Hi there again. There are some more misconceptions about the law and the technology that hopefully I can clear up.
First, I am not a lawyer and this is not legal advice. Additionally, the EFF lawyers are preparing a Tor Legal FAQ that might help answer this type of question as well. Keep an eye on the http://tor.eff.org site for updates. (The Legal FAQ will also not be legal advice, but purely informational.)
Okay. First, if you want to help the Tor project/network but don't want to handle unencrypted content or be the exit node that talks to endpoints, then don't run an exit node. Set your ExitPolicy to "reject *:*".
Second, a Tor operator, whether the server is in exit or middleman or mode, has no prior knowledge of the content that might pass through the server. Nor should you capture traffic (with e.g. tcpdump) -- doing so might be a violation of U.S. wiretap laws.
Third, all proxy services, anonymizing and other, are subject to the same issues. Note that Anonymizer.com, AOL, FreeNet, Tor, any given Squid proxy, all have the same content issues. So far, no operators of such services have been sued for providing those services.
Finally, other posters have stated that ISPs have "common carrier" status and thus are not liable for carrying potentially unlawful content. ISPs enjoy no special common carrier immunities for bits they carry, and have no special defenses against this potential liability that shouldn't also apply to a Tor operator (in the U.S).
Hi there! I'm Chris Palmer from EFF. I am working with the Tor developers, so I know a bit about it. I'll try to clear up some questions and misconceptions people seem to have.
1. Spam? Well, spammers already have much better tools than Tor. Namely, botnets. The Tor network currently doesn't support the kind of bandwidth usage spammers can chew up. By their willingness to break the law, spammers and criminals already have good tools to hide their network origin. Tor doesn't really help them. Plus, the default Tor exit policy is to block port 25.
2. Free/open source? Yes, three-clause BSD. EFF would not financially support a non-free/open source project!
3. Do you have to trust the nodes? You have to trust the entry node and the exit node. The entry node can be on your own computer, which I highly advise people to do. It's easy to install on all platforms, so that shouldn't be a hurdle. As far as trusting the exit node: Yes, the exit node can see the plaintext of your communications. That is why you should always use end-to-end encryption, anyway! Remember, all normal Internet routers in your route can read your traffic; Tor is actually BETTER because traffic is strongly encrypted (AES, multiple times) while inside the Tor network.
So, you actually have to trust Tor a bit less than regular Internet routes.
Use encryption.:)
4. Is it like Freenet/Crowds/Anonymizer? Yes, and no. It is like somewhat like those systems in goals, but the design is different. For example, unlike Freenet, Tor helps you talk to the real Internet. Unlike Anonymizer, Tor uses a whole network of proxies, not a single proxy; and the proxies are generic SOCKS proxies, not specifically HTTP.
5. Version number is too low. Is this alpha software? Roger and Nick are very modest.:) Tor works. It is stable, many bugs have been fixed, and the protocol is moderately stable. Tor does not crash randomly or eat all your memory. What's in flux is bigger picture items, such as "How can we reduce our dependency on the central directory server" and "Wouldn't a GUI configuration tool be nifty?"
6. Is there a backdoor? Well, you tell me. The source code is open. Is there a backdoor in other free software you like?
7. Minimum bandwidth requirement? For exit and middleman nodes, yes, you should have a reasonable pipe and a stable machine. "Reasonable" pipe can mean a good DSL connection. Crappy nodes can degrade the network for those poor saps whose circuit goes through one. That is why the directory server operators won't list your server unless it meets basic stability and bandwidth requirements.
You have vendors, right? You really do have money and are trying to buy something, right? Find out from people who know and who might actually have something to offer, like Red Hat and IBM.
If the vendors don't already have such products (and I bet they do), if you voice interest they will be more likely to develop them. For example, Red Hat is selling a separate database package based on Postgres. Certainly, they'll want to sell database applications, too (like ERP). At the very least, they'll direct you to partners of theirs who are developing such things. Just let them know you're interested.
I do not trust Linux man pages or HOWTOs. I have had bad luck with them, in several Linux distributions. For correct (and correctly spelled) documentation, look at OpenBSD. Once you've had high-quality documentation, you won't want to go back.
What you have to do is find yourself a good community. A good community is not free; you have to help build it by making contributions of your own.
If you need help with a specific application, try the mailing list(s) dedicated to that particular application. I have had good luck on the Samba mailing lists, for example.
If it's for a business and you simply can't figure it out, just buy a support contract from Red Hat. That's what they exist to do.
JavaScript actually bears very little resemblance to Java. It has a completely different model for sharing implementations (prototype-based instead of inheritance-based) and a polar-opposite type system (dynamic and weak instead of static and strong).
JavaScript has "Java" in the name only due to a mindless marketing droid at Netscape. It was originally called (I think) LiveScript.
We began development with 1.3, and would like to continue with 1.3 instead of changing to 1.4 in the middle of the development cycle.
But you can change platforms in the middle of the development cycle? And what about the future? When is the Mac going to get 1.4? Probably soon, but then, it's already out on Linux, Solaris and Windows.
Our reasoning for migration is one based on avoidance of the draconian EULA of Microsoft and their policy of forced obselescence.
But you've already bought the software (not to mention hardware) you need to make your developers productive. A change is just going to mess up your schedule and budget.
As I figured, this is all an ego/ideology move on your part. If you cared about the business, you'd use the right tool for the job -- in this case, the tools you already have, have paid for, and which work.
We also need to have a platform that is good for the sales staff as well as the engineers
Why must people in different departments use the same system?
These are questions you should have asked and answered before presenting anything to management.
The Mac ships with Java 1.3 but not yet 1.4 (afaik), and for that reason is not an ideal platform for Java development. Linux, Windows and Solaris are ideal platforms -- shouldn't you look at them first?
This is obviously just an ideology game on your part, and you aren't putting your company's business needs first. You should not be in charge of IT decisions.
I love Macs, too, but if you have to Ask Slashdot, you are not a professional.
First, I'll say that you shouldn't fret about having an `old' or `slow' computer. As long as you have a Pentium-class CPU and 32MB RAM, everything else is just cake. You can get that for around $100 at the used computer store in my town. It's not a gaming machine--but that's actually a good thing. Games, while at their best are works of art, are often a huge waste of time that take away from your learning about computers. So don't fret--hack.
Second, check out Carcass, Cynic and Meshuggah if you haven't already. : )
Calling either Bill Gates or Richard Stallman `psycho' is irresponsible. As far as I can tell, BG wants to get rich and dominate (a) market(s) presumably to satisfy his ego. BG thinks that in order to achieve these goals, information must be a closely guarded secret. That's not psychosis.
RMS wants to live in a world of information freedom. He creates information that he gives away for free, and encourages others to do so. That's not psychosis, either. That's a pure form of a particular ideal. RMS is to be commended for his consistency and truth. RMS does not want to force you to disclose all your secrets and to write only free software. He hopes to convince you that freedom is ultimately the better choice for everyone.
Yes, both RMS and BG want their vision realized everywhere. The difference is that RMS uses persuasion, not coercion (I interpret BG's unethical business practices as a form of coercion).
As for RMS' absolutism: will you accept partial compliance with what you think is right, on issues you think of as vital? If so, how can you expect people to trust you?
Information intended for public consumption should be free. Some information is private, not intended for public comsumption, and that information should not be free. But consumer software most definitely is intended for public consumption, and people like RMS and myself want to live in a world of free information. Why are you upset by consistency and idealism?
In fact, Mr. Dompier has saved a copy of a handwritten letter from Mr. Gates at about that
same time, thanking him for helping find and fix bugs in the program.
I wonder if Dompier was paid for his effort? In his letter, Gates makes a big deal about the quality of the software and the costs of producing it.
Whenever someone claims that a field is essentially complete,
Pike isn't complaining it's complete! At the end--did you had read that far?--he talks about areas in which interesting research might still be conducted. He is talking about how there isn't any relevant activity in research, not that the field is exhausted.
A business (any business) is legally required to attempt to make money for it's investors (or risk getting sued). As this is the case, Amazon had no choice but to work within a flawed system. They had to attack B&N, and they have to defend themselves now. So this is all really evidence of a fundamentally flawed patent system.
You misspelled `a fundamentally flawed economic system'.
Slashdot Mirror
Hi there again. There are some more misconceptions about the law and the technology that hopefully I can clear up.
First, I am not a lawyer and this is not legal advice. Additionally, the EFF lawyers are preparing a Tor Legal FAQ that might help answer this type of question as well. Keep an eye on the http://tor.eff.org site for updates. (The Legal FAQ will also not be legal advice, but purely informational.)
Okay. First, if you want to help the Tor project/network but don't want to handle unencrypted content or be the exit node that talks to endpoints, then don't run an exit node. Set your ExitPolicy to "reject *:*".
Second, a Tor operator, whether the server is in exit or middleman or mode, has no prior knowledge of the content that might pass through the server. Nor should you capture traffic (with e.g. tcpdump) -- doing so might be a violation of U.S. wiretap laws.
Third, all proxy services, anonymizing and other, are subject to the same issues. Note that Anonymizer.com, AOL, FreeNet, Tor, any given Squid proxy, all have the same content issues. So far, no operators of such services have been sued for providing those services.
Finally, other posters have stated that ISPs have "common carrier" status and thus are not liable for carrying potentially unlawful content. ISPs enjoy no special common carrier immunities for bits they carry, and have no special defenses against this potential liability that shouldn't also apply to a Tor operator (in the U.S).
Hi there! I'm Chris Palmer from EFF. I am working with the Tor developers, so I know a bit about it. I'll try to clear up some questions and misconceptions people seem to have.
:)
:) Tor works. It is stable, many bugs have been fixed, and the protocol is moderately stable. Tor does not crash randomly or eat all your memory. What's in flux is bigger picture items, such as "How can we reduce our dependency on the central directory server" and "Wouldn't a GUI configuration tool be nifty?"
1. Spam? Well, spammers already have much better tools than Tor. Namely, botnets. The Tor network currently doesn't support the kind of bandwidth usage spammers can chew up. By their willingness to break the law, spammers and criminals already have good tools to hide their network origin. Tor doesn't really help them. Plus, the default Tor exit policy is to block port 25.
2. Free/open source? Yes, three-clause BSD. EFF would not financially support a non-free/open source project!
3. Do you have to trust the nodes? You have to trust the entry node and the exit node. The entry node can be on your own computer, which I highly advise people to do. It's easy to install on all platforms, so that shouldn't be a hurdle. As far as trusting the exit node: Yes, the exit node can see the plaintext of your communications. That is why you should always use end-to-end encryption, anyway! Remember, all normal Internet routers in your route can read your traffic; Tor is actually BETTER because traffic is strongly encrypted (AES, multiple times) while inside the Tor network.
So, you actually have to trust Tor a bit less than regular Internet routes.
Use encryption.
4. Is it like Freenet/Crowds/Anonymizer? Yes, and no. It is like somewhat like those systems in goals, but the design is different. For example, unlike Freenet, Tor helps you talk to the real Internet. Unlike Anonymizer, Tor uses a whole network of proxies, not a single proxy; and the proxies are generic SOCKS proxies, not specifically HTTP.
5. Version number is too low. Is this alpha software? Roger and Nick are very modest.
6. Is there a backdoor? Well, you tell me. The source code is open. Is there a backdoor in other free software you like?
7. Minimum bandwidth requirement? For exit and middleman nodes, yes, you should have a reasonable pipe and a stable machine. "Reasonable" pipe can mean a good DSL connection. Crappy nodes can degrade the network for those poor saps whose circuit goes through one. That is why the directory server operators won't list your server unless it meets basic stability and bandwidth requirements.
I see no code.
The authors will have to carefully specify which 12 of the 80,000,000,000 versions of Linux they are talking about.
My favorite recordings of Ornette's are Free Jazz and The Shape of Jazz To Come.
Herbie Hancock's Headhunters is a tremendously enjoyable classic.
Anything with Ron Carter (bass). Playing anything from Miles Davis to Bach to Erykah Badu, the guy is great.
You have vendors, right? You really do have money and are trying to buy something, right? Find out from people who know and who might actually have something to offer, like Red Hat and IBM.
If the vendors don't already have such products (and I bet they do), if you voice interest they will be more likely to develop them. For example, Red Hat is selling a separate database package based on Postgres. Certainly, they'll want to sell database applications, too (like ERP). At the very least, they'll direct you to partners of theirs who are developing such things. Just let them know you're interested.
I do not trust Linux man pages or HOWTOs. I have had bad luck with them, in several Linux distributions. For correct (and correctly spelled) documentation, look at OpenBSD. Once you've had high-quality documentation, you won't want to go back.
What you have to do is find yourself a good community. A good community is not free; you have to help build it by making contributions of your own.
If you need help with a specific application, try the mailing list(s) dedicated to that particular application. I have had good luck on the Samba mailing lists, for example.
If it's for a business and you simply can't figure it out, just buy a support contract from Red Hat. That's what they exist to do.
JavaScript actually bears very little resemblance to Java. It has a completely different model for sharing implementations (prototype-based instead of inheritance-based) and a polar-opposite type system (dynamic and weak instead of static and strong).
JavaScript has "Java" in the name only due to a mindless marketing droid at Netscape. It was originally called (I think) LiveScript.
There hasn't been a djbdns release since 12-Feb-2001 and the project is bound to go stale sooner or later if djb does not renew his interest.
Maybe it hasn't been updated since Feb 2001 since it's complete and doesn't need any new updates? Is that such an amazing concept?
Independent artists tend to be extremely lo-fi, very unpolished, and more often than not, just plain unoriginal.
Meshuggah, Throwing Muses/Kristin Hersh, King Crimson, Ornette Coleman, Ani Difranco, Dead Kennedys...
We began development with 1.3, and would like to continue with 1.3 instead of changing to 1.4 in the middle of the development cycle.
But you can change platforms in the middle of the development cycle? And what about the future? When is the Mac going to get 1.4? Probably soon, but then, it's already out on Linux, Solaris and Windows.
Our reasoning for migration is one based on avoidance of the draconian EULA of Microsoft and their policy of forced obselescence.
But you've already bought the software (not to mention hardware) you need to make your developers productive. A change is just going to mess up your schedule and budget.
As I figured, this is all an ego/ideology move on your part. If you cared about the business, you'd use the right tool for the job -- in this case, the tools you already have, have paid for, and which work.
We also need to have a platform that is good for the sales staff as well as the engineers
Why must people in different departments use the same system?
These are questions you should have asked and answered before presenting anything to management.
The Mac ships with Java 1.3 but not yet 1.4 (afaik), and for that reason is not an ideal platform for Java development. Linux, Windows and Solaris are ideal platforms -- shouldn't you look at them first?
This is obviously just an ideology game on your part, and you aren't putting your company's business needs first. You should not be in charge of IT decisions.
I love Macs, too, but if you have to Ask Slashdot, you are not a professional.
You are truly confused about what free means, and what the Gnome project's goals are.
Why don't you just install Windows and Outlook? You'd be happier.
First, I'll say that you shouldn't fret about having an `old' or `slow' computer. As long as you have a Pentium-class CPU and 32MB RAM, everything else is just cake. You can get that for around $100 at the used computer store in my town. It's not a gaming machine--but that's actually a good thing. Games, while at their best are works of art, are often a huge waste of time that take away from your learning about computers. So don't fret--hack.
Second, check out Carcass, Cynic and Meshuggah if you haven't already. : )
Perl
One wonders if Taco's typo was intentional, or just another instance of inadvertant self-parody by the Slashdot crew.
Calling either Bill Gates or Richard Stallman `psycho' is irresponsible. As far as I can tell, BG wants to get rich and dominate (a) market(s) presumably to satisfy his ego. BG thinks that in order to achieve these goals, information must be a closely guarded secret. That's not psychosis.
RMS wants to live in a world of information freedom. He creates information that he gives away for free, and encourages others to do so. That's not psychosis, either. That's a pure form of a particular ideal. RMS is to be commended for his consistency and truth. RMS does not want to force you to disclose all your secrets and to write only free software. He hopes to convince you that freedom is ultimately the better choice for everyone.
Yes, both RMS and BG want their vision realized everywhere. The difference is that RMS uses persuasion, not coercion (I interpret BG's unethical business practices as a form of coercion).
As for RMS' absolutism: will you accept partial compliance with what you think is right, on issues you think of as vital? If so, how can you expect people to trust you?
Information intended for public consumption should be free. Some information is private, not intended for public comsumption, and that information should not be free. But consumer software most definitely is intended for public consumption, and people like RMS and myself want to live in a world of free information. Why are you upset by consistency and idealism?
http://dusk.bitstream.net/ War ehouse/Unsorted/msad.jpg
In fact, Mr. Dompier has saved a copy of a handwritten letter from Mr. Gates at about that same time, thanking him for helping find and fix bugs in the program.
I wonder if Dompier was paid for his effort? In his letter, Gates makes a big deal about the quality of the software and the costs of producing it.
Why give Grandma Redhat when you can give her OSX?
Because Red Hat gives her freedom, and Red Hat runs well on a $200 computer. OS X is niether free nor efficient.
what is there for a geek not to like too?
You answered your own question, dood:
Apple controls the hardware too.
Call this trolling or flamebaiting, I don't care. Goldstein's screed is anything but `lucid'. Did Hemos read it before posting this article?
I share the sentiments of the rant, by and large, but he makes no coherent argument. It's just a bunch of kiddie hyperbole--like all the rest of 2600.
Whenever someone claims that a field is essentially complete,
Pike isn't complaining it's complete! At the end--did you had read that far?--he talks about areas in which interesting research might still be conducted. He is talking about how there isn't any relevant activity in research, not that the field is exhausted.
Can someone please explain to me the appeal of the insane levels of violence and violent sex in much of anime? I don't get it.
In earnest; I'm not trolling. Thanks.
A business (any business) is legally required to attempt to make money for it's investors (or risk getting sued). As this is the case, Amazon had no choice but to work within a flawed system. They had to attack B&N, and they have to defend themselves now. So this is all really evidence of a fundamentally flawed patent system.
You misspelled `a fundamentally flawed economic system'.
Check out the Street Performer Protocol.