Obama on NSA Surveillance
Locked
12
12
 
Administrator
|
The ARRL http://www.arrl.org/ licenses amateur radio operators. They are non-governmental but I think the FCC has to OK the levels of the examination.
-- Owen On Tue, Jun 18, 2013 at 11:00 AM, Marcus G. Daniels <[hidden email]> wrote:
============================================================ FRIAM Applied Complexity Group listserv Meets Fridays 9a-11:30 at cafe at St. John's College to unsubscribe http://redfish.com/mailman/listinfo/friam_redfish.com |
|
Administrator
|
In reply to this post by Gary Schiltz-4
Good point, but I think it would also provide inducements for the industry itself to be saner. For example, I'd get rid of at least 80% of the accounts out there that simply are not necessary. Why do I need a login to buy stuff for example? Yeah, I'd have to retype my address .. which the browsers seem willing to do for me. They also remember the logins .. but we could make that illegal, or at least much less easy to opt-in for. The credit card is LESS exposed during an atomic transaction than in laying around in a server.
So just like internet tax moving us to saner tax reform, internet licensing would move us toward saner hygiene. Another simple move would be to simply better security. A 2-factor standard would help, as well as OpenID or o-auth protocols. I don't mind getting a silly pin from Google when I need to login, it works just fine. Mozilla and others are slowly working on a login-less world.
So I think the education remains pretty basic: The basic computer: libraries, accounts (root/usr), file system, along with tools for rootkit/malware. The basic network stack, simplified. DNS. Internet protocols for web (http/https), mail (IMAP/POP) and so on. The core is pretty solid and teachable.
I hear you! Steve G and I have been discussing this relative to SimTable and AgentScript. Its a race to just stay in place.
But even here there is a core that is pretty solid. Git has replaced source control and is pretty understandable, more so than the others when you get that it really is a file system of sorts, with all the usual create, rm/mv, file/folder, etc components. Github does throw in a wrinkle or two.
This is one of the reasons for wedtech. We need to know what we don't know. And then we need help distributing the load. We've gotten so there are local experts on git, webgl, html5/css3 and so on. More importantly, there is one huge simplification if you fit it: javascript. It is now the client (browser & apps & phones/tvs), the server (nodejs), and the network (async IO with JSON). I recently experience this when I wanted to make AgentScript.org more easily managed. I graduated from a simple coffeescript build command and a few bash scripts, to a coffeescript based "make" called, naturally, cake. It was completely familiar because it was javascript/coffeescript all the way down.
So in one area, programming, its actually getting less complex.
-- Owen ============================================================ FRIAM Applied Complexity Group listserv Meets Fridays 9a-11:30 at cafe at St. John's College to unsubscribe http://redfish.com/mailman/listinfo/friam_redfish.com |
Re: Obama on NSA Surveillance
|
|
In reply to this post by Owen Densmore
No, the FCC licenses radio amateurs and issues fines to people who operate without a license. -- rec -- On Tue, Jun 18, 2013 at 11:07 AM, Owen Densmore <[hidden email]> wrote:
============================================================ FRIAM Applied Complexity Group listserv Meets Fridays 9a-11:30 at cafe at St. John's College to unsubscribe http://redfish.com/mailman/listinfo/friam_redfish.com |
Re: Obama on NSA Surveillance
|
|
In reply to this post by Owen Densmore
On 6/18/13 11:07 AM, Owen Densmore
wrote:
Let's say that the PRISM accusations are true, and that Microsoft was first on board providing compromised services and software to the NSA. Why would anyone then believe that any sort of Microsoft Certified Solutions Whatever should be any indication of expertise in ensuring security as opposed to merely giving the appearance of security (except for the NSA)? Such `experts' are, well, stooges. Same goes for Cisco, Oracle certifications etc. You can extrapolate that all the way to universities funded on the public dime. `Educators' are just as well subject to influence through funding [dis]incentives as anyone -- and that possibility is _truly_ insidious. Organizations like the EFF seems about the best bet, since they are focused on this issue. That also makes their leadership targets, should they gain larger popularity. The first thing that has to go if people want privacy are their proprietary operating systems. In the open source community, where people actually care about this stuff, they bother to debate it in an open way. Personally I'm less afraid of the NSA than opportunistic sharing of things like medical data, financial information by corporations, say to reduce insurance payouts. Deals completely behind the scenes and deniable. I get the impression that many people accept the story that the policies and laws are what matter and not the deployed capabilities. It's a remarkable mistake. Marcus ============================================================ FRIAM Applied Complexity Group listserv Meets Fridays 9a-11:30 at cafe at St. John's College to unsubscribe http://redfish.com/mailman/listinfo/friam_redfish.com |
Re: Obama on NSA Surveillance
|
|
In reply to this post by Owen Densmore
Maybe the problem is that the amount of pertinent technical knowledge is growing, like the amount of scientific knowledge, and it exceeds any one person's or any one organization's grasp. Not to mention all the obsolescent knowledge. You talk as if there were someone, somewhere, who has an adequate grasp of all the details. Or as if you could sit down and study for a few weeks and be competent. Or as if there were some well known amount of time to budget each year for study to keep yourself up to date. There ain't no such person, no such book, and no such plan. If you felt competent in the past, it's simply that you chose your areas of ignorance well or were sublimely blind to them.
So when CBS headlines: 'Obama on NSA programs: Americans "not getting the complete story"', yeah, like who is getting the complete story? Does Obama understand how these programs work? No, he understands what Clapper and his other security wonks tell him. Who's got the the complete skivvy on how the NSA programs actually work? Who has the more complete understanding of all the technology that the NSA spends its secret budget on and the ramifications of that technology? The president of the united states? Or a 29 year old sysadm?
-- rec -- ============================================================ FRIAM Applied Complexity Group listserv Meets Fridays 9a-11:30 at cafe at St. John's College to unsubscribe http://redfish.com/mailman/listinfo/friam_redfish.com |
Re: Obama on NSA Surveillance
|
|
In reply to this post by Marcus G. Daniels
On Tue, Jun 18, 2013 at 11:50 AM, Marcus G. Daniels <[hidden email]> wrote:
The code is the law, look at what the code does, pay no attention to their stated intentions. -- rec -- ============================================================ FRIAM Applied Complexity Group listserv Meets Fridays 9a-11:30 at cafe at St. John's College to unsubscribe http://redfish.com/mailman/listinfo/friam_redfish.com |
Re: Obama on NSA Surveillance
|
|
In reply to this post by Owen Densmore
As the owner (and author) of an on-line store, I have a few comments:
On Jun 18, 2013, at 11:26 AM, Owen Densmore <[hidden email]> wrote:
For a shipment, we can use an email name to give the customer a heads-up when it ships, and can send a tracking number. Sometimes a user wants to check on the status of his order via the web; in that case we need a password or some authentication. If something goes wrong -- address was invalid, out of stock, etc. -- we need an email or at least a snail mail address, or the user is screwed. We are redoing our store, and most sales will be downloads. We will take email addresses (optional but strongly recommended) and credit cards (not saved). The user can optionally sign up for our newsletters. 2-factor authentication is good, but I'm leery of single sign ons, especially with Google. I see it as another way they can track wherever I go. Also, the backup is a long (15 characters? I don't recall exactly) password, which is probably shorter than the passwords I use with 1Password -- which makes my single password more secure as long it is never sent as plain text. If I don't have to remember a password, why not make it 20 or 25 characters long. Having said that, I agree that passwords are a pain. I thought Git *is* a source control system. Perhaps programming is getting easier because computers are getting more powerful and so can handle the yucky parts like reference counting, garbage collection, and I/O. But remember how dominant the following languages were in their day: C, C++ -- 1990 Java -- 1995 Perl -- 1995 VB and C# in the MS world -- 2000 Now JavaScript, which dates back to 1995 but was rescued by newer interpreters. Outside the browser world, you could argue that Python and Ruby outrank JavaScript. JavaScript will probably last as long as there are browsers. --Barry
============================================================ FRIAM Applied Complexity Group listserv Meets Fridays 9a-11:30 at cafe at St. John's College to unsubscribe http://redfish.com/mailman/listinfo/friam_redfish.com |
|
|
In reply to this post by Owen Densmore
On Jun 18, 2013, at 12:26 PM, Owen Densmore <[hidden email]> wrote:
I was mainly commenting on the fact that I have a whole lot of catching up to do. Actually, I'm really excited about the internet landscape of 2013, and I'm pretty sure I prefer it to the landscape I left in 2008.
It does seem that the internet ecosystem is settling down rather nicely, with emphasis on standards (HTML5, CSS3, JavaScript, RDF (maybe)). Personally, I'm a Lisp fan, and these days it's possible to use Clojure server-side (it compiled to JVM byte code) and ClojureScript client-side (it compiles via Google Closure to optimized, minimized JavaScript). But then, paraphrasing a popular Ruby article from half a dozen years ago, I can see how "JavaScript is an Acceptable Lisp". And with a more open ecosystem, I don't have to choose what is an "Acceptable Lisp", but write in whatever language that gets compiled to HTML, CSS, JavaScript, RDF. ;; Gary ============================================================ FRIAM Applied Complexity Group listserv Meets Fridays 9a-11:30 at cafe at St. John's College to unsubscribe http://redfish.com/mailman/listinfo/friam_redfish.com |
|
Administrator
|
JavaScript is sorta lisp with braces. Seriously, Brendan Eich the JS creator, had 2 weeks to build the scripting language for Netscape in the early '90s. So he came up with a version of Scheme.
The bosses all said "yuk, we want a real language, you know like C and Java!" .. go fetch another rock. So he just built a Scheme with braces!
-- Owen
On Tue, Jun 18, 2013 at 2:52 PM, Gary Schiltz <[hidden email]> wrote:
============================================================ FRIAM Applied Complexity Group listserv Meets Fridays 9a-11:30 at cafe at St. John's College to unsubscribe http://redfish.com/mailman/listinfo/friam_redfish.com |
Re: Obama on NSA Surveillance
|
|
In reply to this post by Gary Schiltz-4
And then from May 15 Google's added PHP runtime to their App Engine:
http://venturebeat.com/2013/05/15/google-opens-up-powerful-aws-competitor-compute-engine-to-all/ How horrifying is that? Robert C On 6/18/13 2:52 PM, Gary Schiltz wrote: > > It does seem that the internet ecosystem is settling down rather > nicely, with emphasis on standards (HTML5, CSS3, JavaScript, RDF > (maybe)). Personally, I'm a Lisp fan, and these days it's possible to > use Clojure server-side (it compiled to JVM byte code) and > ClojureScript client-side (it compiles via Google Closure to > optimized, minimized JavaScript). But then, paraphrasing a popular > Ruby article from half a dozen years ago, I can see how "JavaScript is > an Acceptable Lisp". And with a more open ecosystem, I don't have to > choose what is an "Acceptable Lisp", but write in whatever language > that gets compiled to HTML, CSS, JavaScript, RDF. > > ;; Gary ============================================================ FRIAM Applied Complexity Group listserv Meets Fridays 9a-11:30 at cafe at St. John's College to unsubscribe http://redfish.com/mailman/listinfo/friam_redfish.com |
|
Administrator
|
PHP. Gawd, how yesterday. Google App Engine deserves it! How so fail they were relative to Amazon and many, many others.
Historically interesting in that PHP became the Web Shell, sorta a server-side version of Bash. Who'da thought we needed a Domain Specific Shell?
The people always get what they want. And generally what they deserve.
-- Owen
On Tue, Jun 18, 2013 at 7:00 PM, Robert J. Cordingley <[hidden email]> wrote: And then from May 15 Google's added PHP runtime to their App Engine: http://venturebeat.com/2013/05/15/google-opens-up-powerful-aws-competitor-compute-engine-to-all/ How horrifying is that? ============================================================ FRIAM Applied Complexity Group listserv Meets Fridays 9a-11:30 at cafe at St. John's College to unsubscribe http://redfish.com/mailman/listinfo/friam_redfish.com |
Re: Obama on NSA Surveillance
|
|
In reply to this post by Roger Critchlow-2
On 6/18/13 12:09 PM, Roger Critchlow
wrote:
Exactly. Individuals and all kinds of organizations have come to expect promiscuity without consequence when it comes to the use of software. As more and more critical system software is written overseas, or by foreign nationals in the U.S., it is stupid to think that these individuals, organizations, and/or governments aren't fully capable of planting malware in trusted tools and services. Even assuming that engineered malicious software could be reliably identified and quarantined from executable content (it can't), there's an ever increasing body of spongy, bug-ridden software just waiting for motivated people to exploit for unfriendly purposes. For applications that matter, my view is that the whole software stack must be made available for inspection as source code, and a community of expertise and criticism must be built around it. This not to say that there will be someone that gains the`adequate' grasp. But, with all this in hand the organization can at least see the scope of their potential risk. For anything non-trivial the risk will be large. Those that claim to care about security above all else must begin to realize the extent of what they don't know, and carefully build up systems from components that are, as much as is possible, transparent and tested -- or proven -- to work in all possible situations and refuse to work outside of that domain. Marcus ============================================================ FRIAM Applied Complexity Group listserv Meets Fridays 9a-11:30 at cafe at St. John's College to unsubscribe http://redfish.com/mailman/listinfo/friam_redfish.com |
«
Return to Friam
|
1 view|%1 views
| Free forum by Nabble | Edit this page |