It isn't clear to me that Google ever intended this to be a commercial product, or at least not in the short-to-medium term. Treated as a research project, it is impressive regardless of the practical limitations.
In reality, in nations like New Zealand (and Japan, I believe) criminals rarely use guns. A well-connected crook can get a gun if he wants one, but the risks generally outweigh the benefits. (For a start, using a gun to commit a crime guarantees much more police attention than you would otherwise get. And if you do get caught, you can expect a much harsher sentence.)
Doesn't surprise me at all, and hardly seems a fair criticism. I would expect most hosting services would prohibit sites that are likely to cause disproportionate load, unless they have a charging model that allows for it.
That's a slight misrepresentation. The surveillance was thought to be legal at the time it was carried out, and it *should* have been legal - that is, the original law was not intended to prohibit it but was merely badly drafted. In circumstances like that, prosecution would be grossly unjust.
The article says "Experts suggested that the FBI didn't see leakage from the site's login page but contacted the site's IP directly and got the PHPMyAdmin configuration page." That's the technical claim I'm talking about, and the only one that I've seen so far in support of the contention that the site was hacked.
If this claim is credible, then the site was in fact responding on its routable address, and might (at least in principle) have been found by scanning the internet.
If this claim is not credible, then I'd like to know what credible evidence *has* been presented.
(As an aside, a few days back I saw someone claim to have identified a specific mistake in the configuration file that caused the site to allow connections that didn't come through Tor, but I can no longer locate this claim and can't speak for its technical accuracy.)
Has the defense presented any actual evidence that the site was hacked?
The Ars Technica article says: "Experts suggested that the FBI didn't see leakage from the site's login page but contacted the site's IP directly and got the PHPMyAdmin configuration page. That raises the question of how the authorities obtained the IP address and located the servers."... but that doesn't make sense. If having the IP address was all they needed to identify that it was indeed the droids - sorry, server - they were looking for, well, that's easy enough these days: there are less than four billion routable IP addresses, so try them all. It might take a few days or a few weeks or even a few months, depending on what resources you can throw at it, but it's no big deal. So what am I missing? Or are the defense just blowing smoke?
You're quite right, I hadn't read the article you were referring to - assumed it was more of the same, to be honest - and so was reading your post out of context. Sorry about that and thanks for the clarification.
As far as I know, though, bash itself (the upstream version) hasn't accepted the comprehensive patch yet? I think that's what the writer meant, not that none of the individual distributions have applied it.
It could also be exploited remotely if the function parsing code has any bugs in it. Several have already been discovered, including one that is probably remotely exploitable.
I've been asked to sign up to Google+ for one reason or another a few times (and refused) and been signed up without being asked another few times. No promises, but the next time that happens I might not bother to delete the account.
As it happens I do use my real name, but I don't see why I should have to prove it to anyone. (And people, mostly Americans, do sometimes assume that I made it up; if I recall correctly, the phrase used on the most recent occasion was "sexually explicit joke username".)
Of course, I suppose that if they had been allowed to secede, they would then be a foreign nation which the US could have declared war on perfectly legally.
Whenever this sort of thing comes up I always wonder... was the Civil War unconstitutional? That also involved military action against US citizens, and presumably the Union didn't hold trials for each individual Confederate soldier before allowing anyone to shoot at them.
Support, even FULL support, means fixing bugs; in practice, fixing important bugs. One thing it certainly doesn't mean is making every possible improvement.
There's no evidence as yet that any of the changes in question were bug fixes.
So, someone who smoked a little pot. Or jaywalked when John Q Law was having a bad morning. Or was guilty of the horrible crime of getting too hot and heavy with his two weeks underaged girlfriend.
OK... and if any of this shows up in a Google search, who's going to care?
The law is an ass [...]
Certainly the "right to be forgotten" is.
The sooner you and the rest of the Americans get that the better off the universe will be.
I don't think you're paying attention. I've already pointed out that I'm not American.
Personally, I'm far more critical of their habit of incarcerating people for trivial reasons and their inhumane prison conditions. But I don't see that it's relevant to my question.
Do Europeans really say things like, "I lost my life savings by investing with someone who turned out to be a criminal, but never mind. Yeah, it would have been nice to know about his past convictions before I invested my money, but hey, privacy!"
IMO, if the state *is* going to forbid me from researching someone's past before making decisions about them, the state should also compensate me for any resulting losses, whether monetary or otherwise. Somehow I'm doubtful that the EU is planning to do that.
I'm puzzled. On the one hand, we have someone making a donation to an organized group so they can pay professionals to manipulate public opinion regarding a referendum. This you say is free speech.
On the other hand we have someone joining a campaign to complain to an organization about their choice of CEO. This isn't?
In this case, it's being used in a targeted way for what *should* be a good reason. For example, a 21 year old is in a bad patch of his life, ends up scoring a conviction for theft and rugs offences. When he gets out of prison, that conviction will haunt him for a while, restricting the fields he can find work in - this happens in the US as well. But, when that same man is 40 years old and has managed to clean his life up, should he still be punished for the mistakes he made half a lifetime ago?
Punished? Maybe not. But treated with caution? Absolutely.
The critical assumption behind this article is that the ISPs "slow lane" - i.e., the general internet - will degrade to the point where it isn't usable.
Now, the FCC claims to be planning regulation to prevent this, but it's unsurprising that people don't trust them.
However: the "slow lane" is still going to be most of the internet. The question becomes, will enough of a typical ISPs customers use *only* those mainstream, big business web sites able to pay the ISP's bribes (and assuming that they are willing to do so) that it is feasible for the ISP to lose the rest?
I find it doubtful, but if anyone has statistics it would be interesting...
"I pay my ISP for a certain bandwith. They should provision for that."... there aren't enough people willing to pay the amount this would cost to make such a business feasible. The internet works, and is more or less affordable, precisely because you share the backbone capacity with your neighbors.
"Comcast HAS implemented caps"... now, that's very odd. Why would anyone join Netflix in the first place if they've got a connection with data caps? Doesn't it make it pretty much useless? You'd burn through the cap in no time... we run out of data (or nearly so) most months, and that's just from Youtube.
I don't know what makes you think I've got a particularly strong opinion - oh, on the general principle behind the FCC's reformulation of net neutrality, sure, but the details of this specific incident aren't directly relevant to it.
Sounds like you're trying to change the internet to a COD model, where you pay for traffic received rather than traffic sent. I'm not sure that's realistic. (For one thing, it would make DDoS attacks even more painful than they already are!)
Also note that Netflix customers using Comcast really aren't already paying for those bytes. To do that, Comcast would have to identify Netflix customers and charge them extra, and you can just imagine the howls that would cause. Oh, sure, they could charge by the gigabyte or implement data caps. But I don't think their customers would like those options either. Or they could just up their prices across the board, but then Netflix users would be being subsidized by everyone else, and I don't think that's fair. The best solution, IMO, is for Netflix to pay and pass the cost on to their customers, and that's exactly what's happened. AFAIK, there's nothing stopping them from charging Comcast users extra to cover it.
(In the thread you linked, it didn't sound like the OP was talking about an ad-hoc VPN to me; that also means that his office connection probably wasn't via Comcast, if Comcast don't do enterprise. Of course, that's all just speculation. OTOH, I still figure Netflix would have sued if they'd found any actual evidence of discriminatory throttling, which shouldn't have been hard to do.)
Slashdot Mirror
It isn't clear to me that Google ever intended this to be a commercial product, or at least not in the short-to-medium term. Treated as a research project, it is impressive regardless of the practical limitations.
In reality, in nations like New Zealand (and Japan, I believe) criminals rarely use guns. A well-connected crook can get a gun if he wants one, but the risks generally outweigh the benefits. (For a start, using a gun to commit a crime guarantees much more police attention than you would otherwise get. And if you do get caught, you can expect a much harsher sentence.)
Doesn't surprise me at all, and hardly seems a fair criticism. I would expect most hosting services would prohibit sites that are likely to cause disproportionate load, unless they have a charging model that allows for it.
That's a slight misrepresentation. The surveillance was thought to be legal at the time it was carried out, and it *should* have been legal - that is, the original law was not intended to prohibit it but was merely badly drafted. In circumstances like that, prosecution would be grossly unjust.
The article says "Experts suggested that the FBI didn't see leakage from the site's login page but contacted the site's IP directly and got the PHPMyAdmin configuration page." That's the technical claim I'm talking about, and the only one that I've seen so far in support of the contention that the site was hacked.
If this claim is credible, then the site was in fact responding on its routable address, and might (at least in principle) have been found by scanning the internet.
If this claim is not credible, then I'd like to know what credible evidence *has* been presented.
(As an aside, a few days back I saw someone claim to have identified a specific mistake in the configuration file that caused the site to allow connections that didn't come through Tor, but I can no longer locate this claim and can't speak for its technical accuracy.)
Has the defense presented any actual evidence that the site was hacked?
The Ars Technica article says: "Experts suggested that the FBI didn't see leakage from the site's login page but contacted the site's IP directly and got the PHPMyAdmin configuration page. That raises the question of how the authorities obtained the IP address and located the servers." ... but that doesn't make sense. If having the IP address was all they needed to identify that it was indeed the droids - sorry, server - they were looking for, well, that's easy enough these days: there are less than four billion routable IP addresses, so try them all. It might take a few days or a few weeks or even a few months, depending on what resources you can throw at it, but it's no big deal. So what am I missing? Or are the defense just blowing smoke?
You're quite right, I hadn't read the article you were referring to - assumed it was more of the same, to be honest - and so was reading your post out of context. Sorry about that and thanks for the clarification.
As far as I know, though, bash itself (the upstream version) hasn't accepted the comprehensive patch yet? I think that's what the writer meant, not that none of the individual distributions have applied it.
Backporting the patch(s), or fixing it from first principles for that matter, is unlikely to be an issue. The problem just isn't that complicated.
The delay is more likely due to Apple's more rigorous testing regime.
It could also be exploited remotely if the function parsing code has any bugs in it. Several have already been discovered, including one that is probably remotely exploitable.
http://lcamtuf.blogspot.co.nz/...
Exactly.
I've been asked to sign up to Google+ for one reason or another a few times (and refused) and been signed up without being asked another few times. No promises, but the next time that happens I might not bother to delete the account.
As it happens I do use my real name, but I don't see why I should have to prove it to anyone. (And people, mostly Americans, do sometimes assume that I made it up; if I recall correctly, the phrase used on the most recent occasion was "sexually explicit joke username".)
Of course, I suppose that if they had been allowed to secede, they would then be a foreign nation which the US could have declared war on perfectly legally.
Whenever this sort of thing comes up I always wonder ... was the Civil War unconstitutional? That also involved military action against US citizens, and presumably the Union didn't hold trials for each individual Confederate soldier before allowing anyone to shoot at them.
What are the significant differences, if any?
http://basicinstructions.net/b...
Support, even FULL support, means fixing bugs; in practice, fixing important bugs. One thing it certainly doesn't mean is making every possible improvement.
There's no evidence as yet that any of the changes in question were bug fixes.
So, someone who smoked a little pot. Or jaywalked when John Q Law was having a bad morning. Or was guilty of the horrible crime of getting too hot and heavy with his two weeks underaged girlfriend.
OK ... and if any of this shows up in a Google search, who's going to care?
The law is an ass [...]
Certainly the "right to be forgotten" is.
The sooner you and the rest of the Americans get that the better off the universe will be.
I don't think you're paying attention. I've already pointed out that I'm not American.
Taking precautions when dealing with a known convict is not punishment. And what kind of person needs an incentive to behave decently?
That comes down to whether or not the person is an ongoing menace as I said.
Which again begs the question: how do you tell?
Personally, I'm far more critical of their habit of incarcerating people for trivial reasons and their inhumane prison conditions. But I don't see that it's relevant to my question.
Do Europeans really say things like, "I lost my life savings by investing with someone who turned out to be a criminal, but never mind. Yeah, it would have been nice to know about his past convictions before I invested my money, but hey, privacy!"
IMO, if the state *is* going to forbid me from researching someone's past before making decisions about them, the state should also compensate me for any resulting losses, whether monetary or otherwise. Somehow I'm doubtful that the EU is planning to do that.
I'm puzzled. On the one hand, we have someone making a donation to an organized group so they can pay professionals to manipulate public opinion regarding a referendum. This you say is free speech.
On the other hand we have someone joining a campaign to complain to an organization about their choice of CEO. This isn't?
What's the difference?
In this case, it's being used in a targeted way for what *should* be a good reason. For example, a 21 year old is in a bad patch of his life, ends up scoring a conviction for theft and rugs offences. When he gets out of prison, that conviction will haunt him for a while, restricting the fields he can find work in - this happens in the US as well. But, when that same man is 40 years old and has managed to clean his life up, should he still be punished for the mistakes he made half a lifetime ago?
Punished? Maybe not. But treated with caution? Absolutely.
So ... who exactly decides that you're no longer a threat?
The critical assumption behind this article is that the ISPs "slow lane" - i.e., the general internet - will degrade to the point where it isn't usable.
Now, the FCC claims to be planning regulation to prevent this, but it's unsurprising that people don't trust them.
However: the "slow lane" is still going to be most of the internet. The question becomes, will enough of a typical ISPs customers use *only* those mainstream, big business web sites able to pay the ISP's bribes (and assuming that they are willing to do so) that it is feasible for the ISP to lose the rest?
I find it doubtful, but if anyone has statistics it would be interesting ...
"I pay my ISP for a certain bandwith. They should provision for that." ... there aren't enough people willing to pay the amount this would cost to make such a business feasible. The internet works, and is more or less affordable, precisely because you share the backbone capacity with your neighbors.
"Comcast HAS implemented caps" ... now, that's very odd. Why would anyone join Netflix in the first place if they've got a connection with data caps? Doesn't it make it pretty much useless? You'd burn through the cap in no time ... we run out of data (or nearly so) most months, and that's just from Youtube.
I don't know what makes you think I've got a particularly strong opinion - oh, on the general principle behind the FCC's reformulation of net neutrality, sure, but the details of this specific incident aren't directly relevant to it.
Sounds like you're trying to change the internet to a COD model, where you pay for traffic received rather than traffic sent. I'm not sure that's realistic. (For one thing, it would make DDoS attacks even more painful than they already are!)
Also note that Netflix customers using Comcast really aren't already paying for those bytes. To do that, Comcast would have to identify Netflix customers and charge them extra, and you can just imagine the howls that would cause. Oh, sure, they could charge by the gigabyte or implement data caps. But I don't think their customers would like those options either. Or they could just up their prices across the board, but then Netflix users would be being subsidized by everyone else, and I don't think that's fair. The best solution, IMO, is for Netflix to pay and pass the cost on to their customers, and that's exactly what's happened. AFAIK, there's nothing stopping them from charging Comcast users extra to cover it.
(In the thread you linked, it didn't sound like the OP was talking about an ad-hoc VPN to me; that also means that his office connection probably wasn't via Comcast, if Comcast don't do enterprise. Of course, that's all just speculation. OTOH, I still figure Netflix would have sued if they'd found any actual evidence of discriminatory throttling, which shouldn't have been hard to do.)