
Interesting read
Interesting read on this topic:
"Loving the Cyber Bomb? The Dangers of Threat Inflation in Cybersecurity Policy"
http://mercatus.org/publication/loving-cyber-bomb-dangers-threat-inflation-cybersecurity-policy
14 publicly visible posts • joined 24 Jan 2008
From the article: "I don't think there's an operator in the world that wouldn't tell you that it's a pain to support all the different operating systems they have, in particular the 17 versions of Linux they have on feature phones, all of which are a little quirky and a little different, require separate network certifications, network product support, and the like that goes along with that."
I don't want my operator to support a particular OS or device, I want them to support the GSM/UMTS standards. I only need to know the frequency. Just as my internet provider is not concerned with my OS on my computer. We have the TCP/IP standards for that.
Thanks Microsoft for another piece of FUD. Afraid of Linux maybe?
I'm using a simple smartphone from the 1990s and the built-in email client to connect to my own mail server connected securely using standard IMAP/SMTP with TLS/SSL. Phone is protected with PINs. This complete setup, phone + server, you can make for 300 euro (and the software is free).
I don't get why people feel the need to have complicated setups with expensive specialised phones.
Also I don't get why people use Blackberry's infrastructure and hand over all of your secrets to some company.
1. Go to record store (in whatever country)
2. Choose any cd
3. Pay money
4. Go home and enjoy
No shop owner ever asked me to show my passport or read and sign a license agreement. The cd box just says: copyright <year> <band/company>. Look what the record companies and all of their innovation got us now: less music, worse quality (both content and sound), relatively expensive, all kinds of limitations (DRM!). I will shed no tears when all record (big) companies cease to exist today.
I get the feeling there are some misunderstandings about OpenID.
First of all, your OpenID password is only known at the OpenID provider you yourself choose. In my case, I set up my own, on my own server, in my own house (just a simple little PHP script). I consider this to be a pro, since, in this case the government, does not know my password.
Second, nothing stops you from using multiple OpenIDs for different purposes. For example, one for fun, one for work-related stuff, one for government related stuff and one for banking. There is no correlation between these IDs if you don't want it.
Third, for the government, you already have a single ID: your social security number. And it's already linked to different things, like an address, a bank account, a job, etc. So with an OpenID you just have another ID linked to this. The benefit to this is that your social security number can stay private and is not needed to log in. Instead you use an OpenID, which can only be used with strong security (e.g. a password you choose on a secure server).
Why would be want one big corporation hijack our web experience?
What is the added value of these tools on the average website?
Why don't we just use the standards available to accomplish the same thing:
- video: use standard MPEG video in Ogg container, or in the near future use HTML 5's <video> tag
- audio: see video
- fancy interactive graphics: use Scalable Vector Graphics (SVG)
- blinking banners: do we really need blinking banners?
I think this End to End Trust will end many things, like:
- ability to use software you want (sorry, we, Microsoft, don't trust that company)
- ability to publish software (sorry, your company is not a reputable company, hence your software cannot run on our users' systems, unless you pay $$$$)
- ability to use "alternative" operating systems (sorry, your OS does not support my trusted computing chip on this motherboard, so I won't work)
- ability to build your own computer (sorry, this hard disk does not support trusted computing, so it won't work with this motherboard)
- ability to play/view any (online) media (sorry, you can't view this content, because your computer is not trusted)
In other words, this End to End Trust initiative is about big corporations trusting you, not the other way around. It will severely limit the amount of control and choice you have over your own hardware and software. This is vendor lock-in times 10. Be wary.
@Paul Charters:
1. 128 bits is indeed hard to remember. But do you remember all the the IPv4 addresses of the websites you visit? No, you use DNS, like you don't remember all the phone numbers in your phone. You use the names in your phone book. DNS works with IPv6.
2. Can you back your claim up? I run both IPv6 and IPv4 in parallel and I have no problems.
3. What we have, works, but badly. It is a pain in the ass to connect two computers who are both behind NAT to connect. Ever tried to connect your 192.168.0.1 to my 192.168.0.1? You need a bunch of tricks to get it to work. The result is slow and error prone connections that sort of work.
4. IPv6 *is* simpler than IPv4. IPv6 was developed to address short comings in the IPv4 protocol. Please look up IPv4 and IPv6 on wikipedia and take a look at the header format. You'll notice that IPv4's protocol header looks cluttered and IPv6's protocol header look much simpler. Simpler is better, faster. Extending IPv4 would make it even more complicated and cluttered. Separating by nation defeats the purpose of internet, i.e. to connect everything with everything, regardless of location.
I use IMAP with the email client build into my Sony Ericsson K810i. It indeed keeps a connection open, but this doesn't cost anything, both in power and data traffic. You will get an immediate notification that you have a new mail and you can choose to download the whole message or just ignore it.
I don't see the point of download a Java client to do this except when you really love banners.
(Paris, because she is not on this page yet)
TC's tips are very useful and true, but I haven't seen the most obvious solution to this problem: turn on WPA encryption on your wireless router and use a decent password. On modern routers this is part of the default installation procedure. As far as I know, it's not possible to get into the router's admin page unless knowing the SSID/WPA password or being physically connection to it. Or am I missing something?