Submitted by brad on Tue, 2005-06-07 11:25.
So if you travel to different countries, you know that cellular roaming can be a pain, even with a GSM world phone, because they ding you for very high roaming charges.
So here’s a service I want. A kiosk in the airport to sell, or ideally rent me a GSM SIM card for a prepaid account, right in the airport. The kiosk would also sell me unlocking service for my phone, and of course prepaid cards. (By renting the SIM card, I mean it would sell it, and then buy it back at a reduced price on the way back out.)
Update Note: I’ve created a Special Forum to share information on the best SIM card sources in different countries. Search there for info on each country or enter your own findngs.
… read more »
Submitted by brad on Fri, 2005-06-03 11:10.
ICANN is pleased to announce that the independent evaluation process, which began last year, has resulted in a further sponsored Top Level Domain (sTLD) application moving to the next stage.
As the process for selecting new sponsored Top Level Domain (sTLDs) continues from a pool of ten applications, ICANN has now entered into commercial and technical negotiations with an additional candidate registry, ICM Registry, Inc, (.POLINC).
The .POLINC top level domain will be a voluntary arena for sites that wish to express ideas that are politically incorrect or inflammatory. Sites that promote ideas including racism, homosexual advocacy, embryonic stem cell harvesting, creationism, evolutionism, opposition to the war in Iraq, defence of the liberation of Iraq and other topics that are inflammatory can voluntarily register in the .POLINC domain to make it clear what sort of material can be found on the site.
“We’re not trying to suprise anybody with the fact that our sites have unpopular an inflammatory opinions on them,” said Brad Templeton, Chairman of the www.eff.org web site notorious for its opposition to the surveillance tools the Justice Dept. says are needed for the War on Domestic Terror. Templeton also operates the www.netfunny.com site, which contains jokes, some of which lampoon stereotypes of all manners. “By giving us our own domain, people will know exactly what they are getting. Our views are for adults. We’re not trying to push them on kids.”
Operators of .POLINC domains believe that by using this domain, they will have an answer to any user who complains about finding their material on the internet, in particular parents who don’t want their children exposed to highly radical views. Internet filtering software, commonly sold to parents, schools and libraries, will be able to easily and reliably block access to .POLINC sites by children and library patrons.
… read more »
Submitted by brad on Wed, 2005-06-01 15:51.
I have written before about what a terrible idea it is to generate top level domains that are generic, and have a meaning, because they create artificial monopolies over real words and generic terms, something even trademark law figured out was stupid centuries ago.
Now ICANN has gone one worse and annouced that a .XXX domain is underway. It is also talking about TLDs for jobs, and travel as well as .CAT, .POST and .MOBI.
The .XXX domain is a terrible idea, not just because of the monopoly it gives. It is almost certainly the first step towards putting greater liability on people who provide adult content and don’t brand it with a .XXX domain. There is justifiable fear of laws that punish adult content outside of .XXX and don’t punish it inside. But at the same time filters will take the simple step of blocking all of .XXX from companies, schools, libraries and kids “just to be safe.”
Which creates a “damned if you do, damned if you don’t” situation for anybody who is borderline adult, not necessarily hard core porn, but viewed by some as not appropriate for children. Including possibly many of the dirty jokes on my own RHF web site.
I wish there were some way to stop this.
Addendum: While the Daily Show (best show on TV) did a great segment on how incredibly silly it was for TV shows to sit there and read out blogs aloud on TV, MSNBC has just such a segment called “Tony’s Tabs”, part of “Connected Coast to Coast with Ron Reagan and Monica Crowley”, and in my most unusual trackback ever, this posting was featured on it…
Submitted by brad on Wed, 2005-06-01 11:21.
I’m writing a larger essay on this topic, but I recently posted the following to Interesting People and it was requested to put it here. It relates to the theme of “light” DRM.
I used to wonder if you made a DRM system that was so well designed that
only a serious pirate would notice it was there, if this might be
a workable system.
But now I have come to realize that there’s one very important community
which a DRM system can’t avoid harming, and that’s the open source
community, who as a largely philanthropic effort build linux, the bsds and
much of the software that runs the internet and is thus used by everybody.
One of the pillars of the open source community, written into several
of its most common licences, is that the end user must be able to
modify the software, both for their own use and to give away to others.
Of course, most end-users don’t recompile their tools, but a sizeable
number do, and they provide innovations, fixes and improvements that
get used by all the users.
There is a fundamental incompatability between this ability to modify
and any DRM that has a software element to its enforcement. You
simply can’t have them both.
That leaves DRM where all the enforcement (ie. decryption and
display/presentation) takes place within physically secured devices.
This is not easy to do, and even if done, it bars the open source
software from any useful features that might be thought up which require
access to the media — only what the hardware permits can be done.
The end result is to largely shut open source software out of the
media playing arena, and thus, if you believe in the convergence of
media playing devices and computing devices, out of the general
purpose home computer arena.
To those who use the open source software, the trouble with this is
obvious. But in fact, all must be concerned, as the open source
software, aside from being one of the few competitors to forces like
Microsoft, is also becoming a source of significant innovation. That
old style, garage-based innovation, where a loner or small team
develop something new on the cheap which changes the world. DRM
systems can be architected to allow a Tivo, but they bar the “next Tivo”
which is a loss to all.
So the conclusion is that, as suggested, you can’t pull off the
“make everybody happy” DRM. Instead, you get DRM which mostly sits
as a barrier not to pirates or users, but to the small innovators of
the world, and what a tragedy that would be.
Submitted by brad on Tue, 2005-05-31 14:28.
When our society got rich, we started living much more sterile lives, and a whole bunch of diseases cropped up which are autoimmune disorders. These range from allergies to Chrohn’s Disease, which destroys the bowel. Many of these syndromes did not exist in the pre-sterile world. (Not all autoimmune disorders are this way, of course.)
So some parents have become aware that you need to let your kids play in the muck, and with animals, and get exposed to diseases and parasites so your immune system grows up as you grow up. Otherwise, with nothing to do, it can attack you.
But parents are protective. They are not going to deliberately expose their children to parasites. But there are treatments that have been developed for sufferers of these diseases that give them safe alternatives that their immune system can fight. For example, the spores of parisites that infect other animals, but not humans.
So we need to develop a regime of “vaccines” against autoimmune disorders. A regimen of safe infectious agents that will put the immune system through the paces it expects to go through in the natural world, but which won’t cause damage. And we need to expose children, and possibly even adults, to them through their lives.
Submitted by brad on Mon, 2005-05-30 18:03.
I’ve switched the blog from Movable Type to drupal. Drupal is a PHP based, open source blog and community system that will allow me in the future to support all sorts of fancy things, such as discussion forums, polls, multi-user blogging and a lot of other stuff. Drupal is entirely another class of application beyond MT, though I won’t be using all of what it has at first.
For now, you will of course see a different look for the blog. Categories can be expanded from the navigation menu and you can do more things with them. You can also create a userid and password to log in. If you do this, comments appear under your name and they appear immediately without need for me to approve them. You also can configure how the site looks for you and turn on other features. I can even give users a blog in the future if you like, when the permission system improves. If you have a login at many other drupal sites you can use it here, by using the userid username@thedrupalsite. (Or use email@example.com on other drupal sites.)
Let me know if there are any problems.
Submitted by brad on Mon, 2005-05-30 17:36.
There’s a lot of talk about the coming threat of Avian H5N1 flu, how it might kill many millions, far beyond the 1918 flu and others, because of how much people travel in the modern world. Others worry about bioterrorism.
Plans are underway to deal with it, but are they truly thinking about some of the tools the modern world has that it didn’t have in 1918 which might make up for our added risks? We have the internet, and a lot of dot-coms, both living and dead, created all sorts of interesting tools for living in the world without having to leave your house.
In the event of an outbreak, we’ll have limited vaccine available, if there’s much at all. Everybody will want it, and society will have to prioritize who gets what. While some choices are obvious — medical staff and other emergency crews — there may be other ideas worth considering.
Today, a significant fraction of the population can work from home, with phone, computer and internet. The economy need not shut down just because people must avoid congregating. Plans should be made, even at companies that prefer not to allow telecommuting, to be able to switch to it in an emergency.
Schools might have to close but education need not stop. We can easily devote TV channels in each area to basic curriculum for each grade. Individual schools can modify that for students who have internet access or even just a DVD player or VCR. For example, teachers could teach their class to a camera, and computers can quickly burn DVDs for distribution. Students can watch the DVDs, pause them and phone questions to the teacher. (However, ideally most students are able to make use of the live lectures on TV, and can phone their particular teacher, or chat online, to ask questions.) Parents, stuck at home would also help their children more.
Delivery people (USPS, UPS etc.) would be high in line for vaccination to keep goods flowing to people in their homes. You can of course buy almost anything online already. Systems like Webvan, for efficient grocery ordering and delivery could be brought back up, with extra vaccinated delivery drivers making rounds of every street.
Of course not everybody has a computer, but that need not be a problem. With so many people at home, volunteers would come forward who did have broadband. They would take calls from those who do not have computers and do their computer tasks for them, making sure they got in their orders for food and other supplies. Of course all food handlers would need to be vaccinated and use more sterile procedures. read more »
Submitted by brad on Thu, 2005-05-26 11:41.
I recently read the story of the coffee shop that's shutting down their free wifi on weekends because it mostly gets them moochers who, far worse than simply not buying anything, sit and stare at computers and don't talk to anybody. They found that when they shut down the free network, they not only got people to buy more coffee, the place was also more social.
So while there are a variety of solutions to sell or control access to a network, such as printing tokens that give a period of access on every receipt, or selling the access as they do at Starbucks, here's another idea -- intermittent access.
In such a system the access point lets you on for a modest amount of time. Enough for a quick web search or two, a checking of your e-mail or even a modest phone call. Then it denies you access. It doesn't have to deny it for long, perhaps just 5 minutes before you can get on again. No authentication, though during the period of denied access, it may redirect all web requests to a page that explains the situation, and optionally offers continuous access for money.
Though that's not the main goal. The main goal is to create an atmosphere where you're coming to the shop to do other than stare at your computer, but in which you can use it on occasion to get your fix.
Who knows, if the sale option for continuous access was popular, it might even make more money than an always charging system. Of course, fancy users could change their MAC address to get around it -- but if they're going to go that far, let them. Most won't. read more »
Submitted by brad on Wed, 2005-05-25 13:35.
Fast food outlets all have drive-throughs, and they are popular though sometimes it's hard to figure out why, since you get a slow simulation of being stuck in traffic. "Oooh, are we going to move! Yes, he's released his brakelights!" You may also have heard that McDonalds is outsourcing the order-taking part at some restaurants to teleworkers in the midwest, where wages are lower. (Not India, yet.) They reason that there is no reason the order-taker, who just punches the order into a computer, need be at the actual location, and in fact, when things are at their most busy, it makes sense to put everybody onto filling orders, not taking them.
You go to a board with a menu and a bad intercom to place your order. Why do this? Cell phone penetration is very high now, so why not phone it in? Either a direct number for that restaurant, or an 800 number where you can say which branch you are at or going to. You can't see the menu but you probably know it, and the order taker has the time to help you through it. They might be at the restaurant if they have spare capacity, or might be in a call center entering it on the computer. They can tell you pretty accurately when your order will be up.
Yeah, I just re-invented phone-in takeout, but this time based on the drive-through concept. Worst case you call it in while already at the restaurant, which is where you order today. But if you think about it, you're phoning it in on the way there. And they might tell you, "You know, it will be 15 minutes here, and just 3 minutes at the branch down the road" to load balance.
Now when you get to the restaurant, you probably should just park in the lot and go inside for your order. But they could also have a parking area with an LED display with the order numbers (or even sufficiently unique suffixes of phone numbers) displayed to say who can now enter the drive-through lane for instant pickup.
And of course, if you want to pay on credit card, and they know you, you can even pick up the food without the timewasting cash-handover.
This makes more sense at make-to-order places than at McDonalds of course. And it can apply to more than fast-food, though usually only fast food places have computerized order management. Perhaps people might order better food if it were more convenient?
Submitted by brad on Tue, 2005-05-24 08:54.
When I was a teenager, my father lived in a downtown appartment tower with a cinema in the basement. Due to his press credentials he had an unlimited free movie pass. Star Wars played there for over a year, and when we would visit him, if we were ever sitting around wondering what to do, somebody would suggest, "Why don't we go downstairs and see Star Wars?" Today everybody does this but then the VCR was just dawning, so this was something really cool.
So of course that movie held a special place in my heart, and it was indeed groundbreaking, particularly in effects, grand story and perhaps most of all, good editing. "The circle is now complete" as Lord Vader would say.
So I'll repeat what everybody else has said, Revenge of the Sith is far better than episodes 1 and 2 of the modern trilogy, better perhaps than the Ewok-burdened Return of the Jedi. It's an astounding triumph of visuals as well, with a much more moving and interesting story. Yes, the acting is sub par, the dialogue well sub par and the romantic scenes are non-credible, but the good parts more than make up for this.
At the same time I am left with a disappointment, because it could have been so much more. Lucas is cursed because the bar was so high. He built an empire on that first movie but only delivered some of what he could. I'll get into spoilers in the after-the-break part of this posting, and here I'll speak more generally.
The entire new trilogy is the story of the fall of Darth Vader. This movie contains its climax, as he changes from troubled Jedi to evil lord. Powerful as it is, it's still not credible. Lucas had 8 hours of film all leading up to that one moment, so there's no reason it had to be that way.
Tied in with the moral fall of Vader is the more literal fall of the Jedi. As we know, they are betrayed, but that story too could have been much richer.
In addition, the biggest thing missing from trilogy 2 is the humour. Yoda, the imp who stole Empire barely cracks a smile in all the other movies. Almost nobody does. And the movies suffer for it.
On to spoiler-based discussion read more »
Submitted by brad on Sat, 2005-05-21 08:54.
A recent item posted on politech and Farber’s IP mailing lists caused some controversy, so I thought I should expand on it here.
The spam law debate has been going on for close to a decade. There are people with many views, and we’ve all heard the other side’s views many times as well. The differences lie in more fundamental values that are hard to change through argument.
Because of that there are giant spam law battles among people who are generally all on the same side — getting rid of spam. Each spam law proposal has people who feel it does too much and chills legitimate speech on one side, and those who feel it does too little and legitimizes some spam on the other. (With many other subtleties as well.)
It’s commonly reported that most spam is sent by a relatively small group of hardcore, heavy volume spammers. In theory much from a group of 20, and the bulk from a group of around 200. I have never known if this is true or not, but a recent conversation with a leading antispam activist gave evidence that it was. Antispammers have tracked down a lot of spam, seen billions of spams come into spam-traps and even infiltrated spammer “bulker” message boards to learn who’s who and how they operate.
So let’s assume for the moment that it’s true that most spam comes from this core group. Let’s focus spam law efforts on a law designed just to get them. A law so narrowly targetted that nobody need fear a chilling effect on legitimate speech, that everybody can get behind. (A law that also makes it clear that it’s not precluding other laws or giving blessing to lesser spammers.)
I would see such a law demanding many criteria. It would require the spammer send millions of spams. It would require the spammer do this with wilful disregard for the consequences — ie. a malicious intent. It could require the spammer have made $10,000 from their spamming. It would also provide funding and direction for law enforcement to actually go after these spammers.
It would fine them into bankruptcy (all they ever made from spamming plus punative fines) and possibly jail them, particularly if other criminal actions like fraud, sale of illegal products and computer breakins were involved.
This wouldn’t stop all spammers, but it might well put a real dent in the volume of spam, and scare off many from entering the upper echelons of spamming. This is a great deal more than any other spam law has managed to do. read more »
Submitted by brad on Fri, 2005-05-20 08:44.
As many of you may know, the rebate system is based on the idea that most folks will not get around to filling out a rebate form, or will fill it out improperly. Estimates run that 60% or more of people don't get their rebate. In some cases, the companies do everything they can to not redeem, some are even accused of illegal behaviour. Some companies are rumoured to be rejecting all rebates then only redeeming to those people who complain.
What this means of course is that they can give a very attractive rebate, in many cases selling the product below cost. We've seen rebates for the full purchase price in some cases.
Now this is actually good for you if you are very good at getting rebates back, because you get to buy a product below cost, subsidized by the people who aren't good at getting the rebates back, who ended up paying an above average price. It's a form of differential pricing. Those who care get a lower price, those who are richer and care less pay more.
So is the time ripe for a company that, for a fee, will do your rebate paperwork for you? Of course, you would still need to cut off the proof of purchase, check over the rebate for any special requirements (like signatures or serial numbers not found on the proof of purchase) and stuff them in a preprinted envelope, and get it to the post office in time to make it to the rebate paperwork house in time for them to mail it in to the vendor. (Not really the vendor, but the vender's outsourced rebate house.)
I imagine you would pay something like $5 plus some small fraction of the rebate, charged on your credit card, and refunded to your credit card if you don't get the rebate. That seems like a lot for what should be a few minutes work, but if you factor in the time required to fill out forms carefully, print envelopes, copy receipts and other items, and get to the mailbox, I think it's not out of line.
Of course for the rebate facilitator, they are even more efficient. They have all your relevant info on file, filled out in a web form. They have all the popular rebates similarly encoded and scanned. They can either automatically print out a rebate form with your info clearly filled in, or they can print a custom sticky label with your info and apply it to the original if the original is needed.
They can copy the receipts and scan the proof of purchase. And then mail them out at bulk postage rates to the rebate center, or even have staff who hand deliver them to the major rebate centers in certain cases if volume is high enough. read more »
Submitted by brad on Thu, 2005-05-19 09:30.
I shoot with an SLR, and all lenses need a rear lens cap when not on the camera. Every SLR shooter knows the three-handed ritual. (Four handed if the Camera's not on a strap.) You take one lens off the camera. You pick another lens and remove the rear cap from it. Holding the old lens, new lens and rear cap and camera, you put the new lens on the camera, then put the rear cap on the old lens. (Or you put the cap on the old lens first, put it down and put the new lens on the camera.)
Anyway, a simple invention I have already built is a doubleheaded rear lens cap, namely two lens caps glued together. Custom-built it would be a lot smaller and solve some of the problems I have experienced.
With the doubleheader, you can take your lens off the camera and put it immediately onto the open end of the doubleheader cap on the new lens. Then with a twist you remove the new lens from the resulting docked lens pair, and put it on the camera. In theory one less hand or less dexterity.
However, the catch is the docked lens configuration tightens both as you twist one way and loosens both as you twist the other way. So you must master the art of making sure the lens you want comes loose.
How this works varies from lens to lens and how well it fits the rear cap. Sometimes pressing them both together causes one to undo reliably. The most reliable trick is to grab the old lens around the rear neck so you can get a finger on the cap, and then pull the new lens off.
It seems one might be able to design ways to make this more reliable, such as a small flange on the cap to hold with your finger to make sure of what twists off, or a ratcheting twist-off that requires a release button.
If both become equally lose when you untwist, then gravity will help you in that the cap will stay on the lower lens. You must later twist it back to stay on. I think the ideal motion would be to twist on so both are tight, then either hold the cap or release a ratchet so only the lens you want comes off without loosening the old lens. read more »
Submitted by brad on Thu, 2005-05-12 05:50.
There have been many efforts at internet "identity" systems, such as Microsoft Passport, Liberty Alliance, and a variety of others. A recent conference was held in SF, though I didn't go, but I thought it was time to put forward one important idea.
Also, sometimes something goes into a server because business rules demand it. You can only make money from it as a service you sell, so you build it that way. read more »
Submitted by brad on Mon, 2005-05-09 07:48.
I've written before about the dichotomies between serial and browseable, between writer-friendly and reader-friendly.
One idea that now seems obvious is to integrate wiki functions into a mailing list manager (particularly one that does a web interface to the mailng list.)
In particular, one should be able to "cc" a message to sections of the wiki and have it added. For example, to an FAQ section. In addition, readers of a message should be able to promote it into sections of the wiki either by clicking links in the HTML version of the message, or by forwarding the message back to some magic addresses at the mailing list manager.
Thus when sombody on a mailing list makes a useful answer to a question, it could go quickly into a wiki style knowledge base, for easier browsing and searching. Many mailing lists today allow you to search the list archives, but unless you know your vocabulary, you may not find the answer to problems you are trying to solve, even though they exist there.
Submitted by brad on Fri, 2005-05-06 03:55.
On both a personal and professional note, I am happy to report that the federal courts have unanimously ruled to strike down the FCC's broadcast flag (that's a PDF) due to our lawsuit against them.
I participated directly in this lawsuit, filing an affadavit on how, as a builder of a MythTV system and writer of software for MythTV, I would be personally harmed if the flag rule went into effect. The thrust of the case was that the FCC, which is empowered to regulated interstate communications, had no authority to regulate what goes on inside your PC. The court bought that, but we had to show that the actual plaintiffs in the case would be harmed, not simply the general public, thus the declarations by myself and various other members of EFF and other plaintiffs.
The broadcast flag was an insidious rule because, as I like to put it, it didn't prohibit Tivo from making a Tivo (as long as they got it certified as having pledged allegiance to the flag.) It stopped somebody from designing the next Tivo, the metaphorical Tivo, meaning bold new innovation in recording TV.
I would like to particularly thank Public Knowledge, which spearheaded this effort and funded most of it.
Here's an AP Interview with me on the issue.
Submitted by brad on Wed, 2005-05-04 05:21.
Update: A more active thread on how this relates to Goodmail and other attempts at sender-pays traffic
There is much talk these days of “who invented the internet?” Most of the talk is done wearing a network engineer’s hat, defining the internet in terms of routing IP datatgrams, and TCP. Some relates to the end to end principle with a stupid network in the middle and smart endpoints. These two are valid and vital contributions, and recognition for those who built them is important.
But that’s not what the public thinks of when it hears “the internet.” They think of the collection of cool applications they use to interact with other people and distant computers. Web sites and mailing lists and newsgroups and filesharing and VoIP and downloading and chat and much more. Why did these spring into being in this way rather than on other networks?
I believe a large and necessary ingredient for “the internet” wasn’t a technological invention at all, but a billing system. The internet is based on what I call the “internet cost contract.” That contract says that each person pays for their own pipe to the center, and we don’t account for the individual traffic.
“I pay for my half, you pay for yours.”
While the end-to-end design allowed innovation and experimentation, the billing design really made it possible. In the early days of the internet, people dreamed up all sorts of bizarre applications, some serious, some entirely frivolous. They put them out there and people played with them and the most interesting thrived.
Many other networks had users paying not by the pipe, but based on traffic. In that world, had you decided to host a mailing list, or famously put a webcam up in front of your company fishtank, the next day the company beancounter would have called you into the office to ask why the company got a big bandwidth bill in order to show off the fishtank. The webcam — or FTP site or mailing list — would have been shut down immediately, and for perfectly valid reasons.
Pay-based-on-usage demands that applications be financially justifiable to live. Pay-per-pipe allowed mailing lists, ftp sites, usenet, archie, gopher and the web to explode. read more »
Submitted by brad on Mon, 2005-05-02 06:51.
While for various reasons I believe that the efforts to enforce E911 requirements on Voice over IP phones are bogus and largely designed to make it harder for smaller players to compete with established companies, there is a legitimate need for ways to give your location to emergency services.
To protect privacy, I suggest that this be done in the endpoints. To assist this, I would propose a set of option extensions to the DHCP protocol to tell an endpoint what the server knows about its location, including address, zip and even what emergency contact center to use. This would start with RFC3825 for geolocation, and move on to other features. The endpoint device, when calling 911 or other emergency services, could include this information in the SIP invite, or provide it on request.
For those who don't know, DHCP is the system which lets a computer connect to an ethernet and ask for an IP address as well as important local network information (such as the addresses of routers, name servers, domain names etc.) Some DHCP servers know exactly who the client device is and effectively act as the client's memory. Some just give the next available address and return information about the local network area.
For example, most people with home networks, and almost all of them who use Voice over IP services like Vonage have a local network with its own DHCP server, built into the home-router they use. That home router could be told the address of the home, and all devices, including VoIP phones, could learn it. For companies, it is the same.
DHCP is also used for ISPs to give addresses to DSL and Cable modem customers who hook up to the internet without a home gateway because they have only one computer. That's pretty rare for VoIP users. In these cases they may or may not know the street address of the computer. DHCP is also very common for people who connect to wireless access points. The AP in a Starbucks could easily tell your device the address of the Starbucks.
As noted, we could start by the device fetching this address and forwarding it on with emergency calls, but not doing so for regular calls. This puts privacy control in the hands of the user, where it should be.
However, we could do even more than just give location as in rfc3825. The DHCP server could publish the direct contact information for the local area for police, fire, ambulance or general emergencies. They could simply include the contact number of a PSAP (Public Service Access Point, the gateway to emergency services) for the location, or in a corporate setting, might direct emergency calls to the corporate security desk, with the PSAP/911 as a fall-back. (There should be laws however about use of such features and protection of privacy. Network owners can already reroute any traffic but we want it to be clear how this might be done.) read more »
Submitted by brad on Thu, 2005-04-28 08:01.
George W. Bush names Jesus as the philosopher he admires the most. The most central of the teachings of Jesus can be found in the Sermon on the Mount.
I have come upong Bush's edited version of the sermon, amended to make the dictates of his Saviour easier to follow in these modern times.
Enjoy here in the Sermon on the Mount (George Bush Version)
Submitted by brad on Tue, 2005-04-19 14:05.
During the 1990s, the US Government made a major effort to block the deployment of encryption by banning its export. We won that fight, but during the formative years of most internet protocols, they made it hard to add good authentication and privacy to internet tools. They forced vendors to jump through hoops, made users download special "encryption packs" and made encryption the exception rather than the norm in online work.
This, combined with bad design decisions made even without the help of the government, has caused some of the security windows that are bugging people today.
A recent issue is DNS poisoning, getting known by the name of pharming. The scammers send fake DNS answers in advance to buggy DNS servers running on MS Windows Service pack 2 or earlier, or very old *nix copies of bind. They tell the server that www.yourbank.com should really go to their address with a fake version of the site.
Now of course we should have made DNS reliable and secure to stop this, or at least done the very basic things found in the most up to date DNS servers, but even so, this attack should not have been enough.
That's because SSL certificates were supposed to assure that you were really talking to yourbank.com when the browswer said it was, even if somebody hijacked the connection like this. And they will. The phisher can't pretend to be yourbank.com with the little "lock" icon on the status bar of your browswer set to locked. But they can pretend it when the icon says unlocked.
And surprise, surprise, people forget to look at the icon. A lot. They turn off the warnings about transitions to insecure pages because they go off all the time, and nobody pays attention to an alarm that's always going off. Encryption and SSL are rare, special things limited to login screens. We tolerate all the rest of life being unencrypted and in the clear -- and vulnerable, just like the USDoJ wanted it. read more »