Slashdot Mirror

Found a similar PDF from the US Department of Commerce, but from 2003: Dept. of Commerce: National Telecommunications and Information Administration: PDF: October 2003: US Frequency Allocations: The Radio Spectrum: Chart

Hope that helps.

PDF -- 2003 U.S. Frequency Allocation Chart http://www.ntia.doc.gov/files/ntia/publications/2003-allochrt.pdf

Anyone knowledgeable about the conflict is 2.5GHZ that led the US FCC to limit wifi from using channel 14 (2.484 GHz)?

According to the FCC spectrum chart the top of the 2.4 wifi band abuts the "Standard Frequency and Time Signal" Band at 2.5 GHz. What is that used for?

You're a factor of 1000 too high for WWV.

The problem with channel 14 is if it were used it would pretty much wipe out the BRS/MMDS service right above the wifi band.

http://en.wikipedia.org/wiki/Multichannel_Multipoint_Distribution_Service

MMDS never really went anywhere, which is a shame. For at least 30 years some areas have had some MMDS gear; my local school district linked the schools together in the 80s. Back when a decent pro-grade VCR cost $2500 a $1000 MMDS link between schools to share the VCR sounds like a good idea.

You'd be crazy to set up a MMDS system now, with the wifi wanna be hackers trying to use channel 14 to get away from the noise and some microwave oven interference. So that chunk of bandwidth is kind of a wasteland that no one can use, more or less.

Advanced AV stuff like that was kind of the "ipad of the 80s" where merely spending dough on silicon would magically make the kids smarter, or something.

Anyone knowledgeable about the conflict is 2.5GHZ that led the US FCC to limit wifi from using channel 14 (2.484 GHz)?

According to the FCC spectrum chart the top of the 2.4 wifi band abuts the "Standard Frequency and Time Signal" Band at 2.5 GHz. What is that used for?

Let me Google that for you

Anyone knowledgeable about the conflict is 2.5GHZ that led the US FCC to limit wifi from using channel 14 (2.484 GHz)?

According to the FCC spectrum chart the top of the 2.4 wifi band abuts the "Standard Frequency and Time Signal" Band at 2.5 GHz. What is that used for?

code not suitable for export to countries such as Iran according to US foreign policy rules

I don't think Britain falls under the description, "such as Iran". Any export is controlled by US foreign policy rules, silly.

I think "countries such as Iran" alluded to license exception TSU. This exception applies to exports of publicly available cryptographic source code (or binaries built from such source code) and has two caveats. First, it applies only to countries other than Country Group E:1 (Cuba, Iran, DPRK, etc.), which could be construed as requiring IP address geolocation. Second, the publisher has to advertise each project to the U.S. government. Some people may have objected to this notification requirement.

code not suitable for export to countries such as Iran according to US foreign policy rules

I don't think Britain falls under the description, "such as Iran". Any export is controlled by US foreign policy rules, silly.

I think "countries such as Iran" alluded to license exception TSU. This exception applies to exports of publicly available cryptographic source code (or binaries built from such source code) and has two caveats. First, it applies only to countries other than Country Group E:1 (Cuba, Iran, DPRK, etc.), which could be construed as requiring IP address geolocation. Second, the publisher has to advertise each project to the U.S. government. Some people may have objected to this notification requirement.

"Remote Garage Door Openers"
These work in the 300 - 400 Mhz range (good for building penetration), but are always used at relatively short range. Surely we could assign these systems a frequency in a less "desirable" band and get over the issue of building penetration by merely boosting the power of the transmitters.
There's a useful chart of US radio frequencies at the Department of Commerce NAtional Telecommunications and Information Administration Office of Spectrum Management (.pdf)

Overall infrastructure cost of the broadband system: $34,157,255, which includes (a) $5,825,811.76 for the 75-mile Phase 1 middle-mile fiber backbone extension; (b) $16,814,342.67 for the 283-mile Phase 2 last-mile fiber network; and (c) $11,517,100.76 for the 207-mile Phase 3 last mile fiber network. j

That's $9,594 per site. (3,200 homes, 360 businesses). If it cost $100 per site it will take 8 years to pay off the infrastructure, not including any additional expenditures (or overruns). That doesn't include operation, maintenance, upgrades, repairs - nothing, that's just deployment cost. That also doesn't include upstream bandwidth to the Internet. This also doesn't say anything about the cost of connecting from the street to the home, which will easily run into the thousand(s) of dollars per node. This was paid for from tax dollars from highly populated areas redistributed for projects in rural areas.

Bottom line is - If you want to open a business to break even in about 20 years, be my guest. The only reason this is happening is because of the ARRA:

Construction of the PUD’s fiber optic system in the southern portion of Pend Oreille County will begin in early June. Initially, PUD customers can expect to see contractor and subcontractor crews working in multiple areas south of Newport. Tetra Tech Construction Services is the general contractor hired for the construction of the fiber optic system. Mountain Power Construction is the general contractor hired to perform the power “make-ready” work on the PUD’s existing overhead lines. Both contractors will also have subcontractors, such as tree trimmers, working on their projects. Contractor trucks will display the PUD and the American Recovery Reinvestment Act Broadband USA signs.

You're welcome. Believe me when I say the tax dollars from the county (13,000 people) wouldn't even come CLOSE to funding something like this.

During the Clinton years the Secretary of Commerce forced some companies to sell software to Libya...

No linky? That sounds like an interesting story.. I mean, it's true that boycotting Israel is illegal, but this one I never heard

Not really. Each of those years more and more people found enough reasons to justify the ever decreasing cost of buying a computer.

No... really... in fact, specifically.

15 years to reach 20% penetration? I hope electric car adoption comes quicker.

http://www.ntia.doc.gov/ntiahome/fttn99/App_III/Chart-A-8.html

-AI

ICANN has really dropped the ball on new TLDs. Folks like Tim Berners-Lee were explicitly against new top level domains. The W3 even wrote a position paper New Top Level Domains Considered Harmful. They used the examples of .xxx and .mobi, but the reasoning applied to all new TLDs.

ICANN hand-picked economists to examine the costs and benefits, and their own experts could not come up with anything close to definitive as to whether the benefits exceeded the costs. ICANN is supposed to act in the public interest, and only approve policies where the net benefit (i.e. benefits MINUS costs) are positive. ICANN doesn't even know the *sign* (i.e. positive or negative) of this policy change's impact, let alone know the magnitude. Their pathetic reports didn't even attempt to put a monetary figure on the costs vs. the benefits, i.e. are we talking about millions of dollars of benefits, billions, etc? However, many individuals and companies commented in each of the relevant comment periods pointing out how there would be grave consequences, as there would be huge costs associated with such a change. As is typical, ICANN ignored these concerns, attempting to win a war of attrition, to "tire out" opponents.

Fortunately, the US Department of Commerce / NTIA may not renew its contract with ICANN. There is a pending Notice of Inquiry regarding the renewal. I would encourage people to send comments, to voice their concerns about the bad policymaking from ICANN.

ICANN is also about to renew the .NET agreement with VeriSign despite numerous comments in opposition. VeriSign will be allowed to continue to raise prices by 10% per year, despite falling technology costs, and without facing a competitive tender process (which would certainly result in much lower prices for consumers). The US Department of Justice should investigate both ICANN and VeriSign for anti-trust violations, as consumers are being harmed by these no-bid contracts. Toll-free numbers costs less than $1.50 per year at the wholesale level, yet .com/net/org fees are above $7/yr, due to lack of regular competitive tender processes.

Why has ICANN been consistently making decisions against the public interest? The reason is obvious -- it has been captured by the registries and registrars, who only care about selling more and more domain names, even if they are not needed (i.e. "defensive registrations"). They don't care about confusing users or making it harder to navigate the internet.

"I've read elsewhere that it's already below 50% on weekends"

That disparity is because China and Korea heavily use IE 6 and 7 which skew the numbers higher for IE. In North America IE had less than 50% marketshare for awhile. It is even lower in Europe.

Most machines in China are pirated and therefore do not get Windows Updates which mean they use IE. Korea is IE because all banks and e-commerce sites force users to use activeX controls due to the lack of SSL thanks to US export controls with encryption.

(1) Firefox supports SSL. (2) The U.S. no longer has export controls upon COTS (commercial, off-the-shelf) applications. If it's sold or given away publicly it's not export controlled. This has been the case for at least four or five years. See the government's rule page at http://www.bis.doc.gov/encryption/question1.htm for more details.

I think it's high time we think about extending the 2nd amendment (Right to bear arms), to include technology.

I know they're not busting in to raid a Bitcoin factory, but that doesn't mean they wont in the future.

I'm a coder, and occasionally I write ciphers. Lately I wrote a block cipher system that takes any hash algo, data stream, and a pass-phrase, and produces encrypted output via a type of Cipher Block Chaining on hash-length sized blocks (MD5=160bit, SHA1=256bit, SHA512=512bit encryption, and beyond; Bonus, any new hash comes out, implement it and bingo, stronger encryption).

I came very close to being in violation of federal law when I posted my program on my blog. Fortunately a friend told me that my program was considered extremely dangerous to the government, and that if anyone outside of the US downloaded it, I could be heavily fined and/or jailed. I immediately removed the code, and checked the server logs; Fortunately only my friend had downloaded it.

I didn't know that all strong encryption ciphers have to be registered with the US government (like firearms!? -- Strength at or above 64bit symmetric or 768 asymmetric, or 128 for elliptic curve), and that export of software that can perform encryption must be approved by the government before you put it online, or else it could be considered trafficking illegal controlled software.

I was told by some that if your code was open source, you could just fill out a form, and you were pre-approved, but I don't think that's the case anymore.

I've been tinkering with ciphers since I was 10 -- I don't think anyone outside the US got a hold of my tinker-code, but who knows? We swapped code at HAL-PC SIG's all the time...

With today's government's lack of respect for our freedoms and esp. digital privacy, I think it's time we added the right to bear technology & math, esp. cryptography to the Bill of Rights.

Hey, If I can be prosecuted for distributing my ciphers under the "munitions export restrictions" laws, then does that mean I already can assert my 2nd amendment privileges to USE MY PC TO TWIDDLE BITS? Does freedom of speech (1st amendment) not give me the right to post some byte-code hex to my blog? (Looks like it's illegal to sell your Beowulf Cluster on Ebay too.)

I think it's high time we think about extending the 2nd amendment (Right to bear arms), to include technology.

I know they're not busting in to raid a Bitcoin factory, but that doesn't mean they wont in the future.

I'm a coder, and occasionally I write ciphers. Lately I wrote a block cipher system that takes any hash algo, data stream, and a pass-phrase, and produces encrypted output via a type of Cipher Block Chaining on hash-length sized blocks (MD5=160bit, SHA1=256bit, SHA512=512bit encryption, and beyond; Bonus, any new hash comes out, implement it and bingo, stronger encryption).

I came very close to being in violation of federal law when I posted my program on my blog. Fortunately a friend told me that my program was considered extremely dangerous to the government, and that if anyone outside of the US downloaded it, I could be heavily fined and/or jailed. I immediately removed the code, and checked the server logs; Fortunately only my friend had downloaded it.

I didn't know that all strong encryption ciphers have to be registered with the US government (like firearms!? -- Strength at or above 64bit symmetric or 768 asymmetric, or 128 for elliptic curve), and that export of software that can perform encryption must be approved by the government before you put it online, or else it could be considered trafficking illegal controlled software.

I was told by some that if your code was open source, you could just fill out a form, and you were pre-approved, but I don't think that's the case anymore.

I've been tinkering with ciphers since I was 10 -- I don't think anyone outside the US got a hold of my tinker-code, but who knows? We swapped code at HAL-PC SIG's all the time...

With today's government's lack of respect for our freedoms and esp. digital privacy, I think it's time we added the right to bear technology & math, esp. cryptography to the Bill of Rights.

Hey, If I can be prosecuted for distributing my ciphers under the "munitions export restrictions" laws, then does that mean I already can assert my 2nd amendment privileges to USE MY PC TO TWIDDLE BITS? Does freedom of speech (1st amendment) not give me the right to post some byte-code hex to my blog? (Looks like it's illegal to sell your Beowulf Cluster on Ebay too.)

I think it's high time we think about extending the 2nd amendment (Right to bear arms), to include technology.

I know they're not busting in to raid a Bitcoin factory, but that doesn't mean they wont in the future.

I'm a coder, and occasionally I write ciphers. Lately I wrote a block cipher system that takes any hash algo, data stream, and a pass-phrase, and produces encrypted output via a type of Cipher Block Chaining on hash-length sized blocks (MD5=160bit, SHA1=256bit, SHA512=512bit encryption, and beyond; Bonus, any new hash comes out, implement it and bingo, stronger encryption).

I came very close to being in violation of federal law when I posted my program on my blog. Fortunately a friend told me that my program was considered extremely dangerous to the government, and that if anyone outside of the US downloaded it, I could be heavily fined and/or jailed. I immediately removed the code, and checked the server logs; Fortunately only my friend had downloaded it.

I didn't know that all strong encryption ciphers have to be registered with the US government (like firearms!? -- Strength at or above 64bit symmetric or 768 asymmetric, or 128 for elliptic curve), and that export of software that can perform encryption must be approved by the government before you put it online, or else it could be considered trafficking illegal controlled software.

I was told by some that if your code was open source, you could just fill out a form, and you were pre-approved, but I don't think that's the case anymore.

I've been tinkering with ciphers since I was 10 -- I don't think anyone outside the US got a hold of my tinker-code, but who knows? We swapped code at HAL-PC SIG's all the time...

With today's government's lack of respect for our freedoms and esp. digital privacy, I think it's time we added the right to bear technology & math, esp. cryptography to the Bill of Rights.

Hey, If I can be prosecuted for distributing my ciphers under the "munitions export restrictions" laws, then does that mean I already can assert my 2nd amendment privileges to USE MY PC TO TWIDDLE BITS? Does freedom of speech (1st amendment) not give me the right to post some byte-code hex to my blog? (Looks like it's illegal to sell your Beowulf Cluster on Ebay too.)

Government agencies are not beholden to the FCC - that's for us peons. They have the NTIA, which does essentially the same thing as the FCC, but for the federales. In the rest of the world, 433MHz is an ISM band. Here in the US we see importers trying to get the FCC to allow those ISM devices into the US - no thanks! They will crush the Amateur 70cm band.

That frequency is smack-dab in the middle of an Amateur Radio band (secondary allocation), and is also used by the feds for 'radiolocation'. See page 491 of this PDF for the allocations. Also look at the footnotes - the interesting one is G8 - "Low power Federal radio control operations are permitted in the band 420–450 MHz."

I'm curious about the actual operation of this device - since the 433 MHz transmitter is low power, There are three choices I can think of:

1) The device transmits blindly and there a network of receivers/repeaters deployed that we the people don't know about.
2) The unit is interrogated individually for a data dump. This implies that an FBI agent has to be relatively close to the car to read the data.
3) The device only listens on 433 MHz for commands to turn on/off logging, and the data dump is done on retrieval of the device.

Ideas?

An offer from Israel is an offer no company can refuse. It is illegal to say no. Howdya like that??

If you're providing "publicly available source code" (as Firefox is, and Microsoft isn't), the export controls almost melt away. You have to send in a notification, but no review is required.

Microsoft, on the other hand, doesn't have it quite so easy, but I'm sure that their reviews get expedited, so I seriously doubt that EAR/ITAR plays any role in this.

A very good point that will be lost in the noise. Don't we have laws similar to this for child labor, sweat shops, harboring terrorists etc? If it forces the big boys to play by the same rules as everybody else, then it's a good thing.

And conversely, the government made illegal for companies to boycott Israel (don't know what that means for Israeli software pirates), so what the hell, go for it..

There were restrictions against export of cryptography, but they're largely gone.

The complete removal of those restrictions is fairly recent, but they were relaxed significantly before then.

True, but a wheelchair is a closed system. It doesn't require external I/O to function. Ports for charging the battery or downloading software updates (if it's a really fancy chair) can have shielded covers.

I know people who have done electromagnetic compatibility work. It's a specialization. It is *not* easy, especially in a signal rich environment like an aircraft. It takes a lot of work to keep a plane's systems from interfering with *themselves*. I hear it can be quite maddening at times, especially when they update older aircraft with systems that didn't exist when the plane was originally designed.

In any event, how is it that airplanes are not affected by things like tv broadcasts, amateur radio, satellites, etc. which are blasting radiowaves at similar frequencies (see: http://www.ntia.doc.gov/osmhome/allochrt.pdf)?

Those are known threats, I would guess. Wi-fi is still relatively new. Hey, so far there seems to only be this one example, but flight is a hypercautious industry. Personally, even if I'm flying for work, I see the flight as a time to relax. I never got these guys feverishly working away on their laptop throughout the flight.

Climate Audit is hardly accurately representing the situation itself (scientists conference call with attorney, misremember who actually gave what advice, are corrected by same attorney). The earth-shattering, agency-destroying advice of the report is:

"Given that federal agencies are legally obligated to publicly disclose records under FOIA, we recommend that NOAA carry out a proper search for the records sought in these FOIA requests and, as appropriate, reassess its response. Additionally, given the issues we identified in NOAA's handling ofthese particular FOIA requests, NOAA should consider whether these issues warrant an overall assessment ofthe sufficiency of its FOIA process.".

I'll just leave this here.

I believe that Haystack's encryption was proprietary. That usually = bad. Redphone's encryption uses SRTP which uses AES by default http://en.wikipedia.org/wiki/Secure_Real-time_Transport_Protocol. They claim they will have the source code up on their site soon. I wonder if the int'l will be the same as the usa only version. Exporting non-military encryption from the USA: http://www.bis.doc.gov/encryption/enc_faqs.htm

In the US, export control is regulated by the Bureau of Industry and Security, a division of the Department of Commerce. The list of controlled technologies is here; see the relevant "Category" at the bottom of the page.

Note that "export" has a specific definition that includes "technology", and one may violate these regulations by merely telling a foreign national of the "wrong" country about a controlled technology, even if both of you are inside the US: Actual transport of a physical object across a national border is not required to violate these regulations.

original manufacturer gets screwed over because the junk products are being sold on the market with their company name attached to it.

Which is different from this Slashdot story, where they are trying to sell stuff with Chinese company names attached to it, and claim they have paid up for the IP.

And come on, who really thought that China was willing to spend lots of money just to "build a railway between a few locations", especially when the contract has "technology transfer" written in it.

For some perspective from "the other side":
http://www.npr.org/2010/11/22/131520776/china-s-technology-transfer-draws-ire

Mr. SHIROUZU: Well, starting in 2004, four foreign companies - Siemens of Germany, Alstom of France, Bombardier of Canada and Kawasaki of Japan - they agreed with China to transfer technology so that China can come up with the high speed trains. China spent money for that. In Kawasaki's case, China spent close to $760 million to come up with a train that goes as fast as 155 miles per hour.

And over the last five to six years, China's train companies learn quickly, enough so that they started adding technology, innovation to the original technology. And they believe they've done enough re-innovating that trains that they came up with are their own technology.

BLOCK: You talk in one of your reports for the journal with folks at one of China's high speed rail companies, CSR, and a spokesman says, look, this is nothing like Kawasaki's bullet train. He has this great quote, we attained our achievements in high speed train technology by standing on the shoulders of past pioneers.

Mr. SHIROUZU: Yes. That's what they say. They don't deny the fact that their latest trains are based on foreign technology. They don't deny that. Foreign companies are saying that you haven't made enough additional innovation. There's no way you can call this your own technology.

But, China says, no, no, no. You know, we made enough additional innovation that we're calling these trains the result of our effort. So they feel that they can export these trains to places like U.S., Brazil, Russia maybe, and foreign companies feel that that is in violation of their contract.

So looks like a contract dispute to me. If the foreign companies made mistakes in "legal" in their haste to seal the deal or "gain a foothold", then too bad so sad.

Everyone with a clue already knew what China wanted. It's been known for years what's going on, see what the US Bureau of Industry and Security says:
http://www.bis.doc.gov/defenseindustrialbaseprograms/osies/defmarketresearchrpts/techtransfer2prc.html

Most US and other foreign investors in China thus far seem willing to pay the price of technology transfers - even "state-of-the-art technologies - in order to "gain a foothold" or to "establish a beachhead" in China with the expectation that the country's enormous market potential eventually will be realized. A primary motivation for investing in China at this time and despite the difficulties and risks involved, is in order to beat foreign and domestic competitors to the China market.
Numerous US high-tech firms have agreed to commercial offset or technology transfer agreements in exchange for joint ventures and limited market access in China. An increasingly frequent type of commercial offset is the establishment of a training or R&D center, institute, or lab, typically with one of China's premier universities or research institutes located in Beijing or Shanghai.

If you play with fire don't act surprised if you get burned.

While there was a case a few years back where someone was dipping into customer deposit accounts, I've never heard any reports of examiners being on-the-take to process an application in a certain way. If you've heard something different, feel free to enlighten us.

There is something called a "petition to make special", which in some cases requires a fee, but this is specifically authorized by regulations.

In fact, there are various mechanisms (performance metrics and docketing, both for examiners and their supervisors) which discourage or prevent working on applications out of turn. Examiners do have some flexibility for managing their dockets, but the general push is to work on the earliest-filed applications first.

Because, while the U.S. has not ratified any international treaties requiring the recognition and enfocement of foreign judgments, U.S. courts are frequently willing to enforce foreign judgments. A good example of the legal reasoning that allows this to happen is summarized here, although that case involved a U.S. judgment against a foreign national, rather than the reverse situation addressed by the SPEECH act.

The U.S. OSEC has posted a brief summary of the issue here.

Most people do not know it, but the United States has traditionally exerted strong controls over what may leave the country. Starting with prohibiting exports of long pine logs useable for masts and spars for the superweapons of 1790.

The laws are very complex, you can get a start here.

US law is exactly as many complain: very intrusive, overreaching and extraterritorial. It can be a violation to allow people (even US citizens) born in different places to even _see_ certain technologies [deemed export]. It can be a violation for people who have zero connection with the US sitting in other countries (Nokia in Finland) to export technology to third countries [Iran] if that technology has US origin.

If you do not like it, write your congresscritters. The diplomats have tried, believe me. The real problem with such onerous laws is selective, politically motivated enforcement. Beyond prior restraint and perverse incentives, this empowers and corrupts public officials.

I don't know what specifically the GP was referring to, but if you check out this graph, you will see that US exports aren't really as bad as you would think listening to some of the scaremongers. Most of the exports are industrial items, not cheap consumer goods that you purchase and use on a regular basis, which is why you feel a disconnect. But as you can see, anyone who says, "America doesn't manufacture anything" is making it up and hasn't actually looked at the numbers.

Using the same data, it's interesting to take a look at the ratio of exported to imported goods since 1960:

  Year | exprt | import | exports/imports
  1960 | _19.7 | __14.8 | 133%
  1970 | _42.5 | __39.9 | 107%
  1980 | 224.3 | _249.8 | 90%
  1990 | 389.3 | _498.3 | 78%
  2000 | 718.7 | 1145.9 | 63%
  2004 | 807.6 | 1473.8 | 55%

  (amounts are in billions of dollars)

DNSSEC Cache Poisoning has been confirmed just as I described. Note that many people are now advising to turn off DNSSEC validation.

    Most officially, I discussed it in my DNSSEC NTIA comments:
    http://www.ntia.doc.gov/dns/comments/comment027.pdf
    in the section on Cache Poisoning. Notably, Vixie et al disputed
    this when discussed on DNSOP and namedroppers. Guess they were wrong
    again.

    If you want to engage in honest uncensored discussion of DNS issues,
    subscribe to dnsop-honest or namedroppers-honest through the interface
    at lists.iadl.org

    [*] See DNSSEC cache poisoning links contained in
http://lists.iadl.org/pipermail/namedroppers-honest/2010-January/000074.html
    The IETF has known of these problems for a long time, and silenced me
    to keep these problems quiet.

Vixie and the IETF have known about the DNSSEC Cache Poisoning problem
and other DNSSEC problems for a number of years, but they have covered
it up by threatening and silencing critics. Inquiry reveals that DNSSEC
is a scam that threatens the stability of the Internet.

Please be sure to credit me with discovering the DNSSEC flaws. And
please forward this message widely.

It's much easier to distribute open source crypto software than closed source in the U.S. You just have to send a couple of emails. Closed source crypto requires jumping through many hoops, and is much closer to "harassment".

The two options given in the SourceForge.net project settings are:

1. This project does NOT incorporate, access, call upon, or otherwise use encryption of any kind, including, but not limited to, open source algorithms and/or calls to encryption in the operating system or underlying platform.

2. This project DOES incorporate, access, call upon or otherwise use encryption. Posting of open source encryption is controlled under U.S. Export Control Classification Number "ECCN" 5D002 and must be simultaneously reported by email to the U.S. government. You are responsible for submitting this email report to the U.S. government in accordance with procedures described in: http://www.bis.doc.gov/encryption/PubAvailEncSourceCodeNotify.html and Section 740.13(e) of the Export Administration Regulations ("EAR") 15 C.F.R. Parts 730-772.

The 2nd option is the default and what all projects are currently set to.

In order to select the first, you can't be using any kind of encryption at all. Our project, PortableApps.com, isn't really about encryption, it's about taking your favorite software with you on a flash drive wherever you go. But we do bundle a number of open source apps that use encryption including Firefox, Thunderbird, Sunbird, Songbird, FileZilla, KeePass, Toucan, KompoZer, 7-Zip, Miranda IM, Pidgin, PuTTY, SeaMonkey, WinSCP, WinWGet, OpenOffice.org, PDFTK Builder, PNotes and PeaZip. That means we need to keep the 2nd option selected and those countries remain blocked.

In reality that means pretty much every project on source forge that is or includes a web browser, ftp client, email client, scp client, im client, archive tool, etc will have to keep the 2nd option selected and remain blocked as well.

The choices are

1) This project does NOT incorporate, access, call upon, or otherwise use encryption of any kind, including, but not limited to, open source algorithms and/or calls to encryption in the operating system or underlying platform.

and

2) This project DOES incorporate, access, call upon or otherwise use encryption. Posting of open source encryption is controlled under U.S. Export Control Classification Number "ECCN" 5D002 and must be simultaneously reported by email to the U.S. government. You are responsible for submitting this email report to the U.S. government in accordance with procedures described in: http://www.bis.doc.gov/encryption/PubAvailEncSourceCodeNotify.html and Section 740.13(e) of the Export Administration Regulations ("EAR") 15 C.F.R. Parts 730-772.

My project FileUniq is plain python, and executes a call to "md5" in order to get a hash. Obtaining a python library that provides the md5 function is not even described in the documentation, but I definitely do make a call to encryption in the underlying platform. However, I firmly believe that the U.S. Bureau of Industry and Security will not appreciate my TSU notification.

Maybe Sourceforge actually wants to overwhelm the BIS with useless submissions?

It's technically illegal, but the likelihood of being caught is pretty much nil. I've still never found an explanation for what this frequency is used for in the US, if anything.

According to (PDF warning) http://www.ntia.doc.gov/osmhome/allochrt.PDF
3rd line from the bottom with the end label '300ghz', with the top label of 2483.5 - 2500 (it is listed as mhz)

2.484ghz (what channel 14 centers on) is allocated in the USA to two things: Mobile satellites, and "Radiodetermination satellite"

The color code indicates "Government / Non-government shared"

My guess is the mobile satellite is the non-government bit, and the radio determination satellite is the government controlled part.
That last piece appears (from a very hasty google) to be a precursor to GPS, as its function is to use multiple geostationary satellites to locate your position.

So short of GPS going down and people actually bringing up older positioning hardware, or that mobile company noticing your noise, the odds as you say are nill of being caught.

You'd still have a lot of overlap with people running on channel 11

The channel overlap is only in 2 channels in each direction.

So channel 11 only overlaps with 9,10,(11),12,and 13.
(I only include 11 in the list to illustrate the two channels in each direction aspect)

This means 11 does not overlap with any channel below 9, nor any channel above 13.
14 is fortunately above 13!

Technically however, 14 is special. It isn't allocated in the same way, and is a little bit higher in the frequency range than all the others. What that means is while all the other channels are 22mhz wide, and roughly 22mhz apart, channel 14 is more than 22mhz away from the next lowest channel, thus the no overlap.

I'm pretty sure 14 will only overlap with 13 and only partially then.
And then anything higher than 14 by much is outside of the 2.4ghz band, passing 2.5xx at that point.

Also on the illegal part. According to (PDF warning) http://www.ntia.doc.gov/osmhome/allochrt.PDF
2.484ghz (what channel 14 centers on) is allocated in the USA to two things: Mobile satellites, and "Radiodetermination satellite" whatever that one is.
So in other words, you need to be noticed as a source of interference by one of those two usages.

The alternative is to end up like Prof. John Ross of the University of Tennessee, convicted of export control violations and sentenced to 4 years in prison -- at the age of 72.

What few in the US recognize is that the rules are even more stringent than indicated by SourceForge. To be convicted of an export violation, one needs merely to discuss a controlled technology with a foreign national on one of the lists -- which means, in addition to many other individuals, entities, and countries, any citizen of China or Iran. Sending anything overseas is unnecessary to violate the law -- merely speaking to a group containing one such person in the audience (like at a private industry consortium meeting) is all that is needed. And the list of controlled technologies is incredibly long: See the Commerce Control List, especially Category 3 - Electronics, Category 4 - Computers, Category 5 (Part 1) - Telecommunications, Category 5 (Part 2) - Information Security, and Supplement No. 2 to Part 774 - General Technology and Software Notes.

You're leaving out a major stipulation of the FCC's ruling: whitespace devices must listen before transmitting, not just query the database.

You're right, but I was trying not to complicate the argument. Consider the situation, though: The farmer needs a tall tower (30m is not unusual), a high-gain (10-15 dB), directional antenna, plus a low-noise, high-gain mast-mounted preamplifier to watch his television. What are the odds that the sensing system associated with a secondary user also will be able to detect the television station? (Hint: Substantially zero, since it is not economically feasible to sell the associated tower with every secondary use product, even if it could constantly rotate its directional antenna.) The television user's receiving system is far more sensitive than a secondary user's sensing system could possibly be.

If the above weren't bad enough, add in the fact that the co-channel rejection ratio of ATSC digital television is specified at 15.5 dB desired/undesired, meaning that any co-channel interference must be at least 15.5 dB weaker than the desired ATSC signal if the television signal is to be received correctly. This requires the secondary user to be able to detect (but not necessarily decode) the ATSC signal at a level 15.5 dB below that of the television receiving system. These two requirements almost guarantee that there will be unhappy rural television viewers.

There's plenty of truly empty spectrum to use first.

Keep in mind that the spectrum database defines empty spectrum, as far as the secondary user is concerned. He send in a request, and gets a go / no go reply. He has no idea whether the requested spectrum is "truly empty" or not. And if you examine television channel occupancy in the US, I think you'll find that all available channels are occupied by television stations, since they were incredibly profitable for many decades. Considering fringe signals, not just licensed coverage areas, every channel is either occupied, or its adjacent or image channel is occupied. The White Space concept counts on using these fringe areas -- that's the whole idea.

More likely, considering said whitespace device is probably providing him Internet service, he'll turn the TV off and get his TV program through his Internet-providing whitespace device

How many people watching "American Idol" on their home television systems, for which they've paid thousands of dollars (towers, antennas, and large screens aren't cheap), are going to say, "yeah, you're right -- I should just forget that and buy that new White Space Internet service instead"? Especially when they're likely to learn of the Internet service from their TV repairman, called out to fix the interference problem that suddenly started on the first of the month? What if the situation were reversed, and someone took your Internet connection away and, when you complained, told you to watch television, instead? I'm betting you'd be just as ticked.

Re: the wireless mics, you're missing the point. In ENG, they're largely used by the talent to do voice-overs, usually live. The problem isn't whether they're going to cause interference (they're already licensed for operation on television channels, and have been for years), the problem is how to protect them from interference caused by new White Space devices. (Which you want to do: I don't know a faster way to kill a new technology than to turn the media against it.)

When one actually does the engineering of the system, it turns out to be substantially impossible to detect wireless mics at levels required to provide them protection: The transmitting antennas are low (often worn on the belt) and not very efficient, and the transmit power is low, while the receiving antennas are often placed high on the ENG truck's mast, and the receivers are r

Most of the posts here and on Charlie's blog (http://www.antipope.org/charlie/blog-static/2009/12/21st_century_phone.html) seem to support the original assertion made by Charlie.

"They [Google] intend to turn 3G data service (and subsequently, LTE) into a commodity, like wifi hotspot service only more widespread and cheaper to get at. They want to get consumers to buy unlocked SIM-free handsets and pick cheap data SIMs. They'd love to move everyone to cheap data SIMs rather than the hideously convoluted legacy voice stacks maintained by the telcos; then they could piggyback Google Voice on it, and ultimately do the Google thing to all your voice messages as well as your email and web access."

Tom in comment 37 (Charlie's Blog) makes an economic case to support Charlie's assertion:

"Information is different as a commodity. Sending 1 bit basically has no direct cost associated to it. Nearly everything stems back to the infrastructure costs. Operating costs are pretty minor in comparison. As such, whenever you have a situation where your pricing is primarily based upon fixed costs and amortization of infrastructure capital costs, with no real per unit marginal cost, the price invariably ends up plummeting as performance per price of technology increases, service offerings become standardized, and it results into a race to the bottom."

I do not believe Google will succeed in turning the mobile network operators (MNOs) into cheap data providers by driving the MNOs to commoditization. The service provide by the MNOs is not bits through the air "with no real per unit marginal cost." The core service provided by the MNOs is access to the mobile spectrum. This core service will become more valuable over time and combined with additional services (voice, Internet, video on demand, mobile banking, financial transactions, identity transactions, new advertising models, etc.) will insure the long term success of the MNOs.

Either directly through partnerships or indirectly through data charges, the MNOs will participate in all revenues that flow through their networks.

There is a key insight missed by Charlie and others who have posted on this topic: Unlike cable and fiber which in theory could be laid in infinite amounts, spectrum bandwidth is a finite resource and the dominant MNOs have already been awarded incredibly valuable allocations.

An idea of the complexities of frequency allocation can be gained by viewing frequency allocation charts:

U.S. Frequency Allocations
http://www.ntia.doc.gov/osmhome/allochrt.PDF

U.K Frequency Alocations
http://www.onlineconversion.com/downloads/uk_frequency_allocations_chart.pdf

Additionally, several of the posts here and on Charlie's blog make the mistake of equating higher throughput with greater bandwidth. While each generation of mobile technology has increased throughput, bandwidth (the usable spectrum range) remains a finite and very valuable resource which is leased primarily by the dominant MNOs.

In the United States, bandwidth is usually allocated through a government (FCC) auction process. As more bandwidth is dedicated ("unleashed") for mobile use, the dominant MNOs are in the best position to win the auctions. This is exactly what happened in the 700 MHz auctions held in 2008 (http://en.wikipedia.org/wiki/United_States_2008_wireless_spectrum_auction)

Even with improvements in throughput, consumer demands for new services on intelligent mobile devices will eventually push the limits of allocated bandwidth. What this means is the dominant MNOs have a resource (spectrum allocation) that will become even more valuable over time. What this also means is that consumers will be charged based on their data usage.

I can tell you...that if this money is appropriated as Contracts & Grants monies or "Sponsored Research"...then there is A LOT of accounting going on

And people go to prison for abusing it.... "On October 20, 2008, the former grantee was sentenced to 15 months imprisonment and 3 years probation for violating 18 USC 666, which covers theft or bribery concerning federally funded programs."

Huh? I mean seriously what are these Mozilla people talking about?

Open source projects have been exempted by the US from crypto export restrictions for years.

See this page:
http://www.bis.doc.gov/encryption/pubavailencsourcecodenofify.html

The only thing an open source admin needs to do is to notify the authorities of the fact that he is making it available for download. That's it.

I wonder how good the Mozilla lawyers really are...

See http://www.bis.doc.gov/licensing/exportingbasics.htm

As usual, the Chinese are stealing ideas from us (government interference in free enterprise, that is).

My understanding was that this was about when someone goes through Customs. That happens when you arrive in the country, not when you are getting on a flight.

It does, except when you come from Canada, where there's pre-flight customs clearance. And according to http://tinet.ita.doc.gov/view/m-2008-I-001/documents%5Ctop_20_countries.xls Canada is the top country of origin when flying into the US, so it affects a large number of people.

-Malloc

For starters, the good professor is an idiot. He has worked on DoD contracts, and either knew or should have known that from the moment he started developing on the DoD's dime, any technology he dealt in not already a standard part of a BSEE/CS/Chem/Physics degree program in the US was going to be suspect under ITAR.

In addition, the import and export of any commercial item is subject to review under the Export Administration Regulations of the DoC. And, as Dr. Roth is being reminded the hard way, "export" can occur the moment a foreign national or domestic agent of a foreign nation groks your IP.

You may not agree with the law as it stands, but the Federal Government is on very strong Constitutional ground with respect to whatever border controls it chooses to enact. So, your options are: 1) follow the laws, 2) not follow the laws, and/or 3) bug your representatives to change the law. You can select (2), and many do, but it's kind of like not paying your income taxes for a few years: it sucks big time when you get caught.

The "Kaminsky bug" is a hoax. Kaminsky didn't discover anything. The only thing that Kaminsky can put his name on is the hoax. In my NTIA comments
http://www.ntia.doc.gov/dns/comments/comment027.pdf I traced down everything Kaminsky claimed to have discovered to find the true author.

There are no (or rare) "Kaminsky exploits" in the wild. All servers but BIND have implmented UDP port randomization for years. WITHOUT port randomization, one can exhaust the 16bit of Query ID in 65000 spoofed UDP packets--if one does this before the genuine packet is returned, the attack is successful. WITH port randomization, one needs to send 26 million UDP packets if 256 ports are used by the nameserver---much harder. And DNS TCP is invulnerable to blind attacks.

The Spring 2009 2600 Magazine has an article "Spoofing DNS on a LAN" but it is Man-in-the-middle attack, not the blind attack that Kaminsky describes. In the 2600 article, an an ARP message is used to intercept DNS packets. The DNS packets are altered with a new IP address to cause an http request to go to a proxy server for "inspection".

If DNSSEC were used in the same case as the article, the attacker just has to note the IP address given by DNSSEC, and send an ARP for *that* address which would cause its http proxy to intercept traffic to *that* address. Same result. DNSSEC is irrelevant to this attack. In fact, since the attacker can see the DNS request, it can just turn off the DNSSEC flag in the request so that a non-secure response is returned.

It is possible that the requesting resolver might be configured not to accept unsecure requests, but this is very tedious and impractical. Each resolver has be configured with keys and updated at just the right time or "DNSSEC suicide" results. Related to this is an attack on the caching nameserver that can result in Denial of Service to the client.

Worse yet, the DNSSEC responses are very large, and so a spoofed request have easily have a 126X amplification factor. If this response is coming from Root DNS servers, there is no way to block the attack. Blocking packets from the root servers effectively disables ALL DNS.

The "Kaminsky bug" is a blind attack using brute force to exhaust the 16bit of Query ID in 65000 forged packets. This was discovered in 1999 by Dr. Dan Bernstein, and is fixed by port randomization. BIND/Vixie stubbornly refused to implement this change and even harrassed and censored and blocked Bernstein's messages to IETF DNS lists. The next part of the Kaminsky hoax is to alter the Nameserver records provided as glue. But this was discovered in 2006.

Kaminsky/Vixie et al really are making money on DNSSEC and the Kaminsky/Vixie Hoax is just scaring people into adopting DNSSEC, which doesn't solve any problem, but lines their pockets. Other DNS experts like Masataka Ohta have noted that DNSSEC is not secure end to end.

I think my comments to the NTIA on DNSSEC hit the point on Kaminsky and the DNS scam. As others pointed out, this is a group of shysters. MIT's "Technology Review" picked up the "Media Hack" aspect of the Story in December. That article is a good read if someone has a link.

Here are my NTIA comments which detail the Kaminsky/Vixie scam aspects and expose problems with DNSSEC:
http://www.ntia.doc.gov/dns/comments/comment027.pdf

One of the things not detailed in my NTIA comments is that Kaminsky tells people to move to OpenDNS.ORG, run by Vixie associates David Ulevitch and Bill Fumerola. Fumerola is also a friend of Chris Neill. IADL has a page on Neill and his connection to spam-abuse at
http://www.iadl.org/cn/cn-story.html

On .ORG Signing

While the .ORG TLD was indeed recently signed, I could not get .ORG TLD officials to respond to questions about whether there was regulatory approval for their actions. It is also telling that Vixie is involved with .ORG TLD. The .ORG signing appears to be an effort at "persuasion"--Sort of 'See, we did it'. But as my NTIA comments spell out, there are two serious DDoS attacks created by DNSSEC. While one perhaps might block .ORG servers during an attack, one cannot block the root DNS servers.

Really, my summary is hyped up a bit. I doubt that Kappos will usher in a new era on his own; so much of patent law depends on Congress and the courts anyway. However, given the views of his predecessor (Dudas is on record as saying that "we must also actively educate the world that it [our patent system] is fundamentally the best system"), Kappos is on record as saying that in the U.S., "Trivial patents are being granted. By contrast, the system is better in Europe."

I think Kappos' background is also notable. He's really the first director of the computer generation: got an engineering degree, began working at IBM as an engineer, and then went over to law as a patent lawyer. By contrast, previous directors have either not had technical backgrounds, or have jumped around in the IP fields (Q. Todd Dickinson began work at Baxter, a healthcare company). I think Kappos having been brought up in IBM will make him more open to (or at least less skeptical of) open source-type ideas than any of the other former directors, and his computer/engineering background will also make him more critical of our patent system, and not as focused on ratcheting protections up as far as they can go. Imagine, on the other hand, if the appointee had been someone from PhRMA.

It is not unusual that a patent lawyer would hold an engineering degree; in fact, to sit for the patent bar, one needs typically needs an engineering or science degree, and some patent lawyers have advanced degrees in their areas of specialty. However, I thought it worth mentioning given that the former director of the USPTO, Jon Dudas, did not have any engineering or science background, but rather a degree in finance.

And the US export encryption laws, described at http://www.bis.doc.gov/encryption/default.htm [doc.gov]. It would also interfere with the Patriot Act warrant and supervision free phone tapping, and whatever the NSA has put in lately to tap the major fiber optic backbones without warrant or any appeal to inappropriate monitoring available, as they've previously done to AT&T.

What part of that did you mistake to read "I can't encrypt server side even if I must make clients use clear text" ?

And the US export encryption laws, described at http://www.bis.doc.gov/encryption/default.htm. It would also interfere with the Patriot Act warrant and supervision free phone tapping, and whatever the NSA has put in lately to tap the major fiber optic backbones without warrant or any appeal to inappropriate monitoring available, as they've previously done to AT&T.

This is entire economic meltdown has been caused by the shipping of jobs, especially manufacturing jobs, overseas.

You realize that US manufacturing output rose over the last 10 years (until last year). We've had decreasing manufacturing employment because US manufacturing has become more and more efficient (i.e. mechanized). US minimum wage laws make it impossible for the lowest skill manufacturing to be done here (some people think that is a good thing.)

I think you have the causality backwards. The meltdown has decreased US manufacturing over the last year. US exports have also been rising over the last 10 years, until the most recent crisis.

I believe the cause of the most recent crisis is the bursting of the real estate bubble, period. It was a bubble created by tax rules on mortgage interest deduction, the implicit and later explicit government guarantees on Fannie and Freddie, and the private sector forgetting that mortgages should be limited to 80% loan-to-value because sometimes house prices do go down, and if you don't have a 20% cushion, your borrowers will default on a house that will need to be sold for at a loss to the lender. This tremendous shock is working its way through the global economic structure, and it will take a while for the global economy to rebalance jobs away from house construction and finance.