In this case, the content is hosted on a server you own, but on a network owned by the service provider. Since the service provider can't just root your box and remove the content, you need to do so. Like I said in my earlier post, though, I wouldn't give much of a response.
A simple "I have ensured that this file is not available on my server." should suffice to prevent comcast from disconnecting your link while not admitting anything at all.
You are spot-on for content on a hosted account though... the only small wrinkle here is that you own the server, so the only way the ISP can take it down is to disconnect you, which is, to say the least, an inconvenience for you.
That's not what the letter says at all. The letter is based on the allegation of offering the file for download (which you do, when you use bittorrent).
You only need to counter-notify if you believe you've received this notice based on a non-infringing file. No mention of any letter of explanation/apology is made in the linked document, so unless the poster has a different letter that he didn't post he's entirely misunderstood this notice. Otherwise, turn off your torrent and let them know that it's no longer there. If you feel the obligation to make up an excuse when you do that, go ahead.
IANAL, but I don't think I'd offer any explanation besides "Thanks for the notice. I have ensured that no such file is available." unless pressed into it by further action from the copyright holder. Like talking to the police, ISTM that the less you say, the better.
How can he hope to win this suit?
on
Spammer Sues SpamCop
·
· Score: 5, Insightful
Isn't that a lot like suing the credit reporting companies because you went bankrupt and they put you on their "do not extend credit" list? You could call it "tortious interference" with your ability to get a credit card or a mortgage.
I think that's been tried many times and hasn't worked. Why would this?
Your security concerns are overblown, since these are units that would presumably be rented from a booth in the concourse. I was initially thinking of that myself, but you can solve it in a very low-tech way. Just require a credit card to rent the unit. Any units that don't return or that return with signs of abuse can be charged to the cardholder that rents them. Problem solved. It's the same way that rental cars work today, and a rental car is much higher value than a rental PDA.
The ideas about ruggedizing COTS units are good, but consider the labor involved. Your pricing comments hold true for the ruggedized units; you could negotiate a favorable rate for a bulk purchase + advertizing to bring the cost down and perhaps come out ahead of the labor-intensive solution of ruggedizing your own.
Just such a beast was mentioned here on slashdot recently. It's a WinCE device with two CF slots, so it's perfectly capable of 802.11x. Read a review here or order one here.
It's quite pricy, but if you think you can rent them out (especially at pro-sporting event level prices!), I suspect you can recover the cost pretty neatly. Can you tell us which stadium it is?
Sure. And someone can add a second ethernet card to their machine, plug in a wireless access point, start a dhcp server and nat, and give the whole world wide open wireless access to your wired network. Or they could install a wireless card and run hostap wide open. Or use nocatauth and charge others for access to your network.
If you don't have control over every (wired or wireless) computer connected to your network, outsiders could be able to connect to it. This problem is not restricted to the wireless domain. Run your network services accrodingly.
Not everyone's encrypting all their outbound email with a note on how to install PGP.
There are many reasons for that, and it's not simply a voluntary tradeoff of privacy for convenience.
First of all, you CAN'T do that. Do you understand asymmetric key encryption? That means that in order to encrypt email you're sending TO someone, she must first make her public key available to you. i.e. she needs to have installed some software which generates a keypair and exports the public half in a format you can use. So it'd be useless to encrypt outbound mail to someone and include a note on how to install PGP.
Moreover, though I hate to say it, because there's so much to like about OpenPGP, if you want to advocate encrypted email, use S/MIME. Get a personal freemail certificate from thawte (no charge) and start clear-signing your mail. Pretty well everyone should be able to read clear-signed mail. Perhaps include a line in your.sig directing your corespondents to thawte for a free certificate.
The advantage of S/MIME here is twofold: 1. Everyone gets your public key with the signed email, and automagically cryptographically verifies that it meets some CA's definition of "valid". 2. If the recipient is using a well-configured mail program, it will store your certificate for later use. If they have their own cert, many mail programs will start opportunistically encrypting their messages.
Unfortunately, none of the widely deployed PGP/OpenPGP clients behave like this.
Anyway, I agree with your sentiment about a9 being a tradeoff of privacy for convenience. I must admit that I fall squarely in the "It's OK if they tell you up front; if you don't like it don't use it." camp. You picked a really dumb example of another tradeoff, though. As you can see (I hope) the two situations are not alike in any way.
Heh. It's unlikely that anyone needs all "the dang crap" that comes with [fill in the blank] program for Windows. It is very likely, however, that some subset of the software company's paying customers wants each one of the features that you consider bloat. Removing the bloat would be turning down money on the part of the program's authors. Presumably, it would entail turning down more money than they're driving away by producing software that you consider "bloated". Especially since most people just buy the bloated software while complaining about bloat, whereas people won't buy software that doesn't do what they want at all. (e.g. If someone wants a CD burning package that includes a label editor, they won't buy one that doesn't. If someone wants just a CD burning package they're unlikely to refuse the "best" one just because it also includes a label editor they don't want.)
Copyright(c) 2003 - 2004 Intel Corporation. All rights reserved.
This program is free software; you can redistribute it and/or modify it
under the terms of the GNU General Public License as published by the Free
Software Foundation; either version 2 of the License, or (at your option)
any later version.
Just because they've not put their name all over the site in no way makes this "not released by intel".
Read the copyright on the source code, and look at the contact info posted on the sf site. It's intel. (Hint: "Copyright 2003 - 2004 Intel Corporation" and the contact is jketreno AT linux.intel.com)
Just because they aren't loudly tooting their own horn by splashing "intel" all over the sf.net website doesn't mean they're not helping/having their people do the work. What you saw simply means they haven't been able to work out how to get the HW docs out the door to the community, and are being candid about this in the first sentence of their page.
And shame on you for making bad assumptions about helpful people, and unfairly criticizing an accurate news article.
I suppose I may have been trolled here, and I hate to bite, but this needs to be corrected:-)
Correct... that's why I'd be curious to see S:N as a global statistic, next to percentages of global mail traffic. I didn't mean to suggest that my statistics would in any way carry around the world; I'd be shocked if they did. I just used my mail to give a concrete example of the numbers I was interested in seeing, because I felt that a description was not 100% clear without the example.
This is a good statistic, as far as it goes. What I'd really like to see summarized is the breakdown of non-spam email on a global basis as well as a S:N ratio for each country.
For example, on a typical mail day lately, I seem to be getting around 100 messages in one of my mailboxes, not counting Windows worms and related crap. Here's my breakdown, based only on.tld, counting non country code TLDs as US-ian: About 60 are legitimate, business-related emails, and 40 are spam. Of the spam, 20 seem to come from the US or Canada, 8 from Europe, 2 from South America, and 10 from Asia. I also have about 40 valid messages from the US or Canada, 15 valid messages from Europe, and 5 from South America. So my S:N on messages from North America and Europe remains high, it's lower from South America, and 0 from Asia.
I'd be curious to see these numbers for a more global sampling of email. It seems unlikely that anyone would be in a position to provide them, though.
I too would expect any modem with a UART to be a hardware modem. But according to the manufacturer it's not. On that page, they call it a "software modem" which generally means winmodem.
That's not questionably legal in any way; that's for a cash register. Many registers nowadays are just PCs and use one of those (generally affixed to the keyboard) to process credit card transactions. In fact, the legality of all of the items involved in the fraud is unquestionable. Turning them into the fraudulent device and attaching them to the ATM, however, is just as unquestionably illegal. (FYI, in case you're unconvinced about the Ebay auction, you can walk into any office depot and buy the gadget you linked.)
[sarcasm]I don't know if I'd say Microsoft stuff is proprietary since they're basically THE software company.[/sarcasm]
Bluesocket is based on open industry standards. Many cisco products also support open standards, but they have been known to work in the odd bit of proprietary crap here and there. Cisco more often just do standards a bit early, before they're widely agreed upon, then bring their system in line with the ratified versions of the standards.
#1: Verisign can fake that, though. They can create their own private key and replace yours with it temporarily. Either way, I have to trust them quite a lot.
This is only a trust issue for SSL clients, not for an ssl server.
at what point do you draw the line between 'ssl' and 'not ssl'?
SSL is a specific protocol, not a library. It has been standardized by the IETF in RFC 2246. If the protocol described in that document is implemented, it may properly be described as SSL or TLS. SSH, of course, does not implement that protocol although many of its crypto operations are the same.
There is no reason to ignore reserved ports. For this scheme, any closed port is usable. So the "alphabet" is 2^16 - the number of open ports on the box.
It could as easily be a 50 letter password if you wanted.
The feedback mechanism is so slow (network) that even a short sequence would take a long time. Suppose there were 100000 possible combinations (this is way low). Suppose it takes 5 seconds to check each (this is probably the fastest realistic time). That's almost 6 days of brute force effort.
Brute forcing this would be incredibly noisy.
Once you get through this, you still have to get through ssh.
The upshot of this is that you can have a sequence which is stronger (from a brute force perspective) than an 8 character ascii password. Still, this does look more promising for clandestine activity than it does for additional security.
SSL itself isn't secure enough for me -- I have to trust VeriSign. So there are better ways of storing really sensitive information.
This is wrong on two levels:
Verisign has nothing to do with the security of data transmitted using SSL, and the only thing you could ever trust them for is vetting the identity of the people whose certificate requests they sign. They never control your private keys, and you can operate an SSL site that has nothing whatsoever to do with verisign. Just set up your own CA.
SSL is not used for "storing really sensitive information". You use SSL to encrypt data in transit, not for storage.
I'm not sure about the GPS side of things, but the most hacker-friendly phones I've found are the Nokias from AT&T wireless. They don't place any restrictions on the phones, and the development kits as well as software to transfer the applications are freely available for download from Nokia's website. Mine is a J2ME environment and has been fun to play with so far. AFAICT, they are the only ones in the US who have not restricted their phones.
Lots of good developer info is available on forum.nokia.com, and some basic win32 tools are available here.
Hint for buying one: Shop Amazon for the best price, then go to the AT&T wireless store near you to purchase. Show them Amazon's price, and they will often get close or even match it without requiring you to mail something in for a rebate.
Slashdot Mirror
In this case, the content is hosted on a server you own, but on a network owned by the service provider. Since the service provider can't just root your box and remove the content, you need to do so. Like I said in my earlier post, though, I wouldn't give much of a response.
A simple "I have ensured that this file is not available on my server." should suffice to prevent comcast from disconnecting your link while not admitting anything at all.
You are spot-on for content on a hosted account though... the only small wrinkle here is that you own the server, so the only way the ISP can take it down is to disconnect you, which is, to say the least, an inconvenience for you.
That's not what the letter says at all. The letter is based on the allegation of offering the file for download (which you do, when you use bittorrent).
You only need to counter-notify if you believe you've received this notice based on a non-infringing file. No mention of any letter of explanation/apology is made in the linked document, so unless the poster has a different letter that he didn't post he's entirely misunderstood this notice. Otherwise, turn off your torrent and let them know that it's no longer there. If you feel the obligation to make up an excuse when you do that, go ahead.
IANAL, but I don't think I'd offer any explanation besides "Thanks for the notice. I have ensured that no such file is available." unless pressed into it by further action from the copyright holder. Like talking to the police, ISTM that the less you say, the better.
Isn't that a lot like suing the credit reporting companies because you went bankrupt and they put you on their "do not extend credit" list? You could call it "tortious interference" with your ability to get a credit card or a mortgage.
I think that's been tried many times and hasn't worked. Why would this?
Your security concerns are overblown, since these are units that would presumably be rented from a booth in the concourse. I was initially thinking of that myself, but you can solve it in a very low-tech way. Just require a credit card to rent the unit. Any units that don't return or that return with signs of abuse can be charged to the cardholder that rents them. Problem solved. It's the same way that rental cars work today, and a rental car is much higher value than a rental PDA.
The ideas about ruggedizing COTS units are good, but consider the labor involved. Your pricing comments hold true for the ruggedized units; you could negotiate a favorable rate for a bulk purchase + advertizing to bring the cost down and perhaps come out ahead of the labor-intensive solution of ruggedizing your own.
Just such a beast was mentioned here on slashdot recently. It's a WinCE device with two CF slots, so it's perfectly capable of 802.11x. Read a review here or order one here.
It's quite pricy, but if you think you can rent them out (especially at pro-sporting event level prices!), I suspect you can recover the cost pretty neatly. Can you tell us which stadium it is?
Sure. And someone can add a second ethernet card to their machine, plug in a wireless access point, start a dhcp server and nat, and give the whole world wide open wireless access to your wired network. Or they could install a wireless card and run hostap wide open. Or use nocatauth and charge others for access to your network.
If you don't have control over every (wired or wireless) computer connected to your network, outsiders could be able to connect to it. This problem is not restricted to the wireless domain. Run your network services accrodingly.
Not everyone's encrypting all their outbound email with a note on how to install PGP.
.sig directing your corespondents to thawte for a free certificate.
There are many reasons for that, and it's not simply a voluntary tradeoff of privacy for convenience.
First of all, you CAN'T do that. Do you understand asymmetric key encryption? That means that in order to encrypt email you're sending TO someone, she must first make her public key available to you. i.e. she needs to have installed some software which generates a keypair and exports the public half in a format you can use. So it'd be useless to encrypt outbound mail to someone and include a note on how to install PGP.
Moreover, though I hate to say it, because there's so much to like about OpenPGP, if you want to advocate encrypted email, use S/MIME. Get a personal freemail certificate from thawte (no charge) and start clear-signing your mail. Pretty well everyone should be able to read clear-signed mail. Perhaps include a line in your
The advantage of S/MIME here is twofold:
1. Everyone gets your public key with the signed email, and automagically cryptographically verifies that it meets some CA's definition of "valid".
2. If the recipient is using a well-configured mail program, it will store your certificate for later use. If they have their own cert, many mail programs will start opportunistically encrypting their messages.
Unfortunately, none of the widely deployed PGP/OpenPGP clients behave like this.
Anyway, I agree with your sentiment about a9 being a tradeoff of privacy for convenience. I must admit that I fall squarely in the "It's OK if they tell you up front; if you don't like it don't use it." camp. You picked a really dumb example of another tradeoff, though. As you can see (I hope) the two situations are not alike in any way.
Heh. It's unlikely that anyone needs all "the dang crap" that comes with [fill in the blank] program for Windows. It is very likely, however, that some subset of the software company's paying customers wants each one of the features that you consider bloat. Removing the bloat would be turning down money on the part of the program's authors. Presumably, it would entail turning down more money than they're driving away by producing software that you consider "bloated". Especially since most people just buy the bloated software while complaining about bloat, whereas people won't buy software that doesn't do what they want at all. (e.g. If someone wants a CD burning package that includes a label editor, they won't buy one that doesn't. If someone wants just a CD burning package they're unlikely to refuse the "best" one just because it also includes a label editor they don't want.)
OP had the incident in Dublin. His bank is Norweigan. It seems unlikely that he can get to a "local" branch.
You strike me as a person who has severe reading comprehension problems.
Copyright(c) 2003 - 2004 Intel Corporation. All rights reserved.
This program is free software; you can redistribute it and/or modify it
under the terms of the GNU General Public License as published by the Free
Software Foundation; either version 2 of the License, or (at your option)
any later version.
Just because they've not put their name all over the site in no way makes this "not released by intel".
Read the copyright on the source code, and look at the contact info posted on the sf site. It's intel. (Hint: "Copyright 2003 - 2004 Intel Corporation" and the contact is jketreno AT linux.intel.com)
:-)
Just because they aren't loudly tooting their own horn by splashing "intel" all over the sf.net website doesn't mean they're not helping/having their people do the work. What you saw simply means they haven't been able to work out how to get the HW docs out the door to the community, and are being candid about this in the first sentence of their page.
And shame on you for making bad assumptions about helpful people, and unfairly criticizing an accurate news article.
I suppose I may have been trolled here, and I hate to bite, but this needs to be corrected
How does one put "jerking off" onto a resume tactfully?
"Business Development"
Correct... that's why I'd be curious to see S:N as a global statistic, next to percentages of global mail traffic. I didn't mean to suggest that my statistics would in any way carry around the world; I'd be shocked if they did. I just used my mail to give a concrete example of the numbers I was interested in seeing, because I felt that a description was not 100% clear without the example.
This is a good statistic, as far as it goes. What I'd really like to see summarized is the breakdown of non-spam email on a global basis as well as a S:N ratio for each country.
.tld, counting non country code TLDs as US-ian: About 60 are legitimate, business-related emails, and 40 are spam. Of the spam, 20 seem to come from the US or Canada, 8 from Europe, 2 from South America, and 10 from Asia. I also have about 40 valid messages from the US or Canada, 15 valid messages from Europe, and 5 from South America. So my S:N on messages from North America and Europe remains high, it's lower from South America, and 0 from Asia.
For example, on a typical mail day lately, I seem to be getting around 100 messages in one of my mailboxes, not counting Windows worms and related crap. Here's my breakdown, based only on
I'd be curious to see these numbers for a more global sampling of email. It seems unlikely that anyone would be in a position to provide them, though.
I too would expect any modem with a UART to be a hardware modem. But according to the manufacturer it's not. On that page, they call it a "software modem" which generally means winmodem.
That's not questionably legal in any way; that's for a cash register. Many registers nowadays are just PCs and use one of those (generally affixed to the keyboard) to process credit card transactions. In fact, the legality of all of the items involved in the fraud is unquestionable. Turning them into the fraudulent device and attaching them to the ATM, however, is just as unquestionably illegal. (FYI, in case you're unconvinced about the Ebay auction, you can walk into any office depot and buy the gadget you linked.)
[sarcasm]I don't know if I'd say Microsoft stuff is proprietary since they're basically THE software company.[/sarcasm]
Bluesocket is based on open industry standards. Many cisco products also support open standards, but they have been known to work in the odd bit of proprietary crap here and there. Cisco more often just do standards a bit early, before they're widely agreed upon, then bring their system in line with the ratified versions of the standards.
I suspect IHBT...
He (or she, I suppose) is right. It was originally the Nullsoft SuperPiMP Install System... RTFS :-)
#1: Verisign can fake that, though. They can create their own private key and replace yours with it temporarily. Either way, I have to trust them quite a lot.
This is only a trust issue for SSL clients, not for an ssl server.
at what point do you draw the line between 'ssl' and 'not ssl'?
SSL is a specific protocol, not a library. It has been standardized by the IETF in RFC 2246. If the protocol described in that document is implemented, it may properly be described as SSL or TLS. SSH, of course, does not implement that protocol although many of its crypto operations are the same.
- There is no reason to ignore reserved ports. For this scheme, any closed port is usable. So the "alphabet" is 2^16 - the number of open ports on the box.
- It could as easily be a 50 letter password if you wanted.
- The feedback mechanism is so slow (network) that even a short sequence would take a long time. Suppose there were 100000 possible combinations (this is way low). Suppose it takes 5 seconds to check each (this is probably the fastest realistic time). That's almost 6 days of brute force effort.
- Brute forcing this would be incredibly noisy.
- Once you get through this, you still have to get through ssh.
The upshot of this is that you can have a sequence which is stronger (from a brute force perspective) than an 8 character ascii password. Still, this does look more promising for clandestine activity than it does for additional security.I've run with mine 3 times a week for the past 4 months and haven't seen any ill effects thus far. Or is there some problem I'm missing?
You are mistaken. His site was last updated in mid-December 2003, by the author himself.
I'm not sure about the GPS side of things, but the most hacker-friendly phones I've found are the Nokias from AT&T wireless. They don't place any restrictions on the phones, and the development kits as well as software to transfer the applications are freely available for download from Nokia's website. Mine is a J2ME environment and has been fun to play with so far. AFAICT, they are the only ones in the US who have not restricted their phones.
Lots of good developer info is available on forum.nokia.com, and some basic win32 tools are available here.
Hint for buying one: Shop Amazon for the best price, then go to the AT&T wireless store near you to purchase. Show them Amazon's price, and they will often get close or even match it without requiring you to mail something in for a rebate.