I am sure the fine-print means you would forfeit your right to warranty and fitness for purpose if...
Why on earth do you think that?
NOTHING can forfeit that right. If you could forfeit it, then it would be meaningless, because every vendor would require you to sign it away or void it before letting you buy anything. The courts everywhere have always upheld this one: statutory warranty is immutable. You can't sign it away and the vendor can't disavow it for any reason. If the vendor is responsible for the fault, then the vendor must make good on it. Burden of proof may vary depending on the age of the item, but there's no expiry date on a statutory warranty - you might be required to prove in court that your 5-year-old widget really was defective from the outset and didn't fail due to wear and tear, but if you can prove it, then it's covered. It does not matter what you did to the item before the fault occurred, if that wasn't the cause of the fault. It does not matter what the vendor wants. They must repair, replace, or refund.
You appear to be under the mistaken impression that this document affects the statutory warranty on every commercial product. It doesn't. If any product fails because of the actions of the vendor (usually manufacturing defects, but idiotic 'updates' also count), they have to repair, replace, or refund. It doesn't matter what words they put in the box with it. It doesn't matter what you sign. It doesn't matter what click-wrap licenses they throw at you. It doesn't matter what the vendor intended. The statutory warranty is immutable - courts all around the world have upheld that so many times that it just isn't funny any more.
Anybody who sells any new (not after-market) item has a duty to make sure it is fit for sale and a legal responsibility to make good on any faults.
Any warranties you may find in the box are additions to this, which cover failures due to your actions, third parties, or wear and tear (or nothing, in some of the more disreputable cases).
People are sometimes misled by those "no warranty; not even the implied warranty of merchantability or fitness for a particular purpose" labels on free software. The only reason those work at all is because the software is given away, rather than sold; there's no statutory warranty on a gift.
Extradition treaties don't allow the US government to apply US laws to Swedish nationals acting completely in accordance with Swedish law on Swedish soil, regardless of what some people may think.
Right. Their heavy-handed disdain for such matters is what allows them to apply US laws to foreign nationals acting completely in accordance with their own laws on their own soil. Extradition treaties don't have anything to do with it.
Don't forget, that's exactly what happened to Sklyarov.
None of the cops were committing a crime here. Pay attention.
That has not been established. The facts of record are that some cops pointed guns at a girl who was no threat to anyone. If they did not have a damned good reason - if they were just being jackasses - then that would be sufficient to get them fired, and may have been a crime.
It's assenine to insult those who put themselves between you and a bullet, and who run into burning buildings to save you, even when you denigrate them and insult them.
Not one of those cops has saved anybody. They damn near did the opposite. Nobody but the girl was in danger here. The only dangerous people were those idiots with uniforms, guns, and a testosterone problem.
Way to show your appreciation for all those people who daily put their lives on the line for your sorry ass.
I'm sorry, are you claiming that anybody who risks their life should be permitted to commit crimes with no consequences? That any government employee whose job carries any degree of risk should be exempt from responsibility for their actions? That the people responsible for enforcing the law should be less accountable than others?
Guess why they didn't shoot her? Because they knew damn well it was NOT a bomb. Thats why. If they thought it was a bomb she'd have been shot on sight, and the airport would have been evacuated. This clearly did not happen (and you can bet a lot of other things behind the screens at the TSA DID happen like background check etc). But, she might have caused fears among other visitors, or confusion to TSA folks, or both. TSA doesn't want this on their airpot, so they used this situation to their advantage knowing full well it'd get in the news.
Can you prove that? Because you have just alleged that several members of the TSA have committed a serious felony, which has a mandatory prison sentence attached. If true, this needs to be publicised and prosecuted now.
I agree with you and this is just classic psychology at work here. If she had nothing to hide she just would of stated what it was she was wearing, but the fact she didn't suggest she doesn't want you to know and possibly for nefarious reasons. We all know now it wasn't for bad intentions but at the time the employee(s) doesn't know.
How many times have you tried asking a woman to explain the clothes they are wearing? How many of them have just ignored you?
Nothing unusual at all about that kind of behaviour.
And *sigh* when will we stop thinking of terrorists of guys only in the middle east. Timothy Mcveigh ring a bell? I can easily see a disgruntled citizen who doesn't know shit about bombs trying to make one, showing up somewhere with wires hanging out trying to blow the place up. You laugh but there are alot of stupid criminals out in this world....
In a free society, you assume everybody is innocent until proven otherwise. Sure, this means more crimes are going to be committed. That's the price of freedom. If you don't like it, China welcomes rich immigrants.
Justify, using diagrams where necessary, the designs and colouring of every item of clothing you own. Remove any and all items that I and all the other people nearby decide to be unacceptable.
Not answering and complying? Then, according to your post, we are fully justified in arresting and/or shooting at you, and you'll be lucky to be alive.
Even the initial arrest, both citizens and police could be justified on suspicion of shoplifting.
Historically in the US, refusal to show ID, and refusal to perform specific acts that there is no legal requirement for you to perform (such as showing your receipt), have been explicitly ruled by the courts as not being sufficient reason for arrest - in fact, it's not even sufficient reason for search. Refusal to do either of these things cannot be interpreted as reason for anything.
Nowadays, of course, you pretty much have to show your papers to walk down the street. But they really didn't have legal justification for suspicion of shoplifting, and if it had gone to an unlawful arrest suit, he would most likely have won. The state would just raise taxes to cover the payout and the police would have gone right on arresting people, but at least the police would have been made to look bad for the media.
I worked 8 years at one big engineering plant and then 10 years at 2 others. Three big cafeterias full of male engineers every day at noon. Every time a woman, regardless of appearance, walked through all the engineers' heads would snap up, swivel and track her until she sat down or left the room. It would have been funny if it wasn't so pathetic. Conversations would at least pause during these spectacles and often as not be completely derailed. One moment the topic would be software or hardware or right-wing politics and the next it would be tits. Absolutely no subtlety at all. Consequently normal women tended to avoid the cafeterias. Who wants a bunch of bozos staring at them?
I have seen exactly the same behaviour from women, causing some men to avoid them - ergo, that isn't sex-linked, it's just being a jerk.
Why is it that every time this stuff comes up, all the examples of behaviour that people can come up with are things that both men and women do? The only explanation I can come up with is that when a woman acts like a jerk and a man sees it, he tells his friends (and probably downplays it), and when a man acts like a jerk and a woman sees it, she tells everybody.
The reason women don't like being around geeks is that so many geeks act like they're about 12 years old.
Again, not specific to men. So many women act like they're about 12 years old, too. Most people act pretty childish.
All I see is hand-waving "I bet there are tons of unpatched holes in IIS" sentiments in your post. I'd like to see proof that there exist unpatched IIS holes, not vacuous appeals to emotion.
The only fallacy here is your straw man. The claim you quote is something that you made up yourself. It is clearly very deliberately not present in the original post.
I'll spell it out, for the hard of thinking: saying that "Your evidence is flawed and can equally explain the opposite conclusion" (my post) is not the same thing as saying "The opposite conclusion is true" (your misquote).
You spouted a lot of speculation that IIS6 has tons of undisclosed flaws, but you've provided zero evidence.
You've spouted a lot of speculation that IIS6 doesn't have tons of undisclosed flaws, but you've provided zero evidence. I claim that my evidence is at least as good as yours. Deal with it.
Google is the #1 company that has been fighting AGAINST government intrusion into search.
How exactly do you know that? Because their marketing department told you so?
How exactly do you know that they aren't otherwise working with the government? Because the media didn't tell you they are?
Big business has always sided with the US government, because the US federal government exists primarily to serve the needs of big business. Why are you so sure that Google is somehow different?
There are only two "Important" bulletins for IIS 6, while IIS 5 has almost 30 bulletins over the same inital time period. It is amazing how far IIS has come since that nightmare that was IIS 4.
You do realise that you are measuring the "quality" of IIS by counting the number of security flaws that Microsoft will admit to having fixed?
You're not counting the number of known flaws. You're not counting the number of flaws that Microsoft knows about. You're not even counting the number of flaws that they've actually fixed. You're interpreting this change in the numbers as indicating an improvement, when it might just as easily indicate that they fix less flaws than they used to.
And don't forget that Microsoft has a long history of not bothering to fix security flaws until significant numbers of exploits have been noticed in the wild. We can only guess at how many unfixed flaws there are in IIS today.
The important point to remember, though is *2 YEARS*. That's how long we have until the IPv4 address space is fully allocated at the top level. It may take a little longer (months?) before people start really feeling any pain from that at the end-user level. But its the critically important point for people to realize. Can you be ready for IPv6 in 2 years? You need to be. If its gonna take you 2 years to get IPv6 functioning in your network, then you need to start *NOW*.
About once a year I investigate the current state of ipv6 support, and every time so far I have found every major operating system (including linux-based ones) to be inadequate to the task of deploying ipv6. The software support is just not there, on both the system and application levels. Sure, I can configure ipv6 interfaces on hosts and even have some of them set up tunnels and talk to each other, but it is entirely impossible for me to configure a non-trivial network without ipv4 support on every host and still expect it to work, so there's no damned point.
NAT is the solution to the address space problem. Get used to it, because ipv6 has spent the last five years failing to become a solution. When we finally run out of ipv4 addresses, we aren't going to switch to ipv6, we're going to switch to using NAT at the ISPs. You won't get an internet-routeable address for anything other than a server, after that happens - regular DSL lines will be allocated an address from one of the private ranges and NATted onto a smaller pool of routeable addresses as they leave the ISPs network.
It's going to come down to a choice between a technology that has spent years going nowhere and a technology that has spent years being used as the solution to the problem. I know which way the ISPs are all going to jump.
If it were me, I would simply do both what Theo's team is asking, and what the lawyers are asking: fix the mistakes until Theo's team is satisfied, and then withdraw.
Unfortunately, the lawyers are operating under threat of lawsuit, and so they are compelled not to take any action that could be seen by a court as admission of guilt. If they do whatever Theo wants, then he could argue in court that they believed their actions were unlawful.
This is basically what Moglen is saying: while they are under threat of being sued, they're blocked from doing anything about it.
Then they do a public-key exchange to establish the session key. There are multiple possible algorithms for both the public-key and the symmetric cipher. (I think Diffie-Hellman exchange is used currently in most, if not all, TLS implementations.) Essentially, each party uses the other party's public key to send some random information (which, encrypted with their public key, can only be decrypted with their private key), which the other party uses to construct the symmetric session key.
You are correct in facts up to this point, but you've misinterpreted them. The magic thing about a Diffie-Helman key exchange is that it uses no prior key material. The certificates of the server and client are not involved at any point in the process. This establishes a session key that only the two parties in the exchange know, and no other parties know. After this has happened, any certificates are used in signing mode to verify the identity of the two parties. Diffie-Helman is basically a form of shared key generation mechanism based on public-key mathematics to generate a single shared secret, it's not an algorithm that uses public keys in encryption mode.
I think where you are getting confused is in the idea of perfect forward secrecy: this just means that the session key is randomly derived, and that after it's done being used, both parties throw it away.
That's an implementation detail. The meaning of "perfect forward security" is that after the session is completed, it is impossible for any external party to decrypt it, regardless of what information they recover - "forward security" means "security after this point in time" and "perfect" means no attacks can exist. It doesn't say anything about the method used to accomplish this, but it does guarantee that even if a third party recovers all the prior key material, they still cannot decrypt the session. Diffie-Helman is the most common method used to accomplish this.
PFS fails if you can compromise both parties' secret keys
The whole point of PFS is that it doesn't fail in this scenario. The only failure mode for a system with PFS is a man-in-the-middle attack. That's what certificates are used to prevent in TLS, and that's what is under threat from this technology.
It is true that every session uses a symmetric cypher with a different session key... but how do you think the keys are exchanged? Once the PKI encryption is broken, the attacker will be able to read the session key in plaintext and decrypt the entire session. And this is for every single person using Google's certificate. That is why cracking PKI is so profitable, the long-term nature of the keys means once it is cracked, you have free reign for a long time.
How do you think keys are exchanged?
An encryption protocol that behaves like you describe here would be considered by contemporary cryptographers to be quite weak. The good protocols (including TLS) provide perfect forward secrecy, which eliminates this problem (and others): they use the public keys only in signing mode, not encryption mode. Breaking the public key algorithms would permit MITM attacks, but would not permit decryption of the session by an external eavesdropper.
Isn't that the crux of **AA's original objection to file sharing? That downloaders=freeloaders were cutting into their potential financial gain since "why buy the cow when you can get the milk for free"?
That's always been a really silly analogy. Which do you typically buy: cows or milk?
The *AA wants to bill you for the cow, when all you want is the milk. If they ran the supermarkets, you would have to rent a cow every time you wanted milk in your tea - at $10 a pop, including the hire fee for the guy to milk the cow for you, and you would be filmed while you drink it to make sure that you don't share the milk with anybody else.
I see nothing wrong with the $10 million figure. Companies have used the DMCA to try to recover "damages" of ridiculous proportion in the past (RIAA as our most favorite). Why shouldn't the DMCA work for consumers in the same fashion? In which case, the $10 million figure seems just as "reasonable"
It's kind of a problem with the way these things are reported in the media. What happens is, the law gives limits on the penalty that can be applied to any unlawful action, and it is the responsibility of the plaintiff to research this. The plaintiff then has to provide the court with a detailed breakdown of all the things that they claim have been done, and the maximum penalty for each of them as applied to this specific case. The media then takes this list, adds up all the numbers, and says that the plaintiff is trying to get damages of that amount.
The reality is that judges almost never award the maximum financial penalty, they rarely rule in favour of the plaintiff on every single charge listed, and the defence is going to contest most of it and win on some of the points - any skilled prosecution lawyer throws in all the borderline items they can come up with, knowing that they won't get most of them, because they usually will get a few of them. For example, if there are four or five different rules which might apply, then the prosecution will list them all, and let the judge pick one and throw the rest out - there's nothing wrong with that, it's just how the legal system works. If you are beginning a lawsuit against somebody and asking for damages, then your lawyer will explain this to you and tell you that you are only going to get a small part of the maximum possible penalty, and give you some rough estimates of how much they would expect to get.
The media never reports stories by saying things like "the plaintiff claims maximum possible damages are $10m, and they expect to get about $500k", because that doesn't sound as impressive.
No, but it's what does it for the vast bulk of the time. He's not wrong because you can find a few meager exceptions.
Where's your study to back up that claim? Where are your numbers? Can you prove that the vast bulk of creative works would not be created without copyright law, or is it just what you've been told by large corporations who benefit from increasing copyright laws?
It looks to me like you're just begging the question.
They can be blocked from continuing to do business in that jurisdiction. Not that it is enforceable in this age of the Internet.
As a donation-funded non-profit organisation based in the UK and Switzerland, they don't do business in the US at present, never have, and are not particularly likely to do so in the future. They don't even have a tax-exempt status in the US. A US court cannot prohibit US citizens from donating to them, nor can they confiscate those donations. There really isn't anything that a US court can do to them.
While the proposal certainly would be a bad idea, you have to understand how government works in the UK. The US has adopted a system based on the idea of "checks and balances", letting several branches of the government work against each other to keep any one from getting out of control. The UK, on the other hand, has a system based on thousands of years of revolutions and civil wars; at each instance of excessive government abuse, they all got stabbed, shot, hanged, or whatever was in vogue at the time, and a new government was installed with less power. This process has resulted in our modern solution to the problem of government: where the US relies on the "checks and balances" idea, we rely on the "completely ineffective government" approach instead. Our government doesn't have the money, competence, intellectual capability, or frankly even the power to implement a policy like this. They have tried many things like this in the past, and every single one of them has floundered. Even if they could agree with each other for long enough to decide to do this, they wouldn't be able to see it through.
The primary purpose of the UK government is to keep politicians busy so that they don't get in the way of the people who do useful work. It generates a lot of talk, regular entertainment, and that's about it. This approach to government has a lot in common with spaying a cat to stop it from getting into trouble. While it has some downsides (public transport is hilariously bad), overall it works pretty well.
I think Spamhaus could have avoided the issues they are dealing with now by not labeling spammers as spammers, and came up with a more politically correct term that is legally bulletproof.
Spamhaus are not in any trouble because of what name they used, or even what they listed. They're in "trouble" on a technicality, they messed up their claim that this court has no jurisdiction over them (which it doesn't; they are not a US company and have no holdings or business in the US, so a US court can't do a damn thing to them). No trial has been held on the facts of the case. It's not real trouble because the court really can't do anything: regardless of what judgement is made against them, they don't have to pay or comply in any way, and that'll be the end of it. You can't extradite a company, the court can't enforce judgement against assets that are located on foreign soil, and in the UK (where Spamhaus really are) is it not illegal to ignore the proclamations of a foreign court.
Yesterday night I was walking by the Mel Lastman's Square and a kid, probably not older than 16 was standing there distributing a socialist newspaper. Another young girl was distributing some kind of a Che Guevara pamphlet. I wish the public education put more emphasis on history and philosophy education (as well as hard sciences,) and would provide these kids with enough information and thinking abilities to understand what exactly such people as Che have done in their lives and why exactly socialist propaganda ends up going the bloody road every time it attempts to change the human nature.
How about what exactly such people as Bush have done in their lives? How about all the people who starve because it is not cost-effective to feed them in a capitalist society?
Socialism is not the problem here. Capitalism accomplishes exactly the same things for the opposite reasons - where socialism kills people who don't follow the rules, capitalism kills people who don't have money. Either way, they're just as dead. Both capitalism and socialism are just excuses, which serve to give people somebody to blame other than the ones responsible. Capitalists can hate the socialists and socialists can hate the capitalists, while it's their own leaders who are really responsible for all the problems.
The ideology does not matter. What matters is that those with power abuse it at the expense of those without power.
(Cue zealots from both sides to loudly proclaim that their side has no problems, while denouncing the problems of the "enemy")
Slashdot Mirror
Why on earth do you think that?
NOTHING can forfeit that right. If you could forfeit it, then it would be meaningless, because every vendor would require you to sign it away or void it before letting you buy anything. The courts everywhere have always upheld this one: statutory warranty is immutable. You can't sign it away and the vendor can't disavow it for any reason. If the vendor is responsible for the fault, then the vendor must make good on it. Burden of proof may vary depending on the age of the item, but there's no expiry date on a statutory warranty - you might be required to prove in court that your 5-year-old widget really was defective from the outset and didn't fail due to wear and tear, but if you can prove it, then it's covered. It does not matter what you did to the item before the fault occurred, if that wasn't the cause of the fault. It does not matter what the vendor wants. They must repair, replace, or refund.
You appear to be under the mistaken impression that this document affects the statutory warranty on every commercial product. It doesn't. If any product fails because of the actions of the vendor (usually manufacturing defects, but idiotic 'updates' also count), they have to repair, replace, or refund. It doesn't matter what words they put in the box with it. It doesn't matter what you sign. It doesn't matter what click-wrap licenses they throw at you. It doesn't matter what the vendor intended. The statutory warranty is immutable - courts all around the world have upheld that so many times that it just isn't funny any more.
Anybody who sells any new (not after-market) item has a duty to make sure it is fit for sale and a legal responsibility to make good on any faults.
Any warranties you may find in the box are additions to this, which cover failures due to your actions, third parties, or wear and tear (or nothing, in some of the more disreputable cases).
People are sometimes misled by those "no warranty; not even the implied warranty of merchantability or fitness for a particular purpose" labels on free software. The only reason those work at all is because the software is given away, rather than sold; there's no statutory warranty on a gift.
Right. Their heavy-handed disdain for such matters is what allows them to apply US laws to foreign nationals acting completely in accordance with their own laws on their own soil. Extradition treaties don't have anything to do with it.
Don't forget, that's exactly what happened to Sklyarov.
That has not been established. The facts of record are that some cops pointed guns at a girl who was no threat to anyone. If they did not have a damned good reason - if they were just being jackasses - then that would be sufficient to get them fired, and may have been a crime.
Not one of those cops has saved anybody. They damn near did the opposite. Nobody but the girl was in danger here. The only dangerous people were those idiots with uniforms, guns, and a testosterone problem.
Next time, they just might kill somebody.
I'm sorry, are you claiming that anybody who risks their life should be permitted to commit crimes with no consequences? That any government employee whose job carries any degree of risk should be exempt from responsibility for their actions? That the people responsible for enforcing the law should be less accountable than others?
Can you prove that? Because you have just alleged that several members of the TSA have committed a serious felony, which has a mandatory prison sentence attached. If true, this needs to be publicised and prosecuted now.
How many times have you tried asking a woman to explain the clothes they are wearing? How many of them have just ignored you?
Nothing unusual at all about that kind of behaviour.
In a free society, you assume everybody is innocent until proven otherwise. Sure, this means more crimes are going to be committed. That's the price of freedom. If you don't like it, China welcomes rich immigrants.
Justify, using diagrams where necessary, the designs and colouring of every item of clothing you own. Remove any and all items that I and all the other people nearby decide to be unacceptable.
Not answering and complying? Then, according to your post, we are fully justified in arresting and/or shooting at you, and you'll be lucky to be alive.
Historically in the US, refusal to show ID, and refusal to perform specific acts that there is no legal requirement for you to perform (such as showing your receipt), have been explicitly ruled by the courts as not being sufficient reason for arrest - in fact, it's not even sufficient reason for search. Refusal to do either of these things cannot be interpreted as reason for anything.
Nowadays, of course, you pretty much have to show your papers to walk down the street. But they really didn't have legal justification for suspicion of shoplifting, and if it had gone to an unlawful arrest suit, he would most likely have won. The state would just raise taxes to cover the payout and the police would have gone right on arresting people, but at least the police would have been made to look bad for the media.
I have seen exactly the same behaviour from women, causing some men to avoid them - ergo, that isn't sex-linked, it's just being a jerk.
Why is it that every time this stuff comes up, all the examples of behaviour that people can come up with are things that both men and women do? The only explanation I can come up with is that when a woman acts like a jerk and a man sees it, he tells his friends (and probably downplays it), and when a man acts like a jerk and a woman sees it, she tells everybody.
Again, not specific to men. So many women act like they're about 12 years old, too. Most people act pretty childish.
The only fallacy here is your straw man. The claim you quote is something that you made up yourself. It is clearly very deliberately not present in the original post.
I'll spell it out, for the hard of thinking: saying that "Your evidence is flawed and can equally explain the opposite conclusion" (my post) is not the same thing as saying "The opposite conclusion is true" (your misquote).
You've spouted a lot of speculation that IIS6 doesn't have tons of undisclosed flaws, but you've provided zero evidence. I claim that my evidence is at least as good as yours. Deal with it.
How exactly do you know that? Because their marketing department told you so?
How exactly do you know that they aren't otherwise working with the government? Because the media didn't tell you they are?
Big business has always sided with the US government, because the US federal government exists primarily to serve the needs of big business. Why are you so sure that Google is somehow different?
You do realise that you are measuring the "quality" of IIS by counting the number of security flaws that Microsoft will admit to having fixed?
You're not counting the number of known flaws. You're not counting the number of flaws that Microsoft knows about. You're not even counting the number of flaws that they've actually fixed. You're interpreting this change in the numbers as indicating an improvement, when it might just as easily indicate that they fix less flaws than they used to.
And don't forget that Microsoft has a long history of not bothering to fix security flaws until significant numbers of exploits have been noticed in the wild. We can only guess at how many unfixed flaws there are in IIS today.
About once a year I investigate the current state of ipv6 support, and every time so far I have found every major operating system (including linux-based ones) to be inadequate to the task of deploying ipv6. The software support is just not there, on both the system and application levels. Sure, I can configure ipv6 interfaces on hosts and even have some of them set up tunnels and talk to each other, but it is entirely impossible for me to configure a non-trivial network without ipv4 support on every host and still expect it to work, so there's no damned point.
NAT is the solution to the address space problem. Get used to it, because ipv6 has spent the last five years failing to become a solution. When we finally run out of ipv4 addresses, we aren't going to switch to ipv6, we're going to switch to using NAT at the ISPs. You won't get an internet-routeable address for anything other than a server, after that happens - regular DSL lines will be allocated an address from one of the private ranges and NATted onto a smaller pool of routeable addresses as they leave the ISPs network.
It's going to come down to a choice between a technology that has spent years going nowhere and a technology that has spent years being used as the solution to the problem. I know which way the ISPs are all going to jump.
Unfortunately, the lawyers are operating under threat of lawsuit, and so they are compelled not to take any action that could be seen by a court as admission of guilt. If they do whatever Theo wants, then he could argue in court that they believed their actions were unlawful.
This is basically what Moglen is saying: while they are under threat of being sued, they're blocked from doing anything about it.
You are correct in facts up to this point, but you've misinterpreted them. The magic thing about a Diffie-Helman key exchange is that it uses no prior key material. The certificates of the server and client are not involved at any point in the process. This establishes a session key that only the two parties in the exchange know, and no other parties know. After this has happened, any certificates are used in signing mode to verify the identity of the two parties. Diffie-Helman is basically a form of shared key generation mechanism based on public-key mathematics to generate a single shared secret, it's not an algorithm that uses public keys in encryption mode.
That's an implementation detail. The meaning of "perfect forward security" is that after the session is completed, it is impossible for any external party to decrypt it, regardless of what information they recover - "forward security" means "security after this point in time" and "perfect" means no attacks can exist. It doesn't say anything about the method used to accomplish this, but it does guarantee that even if a third party recovers all the prior key material, they still cannot decrypt the session. Diffie-Helman is the most common method used to accomplish this.
The whole point of PFS is that it doesn't fail in this scenario. The only failure mode for a system with PFS is a man-in-the-middle attack. That's what certificates are used to prevent in TLS, and that's what is under threat from this technology.
How do you think keys are exchanged?
An encryption protocol that behaves like you describe here would be considered by contemporary cryptographers to be quite weak. The good protocols (including TLS) provide perfect forward secrecy, which eliminates this problem (and others): they use the public keys only in signing mode, not encryption mode. Breaking the public key algorithms would permit MITM attacks, but would not permit decryption of the session by an external eavesdropper.
That's always been a really silly analogy. Which do you typically buy: cows or milk?
The *AA wants to bill you for the cow, when all you want is the milk. If they ran the supermarkets, you would have to rent a cow every time you wanted milk in your tea - at $10 a pop, including the hire fee for the guy to milk the cow for you, and you would be filmed while you drink it to make sure that you don't share the milk with anybody else.
It's kind of a problem with the way these things are reported in the media. What happens is, the law gives limits on the penalty that can be applied to any unlawful action, and it is the responsibility of the plaintiff to research this. The plaintiff then has to provide the court with a detailed breakdown of all the things that they claim have been done, and the maximum penalty for each of them as applied to this specific case. The media then takes this list, adds up all the numbers, and says that the plaintiff is trying to get damages of that amount.
The reality is that judges almost never award the maximum financial penalty, they rarely rule in favour of the plaintiff on every single charge listed, and the defence is going to contest most of it and win on some of the points - any skilled prosecution lawyer throws in all the borderline items they can come up with, knowing that they won't get most of them, because they usually will get a few of them. For example, if there are four or five different rules which might apply, then the prosecution will list them all, and let the judge pick one and throw the rest out - there's nothing wrong with that, it's just how the legal system works. If you are beginning a lawsuit against somebody and asking for damages, then your lawyer will explain this to you and tell you that you are only going to get a small part of the maximum possible penalty, and give you some rough estimates of how much they would expect to get.
The media never reports stories by saying things like "the plaintiff claims maximum possible damages are $10m, and they expect to get about $500k", because that doesn't sound as impressive.
Where's your study to back up that claim? Where are your numbers? Can you prove that the vast bulk of creative works would not be created without copyright law, or is it just what you've been told by large corporations who benefit from increasing copyright laws?
It looks to me like you're just begging the question.
As a donation-funded non-profit organisation based in the UK and Switzerland, they don't do business in the US at present, never have, and are not particularly likely to do so in the future. They don't even have a tax-exempt status in the US. A US court cannot prohibit US citizens from donating to them, nor can they confiscate those donations. There really isn't anything that a US court can do to them.
While the proposal certainly would be a bad idea, you have to understand how government works in the UK. The US has adopted a system based on the idea of "checks and balances", letting several branches of the government work against each other to keep any one from getting out of control. The UK, on the other hand, has a system based on thousands of years of revolutions and civil wars; at each instance of excessive government abuse, they all got stabbed, shot, hanged, or whatever was in vogue at the time, and a new government was installed with less power. This process has resulted in our modern solution to the problem of government: where the US relies on the "checks and balances" idea, we rely on the "completely ineffective government" approach instead. Our government doesn't have the money, competence, intellectual capability, or frankly even the power to implement a policy like this. They have tried many things like this in the past, and every single one of them has floundered. Even if they could agree with each other for long enough to decide to do this, they wouldn't be able to see it through.
The primary purpose of the UK government is to keep politicians busy so that they don't get in the way of the people who do useful work. It generates a lot of talk, regular entertainment, and that's about it. This approach to government has a lot in common with spaying a cat to stop it from getting into trouble. While it has some downsides (public transport is hilariously bad), overall it works pretty well.
Spamhaus are not in any trouble because of what name they used, or even what they listed. They're in "trouble" on a technicality, they messed up their claim that this court has no jurisdiction over them (which it doesn't; they are not a US company and have no holdings or business in the US, so a US court can't do a damn thing to them). No trial has been held on the facts of the case. It's not real trouble because the court really can't do anything: regardless of what judgement is made against them, they don't have to pay or comply in any way, and that'll be the end of it. You can't extradite a company, the court can't enforce judgement against assets that are located on foreign soil, and in the UK (where Spamhaus really are) is it not illegal to ignore the proclamations of a foreign court.
How about what exactly such people as Bush have done in their lives? How about all the people who starve because it is not cost-effective to feed them in a capitalist society?
Socialism is not the problem here. Capitalism accomplishes exactly the same things for the opposite reasons - where socialism kills people who don't follow the rules, capitalism kills people who don't have money. Either way, they're just as dead. Both capitalism and socialism are just excuses, which serve to give people somebody to blame other than the ones responsible. Capitalists can hate the socialists and socialists can hate the capitalists, while it's their own leaders who are really responsible for all the problems.
The ideology does not matter. What matters is that those with power abuse it at the expense of those without power.
(Cue zealots from both sides to loudly proclaim that their side has no problems, while denouncing the problems of the "enemy")