That would be a plausible explanation for why they don't just allow unmetered slow access to *all* content. However, this theory by itself doesn't explain why they conspicuously don't allow unmetered slow access to Youtube or Amazon Prime or Google Play.
PRMan is right, this is a very good answer, and too bad it's going to get buried under all the smart-assery.
On the other hand, this only explains why T-Mobile doesn't make Binge On a completely content-agnostic pipe.
It *doesn't* seem to explain why they have conspicuously excluded Youtube, Google Play, and Amazon Prime (which you presumably could not use as a tunnel for downloading and sharing files!).
I understand, but I still don't understand why T-Mobile couldn't accomplish the same thing just by making the Binge On pipe completely content-agnostic and strictly rate-limited. Why would they prefer to re-compress the video themselves, as opposed to simply providing a slow connection, which the video provider can detect so that the video provider downgrades the video automatically?
Regarding: "T-Mobile wants to compress it, not let the content provider decide what bit rate to do it at, because this is about their network, not just one user on it.The fact a publisher might be capable of sending 1Mbps to a user doesn't mean this is in the best interests of everyone using the same tower as that user."
Well yes, T-Mobile wants the provider to send the data at a slow rate, not at the rate the user would prefer, however couldn't they accomplish the same thing just by rate-limiting the network?
That sounds plausible, but wouldn't that mean that T-Mobile would only provide unmetered access to services whose content was already hosted with T-Mobile to save on bandwidth? I assume that of all the content providers listed at
http://www.t-mobile.com/offer/...
not all of them have cached all of their content with T-Mobile.
But if they're not caching their content with T-Mobile, then it costs T-Mobile the same to provide access to that content as it would to, say, a low-res version of Amazon Prime or Youtube.
Well quite a few people "flagged" the Fat Jew, despite their actions requiring much more manual effort than I'm proposing here.
And quite a few people post ratings on product sites and participate in peer ratings systems in other ways, without any direct compensation. Heck you didn't get anything for posting this comment but you did it anyway.
You could add a feature to flag a joke as a duplicate of content that's hosted somewhere else, and provide the link.
The problem is that because the content is hosted somewhere other than Twitter, someone could create the content on a third-party site, back-date it to look like it was published before the tweet, and then claim that the tweet was a ripoff of their joke.
Right there in step 1 is the problem. By requiring a link to a sentence someone read months ago, the burden on the user is raised unacceptably. Users won't bother policing when it's difficult, unless the case is severe enough to stir up an outrage - which would already result in more damage than just flagging a user's tweets.
Well yes, that's correct, if nobody ever notices the duplication, then the plagiarizer won't get caught. But that's not a flaw in the algorithm because I think that's an unsolvable problem -- if nobody ever notices the similar jokes, there's nothing anyone can do. What my algorithm ensures is that if just one person notices the plagiarized joke, then at least it will get flagged (and after it's flagged, the random-sample-vote determines whether it really is a duplicate). If the original joke-writer and the joke-duplicator have non-trivial-sized audiences, then that increases the chances that at least one person will notice.
Of course, the potential for abuse is also high. Changing a single word can parody an original post, yet changing a different single word may not avoid plagiarizing.
Yes that's a good point, the system doesn't take into account the idea of making a small change for the purposes of parody. (For example, when "On the Internet, nobody knows your a dog" got changed to, "On the Internet, nobody knows your a god -- Jerry Garcia.")
So, here's a proposed change: If a user flags your joke as a "duplicate" of an earlier joke, and you don't agree, you should have the opportunity to respond with a "rebuttal" and explain, "No, this alters the original and adds such-and-such which makes it into a new joke." To avoid ruining your joke by having to explain it, that "rebuttal" would not, by default, be displayed alongside your original joke (to your Twitter followers or wherever else people view the original). But, if the "flagger" does not agree with your rebuttal, and it gets pushed to a random-sample-vote anyway, then your rebuttal is displayed alongside the original, and the voters can take it into account when deciding if you really created a new joke or not. (My Jerry Garcia example isn't a very good one, because most voters would figure out that that's a genuinely new joke, even without having to read a "rebuttal". But there may be other examples where the difference is subtle enough that it has to be spelled out explicitly.)
Do you think that would take care of that problem? If not, why not?
An automated algorithm won't likely be able to tell the difference, so it will fall to manual effort to identify which flagged duplicates are actually malicious.
True, but no part of my proposal involves an automated algorithm anyway.
Shakespeare plagiarized. Plato plagiarized. Tom Lehrer penned many verses praising plagiarism. The bottom line is that plagiarism goes hand-in-hand with creation, and it should always be evaluated only in the entire context of both works - the plagiarizing and the plagiarized. What is being said is often not what's being written.
All true, but also involved authors adding new creative elements, to the point where nobody seriously disputes that they deserve credit for the resulting work. I'm talking about taking care of low-hanging fruit where someone just steals another person's 140-character joke and pretends they made it up.
The "forgot your password" page only confirms that whatever information you have entered, is valid information for that user. So if you enter your target's name and email address, it will confirm that there is a user on file with that name and email address -- but if you already had your target's name and email address, you knew that already.
However, the space of PINs is small enough that you can brute-force it, so when you try enough PINs, now you know that your target with that name, is using that PIN. You as the attacker can't actually retrieve the account number, because it will get sent to the email address they already have on file for that user. But now you have their PIN (which quite likely is the same 4-digit PIN they use on other services that require one).
I'm not saying they should disable all automated methods to retrieve your account number, just the method that requires a PIN.
Remember, I said that the "Forgot your account number?" page lets you retrieve your account number if you enter your name along with any ONE of the following:
your e-mail address
your street address
your phone number
your PIN
your password
your "old MileagePlus number"
That means if you disable the ability to retrieve it using a PIN, the only people you're locking out are people who remember their PIN but have forgotten everything else on that list, i.e., almost nobody
That's absolutely right, I mentioned this in the article (in the section starting with "However, if the attacker has a database of 1000 customer names...") but in the context of using it on PINs instead of passwords.
Basically, they allow really weak passwords, then any attack that works on PINs will work on passwords. (Well, almost -- even if they allow weak passwords, at least they can't force everyone to have a weak password -- they do however force all new users to choose a 4-digit PIN.)
Yes. But those were for mails being sent from the peacefire.org server itself. The emails I sent to United were sent through my Gmail account, through Google's SMTP servers, so those mails are less likely to be blocked.
That's even worse, because that means they know about this gaping hole that lets you steal other users' 4-digit PINs, and they still haven't fixed it. (It should not take long to push an update to their site that removes the "PIN" option from the "forgot your account number" page -- and it should not negatively impact their users either, since you can still retrieve your account number if you enter your name along with your address, your email address, your phone number, or your password.)
Had you read the article, you might have noticed that (1) they say, "We do not allow execution of brute-force attacks on other users", which all sane English-speakers would interpret to mean they allow brute-forcing your own account, and (2) they also list "brute-force attacks" on the list of things they will pay 250,000 air miles for.
Well of course you're right, it's not sophisticated. But I think the importance of finding and fixing a given hack should be based on the damage that it can do, not how sophisticated it is. Being able to get an arbitrary user's 4-digit PIN, is bad.
As I pointed out in the article, "Bruce-force attacks" is also listed under things that they will pay out up to 250,000 air miles for:
http://peacefire.org/united-bo...
That's correct, this attack doesn't let you reset a user's password. It only lets you find out their 4-digit PIN, which is (1) bad in and of itself, and (2) bad because the person probably uses the same 4-digit PIN for other services that require one.
By contrast, if you enter a known first-name/last-name/phone-number combination, all the site does is tell you that's a valid combination -- but you already knew that before you entered it, so there's no attack there.
Thank you however for posting a non-deranged comment!
My point is that any time you create an original work using someone else's characters, you've already met 3 of the 4 criteria above, and if you make it free, then you've met all 4 criteria.
And yet, we do have the concept of character copyrights, which says that you cannot use someone else's copyright characters even for your own entirely original work.
So my point is that the very existence of character copyrights means that that reasoning cannot be entirely valid.
In particular, I would dispute your reasoning in this step: "How much of the original work does it copy? In this case, very little. Just the appearance of the characters. All the footage is original."
But the copyright that we're talking about is not a copyright on the original work, it's a copyright on the characters. And then the question becomes "How much of the original character did you use?" and the answer, is, essentially, 100% -- because a character either makes an appearance in your story, or they don't. (Especially in this case where the whole short film is about these characters.)
In the article, the words "characters themselves can be protected by copyright" are linked to this page, which is written by a lawyer: http://www.ivanhoffman.com/cha...
Ergo, thank you for calling my post interesting.
Slashdot Mirror
But how will people figure out how to get the ice lines moving at Burning Man?
That would be a plausible explanation for why they don't just allow unmetered slow access to *all* content. However, this theory by itself doesn't explain why they conspicuously don't allow unmetered slow access to Youtube or Amazon Prime or Google Play.
this comment is too long how am I supposed to read all of this
PRMan is right, this is a very good answer, and too bad it's going to get buried under all the smart-assery. On the other hand, this only explains why T-Mobile doesn't make Binge On a completely content-agnostic pipe. It *doesn't* seem to explain why they have conspicuously excluded Youtube, Google Play, and Amazon Prime (which you presumably could not use as a tunnel for downloading and sharing files!).
There is only one
I understand, but I still don't understand why T-Mobile couldn't accomplish the same thing just by making the Binge On pipe completely content-agnostic and strictly rate-limited. Why would they prefer to re-compress the video themselves, as opposed to simply providing a slow connection, which the video provider can detect so that the video provider downgrades the video automatically? Regarding: "T-Mobile wants to compress it, not let the content provider decide what bit rate to do it at, because this is about their network, not just one user on it.The fact a publisher might be capable of sending 1Mbps to a user doesn't mean this is in the best interests of everyone using the same tower as that user." Well yes, T-Mobile wants the provider to send the data at a slow rate, not at the rate the user would prefer, however couldn't they accomplish the same thing just by rate-limiting the network?
it's Haselton
I've never heard of the itwbennett account
That sounds plausible, but wouldn't that mean that T-Mobile would only provide unmetered access to services whose content was already hosted with T-Mobile to save on bandwidth? I assume that of all the content providers listed at http://www.t-mobile.com/offer/... not all of them have cached all of their content with T-Mobile. But if they're not caching their content with T-Mobile, then it costs T-Mobile the same to provide access to that content as it would to, say, a low-res version of Amazon Prime or Youtube.
Well quite a few people "flagged" the Fat Jew, despite their actions requiring much more manual effort than I'm proposing here.
And quite a few people post ratings on product sites and participate in peer ratings systems in other ways, without any direct compensation. Heck you didn't get anything for posting this comment but you did it anyway.
You could add a feature to flag a joke as a duplicate of content that's hosted somewhere else, and provide the link.
The problem is that because the content is hosted somewhere other than Twitter, someone could create the content on a third-party site, back-date it to look like it was published before the tweet, and then claim that the tweet was a ripoff of their joke.
Right there in step 1 is the problem. By requiring a link to a sentence someone read months ago, the burden on the user is raised unacceptably. Users won't bother policing when it's difficult, unless the case is severe enough to stir up an outrage - which would already result in more damage than just flagging a user's tweets.
Well yes, that's correct, if nobody ever notices the duplication, then the plagiarizer won't get caught. But that's not a flaw in the algorithm because I think that's an unsolvable problem -- if nobody ever notices the similar jokes, there's nothing anyone can do. What my algorithm ensures is that if just one person notices the plagiarized joke, then at least it will get flagged (and after it's flagged, the random-sample-vote determines whether it really is a duplicate). If the original joke-writer and the joke-duplicator have non-trivial-sized audiences, then that increases the chances that at least one person will notice.
Of course, the potential for abuse is also high. Changing a single word can parody an original post, yet changing a different single word may not avoid plagiarizing.
Yes that's a good point, the system doesn't take into account the idea of making a small change for the purposes of parody. (For example, when "On the Internet, nobody knows your a dog" got changed to, "On the Internet, nobody knows your a god -- Jerry Garcia.")
So, here's a proposed change: If a user flags your joke as a "duplicate" of an earlier joke, and you don't agree, you should have the opportunity to respond with a "rebuttal" and explain, "No, this alters the original and adds such-and-such which makes it into a new joke." To avoid ruining your joke by having to explain it, that "rebuttal" would not, by default, be displayed alongside your original joke (to your Twitter followers or wherever else people view the original). But, if the "flagger" does not agree with your rebuttal, and it gets pushed to a random-sample-vote anyway, then your rebuttal is displayed alongside the original, and the voters can take it into account when deciding if you really created a new joke or not. (My Jerry Garcia example isn't a very good one, because most voters would figure out that that's a genuinely new joke, even without having to read a "rebuttal". But there may be other examples where the difference is subtle enough that it has to be spelled out explicitly.)
Do you think that would take care of that problem? If not, why not?
An automated algorithm won't likely be able to tell the difference, so it will fall to manual effort to identify which flagged duplicates are actually malicious.
True, but no part of my proposal involves an automated algorithm anyway.
Shakespeare plagiarized. Plato plagiarized. Tom Lehrer penned many verses praising plagiarism. The bottom line is that plagiarism goes hand-in-hand with creation, and it should always be evaluated only in the entire context of both works - the plagiarizing and the plagiarized. What is being said is often not what's being written.
All true, but also involved authors adding new creative elements, to the point where nobody seriously disputes that they deserve credit for the resulting work. I'm talking about taking care of low-hanging fruit where someone just steals another person's 140-character joke and pretends they made it up.
No. Sorry for the confusion. To clarify:
The "forgot your password" page only confirms that whatever information you have entered, is valid information for that user. So if you enter your target's name and email address, it will confirm that there is a user on file with that name and email address -- but if you already had your target's name and email address, you knew that already.
However, the space of PINs is small enough that you can brute-force it, so when you try enough PINs, now you know that your target with that name, is using that PIN. You as the attacker can't actually retrieve the account number, because it will get sent to the email address they already have on file for that user. But now you have their PIN (which quite likely is the same 4-digit PIN they use on other services that require one).
I'm not saying they should disable all automated methods to retrieve your account number, just the method that requires a PIN.
Remember, I said that the "Forgot your account number?" page lets you retrieve your account number if you enter your name along with any ONE of the following:
your e-mail address
your street address
your phone number
your PIN
your password
your "old MileagePlus number"
That means if you disable the ability to retrieve it using a PIN, the only people you're locking out are people who remember their PIN but have forgotten everything else on that list, i.e., almost nobody
except I did log on to United
That's absolutely right, I mentioned this in the article (in the section starting with "However, if the attacker has a database of 1000 customer names...") but in the context of using it on PINs instead of passwords.
Basically, they allow really weak passwords, then any attack that works on PINs will work on passwords. (Well, almost -- even if they allow weak passwords, at least they can't force everyone to have a weak password -- they do however force all new users to choose a 4-digit PIN.)
Yes. But those were for mails being sent from the peacefire.org server itself. The emails I sent to United were sent through my Gmail account, through Google's SMTP servers, so those mails are less likely to be blocked.
That's even worse, because that means they know about this gaping hole that lets you steal other users' 4-digit PINs, and they still haven't fixed it. (It should not take long to push an update to their site that removes the "PIN" option from the "forgot your account number" page -- and it should not negatively impact their users either, since you can still retrieve your account number if you enter your name along with your address, your email address, your phone number, or your password.)
Had you read the article, you might have noticed that (1) they say, "We do not allow execution of brute-force attacks on other users", which all sane English-speakers would interpret to mean they allow brute-forcing your own account, and (2) they also list "brute-force attacks" on the list of things they will pay 250,000 air miles for.
Yeah, he interpreted it as forbidding brute-force testing against other users
That's right, since it said "we do not allow execution of brute-force attacks on other users"
Well of course you're right, it's not sophisticated. But I think the importance of finding and fixing a given hack should be based on the damage that it can do, not how sophisticated it is. Being able to get an arbitrary user's 4-digit PIN, is bad.
As I pointed out in the article, "Bruce-force attacks" is also listed under things that they will pay out up to 250,000 air miles for: http://peacefire.org/united-bo...
That's correct, this attack doesn't let you reset a user's password. It only lets you find out their 4-digit PIN, which is (1) bad in and of itself, and (2) bad because the person probably uses the same 4-digit PIN for other services that require one.
By contrast, if you enter a known first-name/last-name/phone-number combination, all the site does is tell you that's a valid combination -- but you already knew that before you entered it, so there's no attack there.
Thank you however for posting a non-deranged comment!
My point is that any time you create an original work using someone else's characters, you've already met 3 of the 4 criteria above, and if you make it free, then you've met all 4 criteria.
And yet, we do have the concept of character copyrights, which says that you cannot use someone else's copyright characters even for your own entirely original work.
So my point is that the very existence of character copyrights means that that reasoning cannot be entirely valid.
In particular, I would dispute your reasoning in this step: "How much of the original work does it copy? In this case, very little. Just the appearance of the characters. All the footage is original."
But the copyright that we're talking about is not a copyright on the original work, it's a copyright on the characters. And then the question becomes "How much of the original character did you use?" and the answer, is, essentially, 100% -- because a character either makes an appearance in your story, or they don't. (Especially in this case where the whole short film is about these characters.)
In the article, the words "characters themselves can be protected by copyright" are linked to this page, which is written by a lawyer:
http://www.ivanhoffman.com/cha...
Ergo, thank you for calling my post interesting.