Are you serious? You do understand that all of those subjects have evolved extensively since the publication of those books. Reading Marx & Engels, Smith, and Darwin gives you a start, but you cannot possibly grasp the nuances of these systems without learning about Lenin, Trotsky, Keynes, Friedman, Mendel, Watson & Crick, etc.

Yes, editors do have power to introduce bias. But conscientious editors strive for objectivity. Furthermore, most textbooks involve some element of peer review where the editors invite colleagues to read and critique the material.

There simply is too much material on any one of these topics to read all of the original sources ever produced.

I disagree. I've installed 7 versions of Ubuntu now, and I've never had a problem. Everything worked right out of the box. Admittedly, I skipped Karmic because I had heard that there was a problem with the display driver for ThinkPads. If you think Ubuntu is a pain to install, try Gentoo. I never got that distro fully working.

More to the point, it's disingenuous to criticism Ubuntu as not ready for the normal consumer based on problems with the installation. I've done clean installs of Windows that led to headaches. It's always fun when the networking isn't working and the installer suggests downloading a driver (kind of hard to do since there is no network connection). Installing an OS is not a task that a normal consumer does.

Installing any version of any operating system can be a pain, depending on which particular hardware configuration you have.

You've obviously never heard of agricultural subsidies. The U.S. government pays $16 billion per year (a large chunk goes to corporations like Monsanto) to make food cheaper. So, no, the government's approach to food is not capitalist. They are helping you pay for it...just without your knowledge.

Or, by being such an egregious example, it will enable more subtle violations that seem mild in comparison.

While the spying issue is certainly central to this discussion, there's another aspect that I hope gets more notice in the legal fall-out of this case. Specifically, I'm concerned about the implications regarding due process. The student was apparently punished (though it is still not clear how), even though he had done nothing wrong (assuming the Mike & Ike's story holds water). If students are raised under the assumption that they are so powerless that they can be punished even when innocent, what are they going to think when they're grown? Even though courts have consistently limited the legal protections of minors and students in many cases, hopefully they do make it clear that a single photo taken out of context is clearly not adequate to use as grounds for discipline.

That's not true, because the school's policies did not require evidence that the laptop was stolen. For instance, officials were permitted to activate the system "to find missing, lost or stolen computers, which would include a loaner computer taken off campus against regulations." See here among other stories. I've seen multiple stories that indicate the system was activated 42 times, 18 of which did help to recover lost or stolen systems.

It's a bit more complicated than that. Whomever you pick to fire, you must make sure that it is justified. If you fire the official that took the picture, you need to find appropriate grounds to do so. Otherwise, they could (rightfully) claim that they violated no policy and were being made a scapegoat. Then you'd be looking at a wrongful termination lawsuit, and possibly paying lost wages. Similarly, the administrators can argue that the policy was put into place to protect assets owned by the school district. So if you want to fire someone, you had better be sure that you can justify it.

One aspect that I haven't seen clarified is whether or not the student was actually disciplined. If he was just confronted and presented with a warning, he is going to have a much more difficult time proving damages in a court. If he was suspended without due process and without proof of wrongdoing, then they're screwed. Either way, though, I would be surprised if this is allowed class action status.

As much as I value privacy, I think this story has become a bit sensationalized. Based on the numerous reports I've seen, I believe this is more an example of scope creep than anything nefarious. Basically, to paraphrase a common aphorism, if I must attribute either malice or incompetence, I go with the latter. The possibility of theft does provide a legitimate purpose for the ability to remotely activate the web cam. Where the school screwed up was that they did not have any precise controls over when and how this activation can occur. My guess (I fully admit I have no proof) is that the camera was activated according to district policy, then the official panicked because they thought they saw something. To make it worse for the official, the policy probably did not offer any guidance for what to do in that situation. What if they were trying to locate a stolen laptop and witnessed a rape or murder instead?

The problem comes down to the possibility of secondary use of technology. Whenever technology is deployed that has the potential of violating the privacy of others, the policy should explicitly state under what conditions the technology can be used, including a list of the situations that officials are allowed to document based on their observations. The policy should also default to complete destruction of observed data that does not match the intent of the policy. Hence, the school district should have made the following policy:

• Activation of the remote monitoring system will only be done after informing the student and parents in writing.
• Activation of the remote monitoring system will never occur unless there is documentation indicating a good faith belief that the laptop has been stolen or is missing.
• Data collected during activation will be restricted to the goal of recovering the lost or stolen laptop. The only exception to this rule would be if an operator, while attempting to recover a lost or stolen laptop, observes behavior that constitutes a felony; in such a case, the data will be handed over to the appropriate authorities. In all other cases, any data collected during activation will be immediately destroyed.

But, of course, I'm a researcher that specializes in security. I have quite a bit more expertise than these school administrators. And there are too many similar administrators out there that do not have a strong enough background in security and privacy to get these subtleties. Absent federal legislation governing secondary use of private data, I do not think this will be the last case that we will see like this.

Actually, I am in the city I was born in, and my answer is still more than 15,000.

And that's the problem. If academic recruiters placed less of an emphasis on GPA, the incentives to cheat would be greatly reduced. But given the large class sizes at universities (i.e., a lot of profs don't even know their students' names) and the large number of applications companies receive, recruiters need some sort of filter. It would be nice if they had the time or ability to perform some sort of an evaluation, but it doesn't seem to happen. In my experience, recruiters are more generally HR people and wouldn't have a clue what a B+ tree is used for.

This problem isn't going away, and the only solution that I can see is better policing by instructors.

The attack is interesting, but it's actually beyond the scope of what the TPM was designed to do. The TPM is primarily intended to provide three services: 1) hardware root of trust at boot, 2) fast and secure cryptographic operations (including key storage), and 3) remote attestation. This attack focuses on the second service, as it is designed to extract the cryptographic keys that are supposed to be stored securely. Yes, the attack succeeds and it's interesting, but a lot of people are missing the big picture.

TPMs were never designed to withstand this type of attack. With regard to "secure storage," the goal was to do something better than just storing your keys on an insecure device like a HD. The reason that this notion of security is good enough is that the TPM was also designed to be inexpensive. Would anyone buy a new desktop if the price suddenly jumped up to $10,000 for a Pentium? So the hardware protection is just supposed to provide a reasonable amount of assurance for the average user. If you're looking at highly sensitive environments (e.g., military), you shouldn't be using a TPM. There are cryptographic co-processors out there that have more robust protections against these types of attacks, but they cost a lot more.

I've seen this article in a few places (see also here) and discussed it with some colleagues (one of whom was a consultant on the design of the TPM). We had the same suspicions regarding whether or not it was an Infineon TPM or a clone.

Regarding the key question, I don't think he has actually been able to extract the endorsement key. I believe the attack is just about extracting keys generated and stored on the TPM. For instance, the CW article refers to the "licensing keys." My impression is that these are keys used by the software to ensure the XBox 360 hasn't been modded. I don't believe you would use the endorsement key in this instance. Unfortunately, none of the articles are clear on this point.

Did you read the article? The security of cryptography is based on the lack of an efficient algorithm to do things like factoring large numbers or computing discrete logarithms. This attack has nothing to do with any of that. It is about destroying the chip casing and eavesdropping on the circuitry of the hardware.

Um, no. TPMs are designed for three things: 1) establish a hardware root of trust for boot (i.e., make sure that you're actually booting your OS and not a rootkit first), 2) provide lightweight, secure and fast cryptographic operations (so you don't have to do something stupid like store a cryptographic key in plaintext on your HD), and 3) allow remote attestation of a computer's software stack (i.e., verifying the integrity of the OS and other pieces of software...very useful for distributed systems).

Yes, there are applications of TPMs for DRM, but that is a side effect and not a primary factor. Furthermore, in the case of general purpose computers (which does not include gaming platforms like the Xbox), the TPM best practices make it very clear that the TPM should only be activated with the user's explicit knowledge and consent. I.e., it is the owner of the hardware who decides if the TPM will be used, not the software vendors. Of course, hardware vendors are not obliged to follow the best practices, but that's not the fault of TCG.

Actually, no, that wasn't the key to my argument. The key point of my argument was that, by and large, the majority of patents granted (based on the several that I have examined in depth) are not for major, new inventions. Most patents awarded are for specific, minor things that have little value in and of themselves. As I said before, if your patent was for something truly novel and grandiose, and evil Company A stole your idea, then, yes you deserve to sue Company A into oblivion. But if your patented idea (which a bright Company A engineer thought of at the same time, but felt it was a trivial improvement) adds about a billionth of a cent to the value of a new car, here's $10, now go away.

Do you mean something like the ability to make an online purchase using only a single click? More likely than not, they made millions off their flagship product, and your invention added very little value. Is it really going to make a difference to Adobe whether or not they use some image manipulation filter that you thought up at the same time their designers did? Their millions resulted from the combination of brand recognition, ability to keep costs down by streamlining manufacturing, the development of a clever user interface, etc.

So, are you implying that you should somehow be compensated for failing in business? Look, if you invented something really amazing and non-obvious (e.g., arms that extended from my laptop to give me a shoulder massage while I worked...that would be cool...), then yes, you should get paid. But if you expect to live a life of luxury just because you thought it'd be a good idea if your car let out a beep as you approach a red light (and failed to build a business model around this idea), then you're exactly what's wrong with the system.

Except the hours and pay are both better.

Well, there's also the fact that 20-somethings just out of school work for about half the pay of a 40-year-old looking at how to pay for their kids' college tuition and put a little aside to retire before they hit 70.