This is so horribly bad for Microsoft that I have trouble believing that they would do this.
Blocking certain downloads or sections of their website makes much more sense--after all, hard to blame them for preventing pirates from using up their bandwidth.
But turning off the OS, especially when there is chance for error is pretty dangerous. Imagine the bad press from accidentally turning off a competitor's OS--even if it is a mistake, people will assume the worse and they'll face lawsuits. Even worse, imagine if they shut off something critical to infrastructure or at a hospital.
IMHO, they will never do this because the results will damage Microsoft possibly beyond repair.
Snake-oil-ng: Standards compliant but worthless encryption.
Used by founder of Innersafe Corporation to warn others about the new generation of snake-oil encryption products using AES-256 in a way that make their security practically worthless.
Snake-oil-ng can truthfully claim to be standards-compliant with AES-256, while providing less security than "snake-oil" using junk proprietary encryption. In one of many examples, allowing millions of passwords to be guessed per second while limiting the range of potential passwords--the generated key is still 256 bits so it can provide the illusion of security. Other examples include repeatedly generating the same IV and key when given the same password.
Snake-oil-ng is replacing snake-oil because of easy-to-use crypto libraries that provide AES. And possibly making it easier for governments to give out export licenses to create the illusion that export/import controls have been relaxed. For example, most people have no clue that in the U.S. certain cryptographic software sold to people outside U.S. and Canada require the names and addresses of every customer to be filed semi-annually with the U.S. Bureau of Industry and Security--making most retail products use less effective security.
>> The problem is that you are using physical characteristic profiling
I'm confused by your response yet again...what physical characteristics do republicans, libertarians, NRA members, and veterans share?
Are you responding to specific words and phrases you choose to pick out from the original post or actually considering the main points before responding?
Never mind, I'll just move on to conversations that stick to the point.
I'm not sure how your reply relates to my original post.
Perhaps I did not make my points clear or you did not understand them. Or maybe a little of both.
I carefully read your reply twice, asked myself how it rationally relates to the points I raised, and see a huge disconnect--like two separate conversations that have a couple of phrases or words in common to create the illusion of relevance but the main points raised are unrelated.
If profiling has to be done, then the rules should be established upfront so that no single race or religion can get a free pass--that is, if safety is really a priority.
I seriously doubt Western Union has, or will deny money transfers to recipients who fit this profile of a famous terrorist:
American citizen, White, short-haired, male, Irish-American, Catholic, who had been Republican or Libertarian, had been also been a member of the NRA, and is a veteran who saw combat.
The above was taken from a description of Timothy McVeigh--you remember what he did, and the following outrage against white people who might be terrorists, right?
On a serious note, I wonder how many Americans fit the above profile compared to Americans with Arab-sounding names. I'm guessing the above profile, matching Timothy McVeigh, would be able to filter out all but a tiny fraction of Americans. And who knows if it might prevent another similar incident?
If you currently favor biased profiling that favors the predominant race or religion, would you feel the same way if America becomes predominantly non-White?
I personally think profiling *might* prevent harmful incidents, but refusing to profile one race (white) or the political party in power (Republican) is not the way to go about preventing terrorism. There should be no free rides if profiling is going to be implemented. Do it right, do it for best results, or don't do it at all.
Do not provide us with software/OS that phones home unless the user explicitely opts in during setup.
And make it so that the user has to specify what information is shared, for example by clicking on a checkbox next to each description of data sent from their PC.
[ ] IP address? [ ] GUID? [ ] MAC? [ ] Email Address? [ ] CD Info? [ ] DVD Info? [ ] List of installed software? [ ]...
I think what the original poster tried to communicate was this (based on visiting the URL):
If product vendors include effective data security in their products:
1. they have to get export approval from their own country (see below for USA to see added costs)
2. they have to get import approval from the destination country (many will reject, thus the reduced revenues)
If the company is based in USA:
1. they cannot sell the software to anyone who appears on the Denied Persons Lists provided by the U.S. Govt (criminal penalties are heavy and how do you check DPL if the product is sold on store shelves?)
2. semi-annual reports need to be provided to the U.S. Bureau of Industry and Security that includes the names & full addresses of every single end-user who purchases the product.
3. the U.S. Bureau of Industry and Security can revoke authorization for the company to use License Exception ENC at any time (even after the 30 day review period) so the company risks becoming an instant violator of export regulations. Failure to answer any question whatsoever (e.g., how do we crack this in 5 minutes?) may result in being unable to sell to anyone outside U.S. and Canada even after you begin selling overseas. "All your balls are belong to them."
The above 3 points assume that you successfully receive authorization to export outside U.S. and Canada.
The impact is clear. Reduced revenues from inability to sell in as many countries and inability to sell off-the-shelf due to DPL requirements. Increased costs due to export compliance, semi-annual reporting, legal fees, etc. And of course the added risk of being charged with heavy criminal penalties for violating any EAR--even when selling to countries considered strong allies.
This 1-2-3 punch practically forces companies to sell weak security. The reasons you posted are highly unlikely to counter this impact on product vendors.
If you ever run a business that sells products, especially to consumers, you'll instantly recognize the above as a complete nightmare to be avoided at all costs. Who wants anything that massively reduces your total market size and simultaneously increases costs?
Slashdot Mirror
>unemployment and inequality could provoke even more social instability than they have already
Gee, now they tell us. Wouldn't it have been better for this to come out before trading you-know-what for mangos?
This is so horribly bad for Microsoft that I have trouble believing that they would do this.
Blocking certain downloads or sections of their website makes much more sense--after all, hard to blame them for preventing pirates from using up their bandwidth.
But turning off the OS, especially when there is chance for error is pretty dangerous. Imagine the bad press from accidentally turning off a competitor's OS--even if it is a mistake, people will assume the worse and they'll face lawsuits. Even worse, imagine if they shut off something critical to infrastructure or at a hospital.
IMHO, they will never do this because the results will damage Microsoft possibly beyond repair.
intellectual property lawyers will fight wars in courtrooms.
Countries possessing patents of mass destruction (PMD) will be sanctioned first, and later sued by the Air Force.
If other countries think we kick ass now, wait until they meet our legions of lawyers.
Snake-oil-ng: Standards compliant but worthless encryption. Used by founder of Innersafe Corporation to warn others about the new generation of snake-oil encryption products using AES-256 in a way that make their security practically worthless. Snake-oil-ng can truthfully claim to be standards-compliant with AES-256, while providing less security than "snake-oil" using junk proprietary encryption. In one of many examples, allowing millions of passwords to be guessed per second while limiting the range of potential passwords--the generated key is still 256 bits so it can provide the illusion of security. Other examples include repeatedly generating the same IV and key when given the same password. Snake-oil-ng is replacing snake-oil because of easy-to-use crypto libraries that provide AES. And possibly making it easier for governments to give out export licenses to create the illusion that export/import controls have been relaxed. For example, most people have no clue that in the U.S. certain cryptographic software sold to people outside U.S. and Canada require the names and addresses of every customer to be filed semi-annually with the U.S. Bureau of Industry and Security--making most retail products use less effective security.
>> The problem is that you are using physical characteristic profiling I'm confused by your response yet again...what physical characteristics do republicans, libertarians, NRA members, and veterans share? Are you responding to specific words and phrases you choose to pick out from the original post or actually considering the main points before responding? Never mind, I'll just move on to conversations that stick to the point.
I'm not sure how your reply relates to my original post.
Perhaps I did not make my points clear or you did not understand them. Or maybe a little of both.
I carefully read your reply twice, asked myself how it rationally relates to the points I raised, and see a huge disconnect--like two separate conversations that have a couple of phrases or words in common to create the illusion of relevance but the main points raised are unrelated.
Best of luck to you.
If profiling has to be done, then the rules should be established upfront so that no single race or religion can get a free pass--that is, if safety is really a priority.
I seriously doubt Western Union has, or will deny money transfers to recipients who fit this profile of a famous terrorist:
American citizen, White, short-haired, male, Irish-American, Catholic, who had been Republican or Libertarian, had been also been a member of the NRA, and is a veteran who saw combat.
The above was taken from a description of Timothy McVeigh--you remember what he did, and the following outrage against white people who might be terrorists, right?
On a serious note, I wonder how many Americans fit the above profile compared to Americans with Arab-sounding names. I'm guessing the above profile, matching Timothy McVeigh, would be able to filter out all but a tiny fraction of Americans. And who knows if it might prevent another similar incident?
If you currently favor biased profiling that favors the predominant race or religion, would you feel the same way if America becomes predominantly non-White?
I personally think profiling *might* prevent harmful incidents, but refusing to profile one race (white) or the political party in power (Republican) is not the way to go about preventing terrorism. There should be no free rides if profiling is going to be implemented. Do it right, do it for best results, or don't do it at all.
Do not provide us with software/OS that phones home unless the user explicitely opts in during setup.
...
And make it so that the user has to specify what information is shared, for example by clicking on a checkbox next to each description of data sent from their PC.
[ ] IP address?
[ ] GUID?
[ ] MAC?
[ ] Email Address?
[ ] CD Info?
[ ] DVD Info?
[ ] List of installed software?
[ ]
If product vendors include effective data security in their products:
1. they have to get export approval from their own country (see below for USA to see added costs)
2. they have to get import approval from the destination country (many will reject, thus the reduced revenues)
If the company is based in USA:
1. they cannot sell the software to anyone who appears on the Denied Persons Lists provided by the U.S. Govt (criminal penalties are heavy and how do you check DPL if the product is sold on store shelves?)
2. semi-annual reports need to be provided to the U.S. Bureau of Industry and Security that includes the names & full addresses of every single end-user who purchases the product.
3. the U.S. Bureau of Industry and Security can revoke authorization for the company to use License Exception ENC at any time (even after the 30 day review period) so the company risks becoming an instant violator of export regulations. Failure to answer any question whatsoever (e.g., how do we crack this in 5 minutes?) may result in being unable to sell to anyone outside U.S. and Canada even after you begin selling overseas. "All your balls are belong to them."
The above 3 points assume that you successfully receive authorization to export outside U.S. and Canada.
The impact is clear. Reduced revenues from inability to sell in as many countries and inability to sell off-the-shelf due to DPL requirements. Increased costs due to export compliance, semi-annual reporting, legal fees, etc. And of course the added risk of being charged with heavy criminal penalties for violating any EAR--even when selling to countries considered strong allies.
This 1-2-3 punch practically forces companies to sell weak security. The reasons you posted are highly unlikely to counter this impact on product vendors.
If you ever run a business that sells products, especially to consumers, you'll instantly recognize the above as a complete nightmare to be avoided at all costs. Who wants anything that massively reduces your total market size and simultaneously increases costs?