentials may be compromised). I see organized crime rings pulling this off, particularly on systems belonging to banks or credit card companies.