A few years ago, I was looking for a copy of a specific file, and constrained my google searches in such a way that I was getting only raw file indexes from google.
My crime: Using google.
What I found-- You know the Atlas experiment? Part of the LHC at CERN? They had an insecured, public facing HTTP server online that had the file I was looking for. The server was clearly not intended to be publicly facing: It had engineering data on the ATLAS detector, some preliminary data from the experiment, employee photos, and some other "clearly not for public disclosure" information on it, being blissfully cataloged by Google's metacrawler.
Did I decide that I needed copies of all that data? No.
Did I decide that I needed to give that data out to interested parties? No.
Did I politely disclose the unintended disclosure their servers were doing to the site's admin after looking them up? Yes.
Am I glad that they made the server more secure afterward? Yes.
Was I interested in money at any point in this matter? No.
Could I have been prosecuted for unauthorized access to a computer system, under modern antihacking laws? HELL YES.
You see it pretty frequently these days: Somebody stumbles upon a vulnerability by mistyping a URL for their bank statement, and get somebody else's statement. BOOM, Criminal access. They do due dilligence to make sure it isnt a fluke-- access a few other statements-- then attempt ethical disclosure. Instead of being thanked for the heads up to the breach, they instead get arrested. (and the hole left unpached.)
When this happens often enough, people who stumble on these things, who really just want it fixed, end up having to take measures to protect themselves. This has now clearly escallated to hostage taking.
Like all actions undertaken by people, the issue revolves around motive.
If Motive == "Personal enrichment" Then
ExtortMoney="true"
SellStolenData="true" Else
If Motive=="End-User security improvement" then
If LegitimateEthicalDisclosureSuccessful="True"
ExtortMoney="false"
SellStolenData="false"
Else
ExtortMoney="True"
SellStolenData="false"
End if End If
EG, the extortion is just a means to compel the obstinate corporation running the grossly insecured system into actually taking SOME action besides "sue and ignore".
When enough well meaning grey hats get "sued and ignored" for Big Corporate Profits, expect their tactics to change to less benign methods than just simple "uhm, hey guys-- You totally have all your shit on a public facing anon FTP server. I can see all your exchange server's dirty laundry. Consider fixing it, m'kay?" into a "Look bros, Not only are you stupid fucks that treat user data like its nothing, you left all your dirty, illegal practices open to public scrutiny by being idiots with your security. Here's how you should properly secure that shit-- Now pay me 30k for the service."
And, if the idiots running these shitty services continue balking about having to actually do things right, expect it to escallate even further to "If you blow me off, I will give the data to somebody who could actually use it." which is the next logical step.
I have done some grey-hat things, (I have literally stumbled across servers that were not intended to be internet facing, that contained privileged data. Thankfully they were from research groups and universities, not corporations. Google indexes LOTS of interesting places.) but I did not exploit that-- I found ethical disclosure to the site operator was sufficient. From what I have been reading though, corporations tend to sue first, and thank never. Instead of getting friendly letters alerting them to the issue, they have forced people to have to hold the data hostage.
I dont extort money from people this way, nor do I attack production systems to find vulnerabilities. (The most I do is set up my own deployment, and then do horrible things to that, and then only out of personal curiosity)
However, I feel compelled to point out-- Not everyone is a sociopathic ass weasle. For some, the extortion of money is more a means than an end. In other words, they dont really want the money, the demand for money is just something used to coerce the corporate overlords they see running lackluster operations into fixing their shit. EG, when they can just blow it off and pretend it never happened, to the sociopath, it never happened. There has to be a publicly exposed element, and personal loss before the problem is actually a problem. That's what the ransom does.
Now, I doubt that MOST of the people doing this have such high minded ideals behind the ransom demands, but asserting blandly that all of them are money grubbing sociopaths hints pretty strongly that you either spend way too much time with that kind of crowd, or that you belong to that crowd yourself.
I dunno. The comparison is pretty apt on many levels when you actually think about it.
1) Rape is a forceful act, in which one person is rendered powerless, then has genetic material forcefully inserted. It is considered a heinous violation, because the perpetrator does this exclusively for their own power tripping and physical pleasure, damaging another human being mentally, emotionally, and physically, then leaving them with all the consequences. It denies the victim agency, and dehumanizes them into a simple object that exists for the perps's pleasure, who's later sufferings are unimportant.
2) This kind of forced update holds many parallels. It is also a forceful act (done without proper consent), in which the user is rendered powerless, and computer data is forcefully inserted. it should be considered and analogously heinous violation because MS is doing this exclusively for its own power tripping and financial benefit, damaging other people's businesses and system configurations, causing mental harm to users and admins who have previously told them NO repeatedly through blocking the update, setting registry keys, and uninstalling prior updates that made it through (all things MS can trivially check for but doesnt) leaving them with all the consequences of the action. This kind of policy denies the user of agency on what does and does not get installed on their system, and dehumanizes them as just statistical figures for unexploited market potential, that exist only to make MS more money, who's sufferings are unimportant to them.
The major difference is that rape affects humans directly, where this kind of digital rape affects humans indirectly.
Further, the kinds of justifications levied in defense of these heinous acts are very similar:
"If she didnt want it, she shouldnt dress provacatively!" "If you dont want the update, you shouldn't accept security updates promiscuously!"
When you really think about it, the two are very closely related pathologies, and handwaving it away like you did is a disservice to the people who's systems are being violated like that.
By the time I got ahold of a copy, it was quite some ways behind NT4 on useful desktop software, and lightyears behind on drivers.
The copy I had was a floppy diskette based installer set, with some ungodly number of diskettes in it. I remember wondering about the similarities between HPFS and NTFS.
Mostly, it felt like windows 3.1 with a 32bit UI instead of a 16 bit one, very ancient windows app support, and very little native apps.
I suppose it could have gone somewhere had IBM actually gone hard-nosed about it after being snubbed my MS when they released NT4. NT4 had some nasty warts-- no PnP support, No USB support, and a number of others. A proper reboot of the OS/2 ecosystem with proper win32 app support, WDM driver support (So it could use windows drivers, even if just using a wrapper to do so) along with proper OpenGL, USB, and PnP support would have gone a long way back in the day.
These days the features of OS/2 are so obsolete it isn't even funny. ReactOS is extreme bleeding edge alpha, and would be more useful than an OS/2 deployment.
The real windows alternatives out there today are OSX and Linux.
They create a new class of "loan", with a 0% interest rate, and a date of mandatory repayment of 100bn years from now.
They can put a sign up front advertising these amazing loans, "No credit check, not deposit, no ID required!"
The bank can issue up to 9x the value of thier current deposit holdings in such "loans", and the money they lend out comes from nothing-- per how federal reserve banking is designed to work.
If the bank offers such a "loan", you are perfectly free to take all the free money that you will be too dead to pay back by the due date that you want, until the bank runs out of credit.
Most banks are not this stupid, being for profit institutions-- they expect to be paid back their credit, (which, once they are repaid, the money you give them becomes holdings, and they can lend THAT out at 900% as well) and expect that you will hold the loan in either their bank, or another bank they can take an interbank loan from, and mass generate wealth from nothing. Giving away money at 0% with a due date older than the projected heat death of the universe is not something they will consider-- But if they did, it is not bank robbery to accept their generous offer.
Well, here it is, a few years later-- and we have a dildo up all our collective asses (TPP), because after 4 consecutive attempts and being told no each and every time, they decided behind closed doors that we really meant yes, and just jammed it in without even asking.
Expect the same kind of shit with Feinstein and her fetish for backdooring everything and everyone-- for our own safety, of course.
If not her, some other tool with a vested interest in pornoscopes, panopticon surveilance, secret courts and secret rulings, and of course, secret databases that you arent allowed to ask if your data is on file in.
because all that is to keep you safe, citizen! It has nothing whatsoever with the raging hardon we in the panopticon have when we think about how we can charge you with a made up crime and have it stick, all while eating popcorn watching you go about your life 24/7, and snickering about all those "private" things you do, buy, and say online.
Nothing whatsoever. it's all about your safety. Yes. Your safety. Now, please stand in front of the security device...
Oh yes. That's it. Lean a little more to the right. Oh yeah...Mmm.. Good citizen, Very good.
The problem I had with Ubuntu concerning Unity, was that their update pacckages did not respect non-unity configurations, and would destroy the desktop of alternatives.
It was ultimately what drove me first to Xubuntu, and later to Mint.
Granted that was several years back, but I doubt the situation has improved much. The updated packages would almost always overwrite the configurations I had set up when it came to the GUI, which would turn on parts of Unity that did not need to be and should not have been activated, which would put the window manager into an unstable condition. I am sure the new configurations in the update packages were well tested on the unity WM, but they were presumptuous on other desktops, and broke shit.
Mint is more careful, since they officially support xfce, mint, and cinnamon all at the same time. Means they dont/cant take things like "oh yeah, they are totally running Unity. Its OK to overwrite the xinit. It'll be fine." for granted.
In the context of a "reasonable jury", it would relate to a jury that is ordinary, rational, or appropriate.
The no true scottsman appellation stands: Oracle is straight up saying that a jury that fails to see things its way is not an ordinary, rational, or appropriate jury.
The assertion that there is a specific meaning to the phrase "reasonable jury" outside of this more generic use of the legal definition of the word "reasonable" does not seem to bear fruit. I have searched many different online legal dictionaries for the term, and come up empty. If there is such a specific use of the art, I would be glad to have it defined for me.
As best I can interpret, Oracle is stating that because Google's use is clearly commercial in nature, that the use cannot be a fair use, and takes this as a presupposition for its subsequent intent in the statement-- that no reasonable jury (as in, one that is aware of what constitutes fair use, and uses reason) would conclude that Google's use falls under that category.
It is a no true scottsman, because of this presupposition-- It begs the question.
To counter this line of argument that Oracle is employing, let us instead consider what an API is, and what role it plays in communication.
An API is a specification. Essentially, it is a codified set of definitions for terms, and methods of employment that are permitted within a system of communication. It is roughly analogous to a lexicon for a given written or verbal language. EG-- a dictionary.
With this in mind, we can point out the fallacy of Oracle's statement, by replacing a few words.
"No reasonable jury could find that Googleâ(TM)s verbatim and entirely commercial use of the dictionary and stated grammar to compete against our written works was a fair use."
Basically, Oracle is presupposing that it owns a language, so any use of that language's lexicon and grammar is theirs to control-- and assert that they get this power through copyright.
Copyright provides restrictions on reproduction and use of fixed media (be it written words, moving pictures, photographs, or audio recordings--)-- it does not cover subject matter. EG, if I paint a nice still-life of some daisies, I don't get to claim ownership over the concept of painting still lifes of daisies. Only over the reproduction of my specific image of daisies.
The court demonstrated that the API documents created by Oracle can be copyrighted-- They can control the dissemination and distribution of those documents, and only those documents. They do not hold any authority over the concepts expressed in the documents. EG-- they don't own the rights to all pictures of daisies-- even if they invented daisies.
One could claim that the VM Google uses (whatever it is called these days) is a derivative work of the Java virtual machine. This is a tricky area legally-- Copyright is not the appropriate vehicle for this kind of intellectual property. (Patents are the appropriate vehicle.) The API documents describe the language and behavior used by the java virtual machine. Google has created a different virtual machine that uses the same language.
At best, the case Oracle can make here is that google copied, verbatim, their dictionary instead of writing their own. The problem, as demonstrated in court, is that there can only be one definition, and the definition given is absolutely precise, as required for a computer language. There are no other ways to rephrase or rewrite the dictionary to make it into a new literary work referencing the same language.
Again, the copyright is over the documents, not the language.
This is why the jury found the use to be a non-infringing, fair use.
An outcome that Oracle insists cannot happen, because "reasons", and that any jury that finds otherwise is not reasonable-- Nevermind that the way they reached the verdict was through application of reason and fairness.
The Catholic Church quickly realized the potential of the printing press as a challenge to its influence. Censorship was introduced into the print shop in 1487, when Pope Innocent VIII required that Church authorities approve all books before publication. The Church had censored books for centuries, though it became much more difficult to do so after the invention of printing. Controlling a dozen painfully copied manuscripts of a forbidden text may have been a manageable task, but controlling the thousands of copies churning off the presses every year was quite another matter. One of these forbidden texts was the Bible printed in any other language than Latin.
In its zeal to control the publication of books through printing, as it had through controlling the scribes that preceded the printing press, the church enacted quite a few onerous restrictions on reproduction of texts it found disfavorable, and books it felt competed with their monopoly on religious authority-- They viewed it as heretical/irresponsible for lay people to own a bible in any language other than latin, and then ownership was to be restricted only to clergy-- amongst other things. Prior, the church had enjoyed a rather nice position as the monopoly holder on reproduced literary works, and had commanded the market for written literature for quite some time.
The parallel with modern publishers suddenly finding that it is now much more difficult for them to control the circulation of digital media is quite apt.
To be perfectly frank, I didnt feel like digging through 170 "recommended" updates that have boilerplate descriptions of "solves an issue with windows 7" for a short list of KBs that may or may not be fully comprehensive, considering that MS seems to rebadge the GWX update every update cycle.
On a fresh install there are nearly 20 kbs now that either install the GWX malware, or install the backported telemetry from win 10, and that number is only growing.
Rather than going blind and wasting 30 to 40 minutes of my time dutifully examining each and every update in the list to block installation, I ran with it fully expecting the GWX shit to install, and then spend significanly less time uninstalling the unwanted "updates" after the fact. The issue is mature enough that there are automated tools to assist me with that, so why do it manually?
It also gave me the opportunity to personally verify the recent claims about the GWX app, so I rolled with it.
I have skill sets that normal people dont have. (Most people lack good tech skills, and so would be unable to prevent the upgrade like I did.) The dialog lacked a clear and easy option to decline the "generous offer." The windows update that contains GWX is essentially trojanized with its boiler plate description, meaning a typical user wouldnt know it from a proper security patch.
Saying it is my fault for not sanitizing my updates in a painfully laborious process is something I can partially see, given that I do indeed have the skillset to do so. (I elected to allow the GWX malware, both because the automated removal is effective and convenient, and because it would allow me to see the new version everyone was compaining about.) That argument does not hold for basically 99% of the population though. I am unwilling to manually sanitize my OWN update list on each and every patch set released-- I sure as hell am not going to do that for all the non-tech people I know.
The dialog was offensively presumptuous in how it simply told you it was going to upgrade and when. Useless in that it provided only the "Do it NOW!" button, but neglected to offer a "No, I would like to decline this offer" option.
MS is being disingenuous that the upgrade is a scheduled update-- it isnt, it is a seperately spawned scheduled task that only uses the windows update agent as the delivery mechanism. Removing the scheduled task does not require turning off windows automatic updates. The fact that MS KEEPS ON PUSHING NEW KBs FOR THE SAME SHIT, is the only thing implicating windows automatic updates, aside from MS branding the update as recommended.
My solution to the "constantly new KB numbers" problem is to put onerous filesystem ACLs on the folders and registry keys implicated in the GWX bullshit, so that additional updates cannot be installed, because not even SYSTEM or TrustedInstaller have any rights at all to the empty, placeholder locations on the drive and in the registry. The "updates" simply fail. Does not matter what MS names, or how critical they claim the update to be, the place the files are to be stored is a no-man's land. Installation fails.
Not everyone has the skills to do that, and it isnt something that can readily (or safely) be given an easy button for those that dont. I cannot expect hundreds of thousands of people to use a similar cock block strategy.
It begs the question, that if the jury finds against Oracle, the jury is defacto unreasonable!
Why even HAVE a jury?!
No, the assertion is a logical fallacy, and a classic one at that. Oracle needs to define, explicitly, why it feels the instructions to the jury that has already decided the fact of the case that has now concluded were in any way improper.
That it cannot find one, and has to resort to "But, the verdict is unreasonable! I demand the other verdict!" as its justification, indicates that oracle does not have grounds for appeal.
Logical fallacies of international renown like this do not belong in the decision matrix of the legal system. Period.
I can't help but be reminded of history here. When Gutenburg demonstrated his printing press, the scribes and clergy of the period fell all over themselves with condemnations, onerous laws forbidding the "profane" reproduction of sacred works, and literal goon squads to try to symie the tide of availability that literature now enjoyed.
Fast foward, and here we are again. The people who once controlled production (the print houses and publishers) are falling all over themselves with condemnations, onerous laws forbidding the "immoral" reproduction of profitable works, and sending law enforcement (literal goon squads) to try and stymie the tide of availability that literature now enjoys.
Publishers: As useful and necessary today, as buildings full of clergy and scribes were in Gutenburg's day.
Yup. Paid close attention to the dialog last night.
My shiny new SSD arrived from Amazon for my upstairs gaming PC, so I decided it would be a good time to do a fresh reinstall.
Did the base install, installed SP1, installed IE11 (Because so much shit wants IE for who knows what gods awful reason), installed security essentials, did the "takes forever and uses lots of ram to check updates" manual update, did the convenience rollup, then checked for updates.
Yup, GWX showed up in an even nastier form than before. It told me proudly that I was scheduled to upgrade on saturday at 11:00am. THERE WAS NO CANCEL BUTTON. I dug through the settings and menu choices. There was no option to cancel the upgrade. The window was just a notification that it had set up the hidden automated task, and when it would happen.
I had to install GWX control panel and use THAT to cancel the update, and remove the GWX components.
From the sound of the summary, microsoft still has "upgrade by default! We KNOW you secretly want it!" as the default, and closing the notification does not cancel the upgrade. They have just begrudgingly added a cancel button, in the disused settings menu, behind a sign that says "beware of the leopard."
It's almost like they simply refuse to accept that what is angering their customers is the "upgrade by default!" behavior, and are acting confused why people dont want to switch.
I may be a little addled in my ability to remember, but I have this deeply nagging feeling at the back of my mind that they had a full color e-ink prototype waaaaaaaaaaaay back in the late 90s that used a super hydrophobic cell layer with electrically conductive partition walls.
IIRC, the paper was made from 4 transparent layers over a white back layer. Each layer held a CMYK pigment component in the form of an aqueus solution, held into a tight microdot form by superhydrophobic coatings inside each cell. When the cell is energized, hydroelectrodynamic forces cause the droplet to spread out and cover the cell, with the applied voltage to the cell determining how fully the droplet flattens and covers the cell.
That was waaaaaaaaaaay back though. I will dig to see if I can find the old press releases.
If you read the verbiage of their proposal, they "acknowledge the need for... accuracy (in records)", but desire, "at their sole descretion" to cooperate with third parties to assure that this is the case--- meaning, they want to be able to say "No" when challenged on the accuracy of their records, with requests to have the data verified by such a third party, while pretending that they would say "yes" when asked.
Basically, the FBI wants to self regulate, and is using some batshit horrible excuses to justify this desire.
The really onerous statment is that they feel meeting the legally protected right of a citizen to know that they are charged with a crime, and who has charged them would constitute an undue burden on their ability to conduct an investigation. (Because, how dare they try to defend themselves in court!) Clearly, the FBI believes that citizens are guilty until proven innocent. This kind of thinking alone should cause any civically minded person to scream bloody murder about this request of theirs.
zoonotic pathogens are a very real concern, and the mutation of endemic animal pathogens into strains able to infect pure human cell lines *HAS* been documented, and was documented nearly a decade ago.
Specifically, early studies of mixed-culture embryos (an animal blastocyst that has had cloned human inner cell mass cells injected into it, along with the animal embryo's normal contents) resulted in unexpected results: In some cases, the resulting tissues were not just heterogenous admixtures of cell lineages, but cell fusion had clearly happened in embryonic development, and genetically hybridized tissue was present. These genetically hybridized cells in the culture tested positive for porcine endemic retrovirus infection (the tissue was of mixed pig and human lineage) and the retroviral sequences involved had adapted to be able to infect the pure human cells in the culture, some non-trivial number of them also testing positive for infection.
While modern techniques may permit the creation of genetic hybrid animals capable of growing human organs, the usualy subject of interest for xenotransplantation hosts is the porcine (pig) model. Recent studies into PERVs (Porcine Endogenous RetroViruses) have identified several strains that have strong capacity to adapt to infection of pure human tissues, meaning organs grown in animals that have the viral pathogen present can cause illness in human hosts they are introduced to.
These are serious issues with the fundamental concept of using pigs as hosts for xenotransplanted organ harvesting, completely outside the scope of the ethics of creating "Miss Piggy".
Currently, it looks like trying this with pigs will be very difficult, if impossible, to accomplish without dangerous risk of introducing new and dangerous zoonoses into the human population at large, and possibly introducing human specific dna into the porcine germline at large. (The latter being especially easy to have happen by a combination of outstanding need to produce more animals quickly to meet organ demand, costs of proper controls, and human nature where potential profit meets regulatory obstruction)
This is just a bad idea, at least as far as swine host model is concerned. it is just asking for trouble.
It might be that other host animals have lower risk of serious zoonotic transfer, but I am unaware if that is the case or not-- all of the work I have seen has involved mice, rabbit, or swine models, all of which have some form of endogenous viral load that can become infectious to humans after infecting hybrid cell culture media, at least in vitro.
These scientists would do much better with using organ tissue priting techniques to produce organ analogs to support real organ growth in vitro. (eg, you grow a real organ on a tissue printed support system, made of "unsuitable for transplant but functional" printed organs, that is sustained in a tank.)
That is significantly less ethically dodgy, would solve a number of other issues besides transplant shortages (developed enough, such support systems could, at least in theory, serve as artificial wombs for reproductive assistance), and would not risk human populations with zoonoses.
But for some reason, there is this love affair with trying to use food animals to solve this problem, damn the data telling them it is a bad idea.
The information in this database needs to have extraction and viewing privilige by the person the data concerns.
Otherwise, there is no way to show that, for instance, the finger and iris scan data in the database actually matches the person it is supposed to correspond to.
Example: I pretend I am some other person; say I am actually an illegal migrant, and I have falsified papers attesting that I am a citizen, but the actual person who's credentials I am using/stealing is alive and well in some distant part of the US. This happens all the time. I do this so that I can be hired for a job that needs biometric data on file. So, I arrive at the site, I give finger prints, they scan my eyeballs, maybe take a cheek swab or blood sample, and booya, I have the job.
Later, I comit some felony, and flee the scene.
The guy who's data I stole with my falsified/stolen paperwork cannot contest that the biometric data on file is not his, because he cannot subpoena the data for verification. There are fingerprints on file, they match the ones at the scene-- obviously he is guilty! (And with how eagerly US prosecutors go after people like this, this is a very real threat.)
If the guy and demand reproduction of the biometric data in the file, he can have the data independently verified by a reputable firm by supplying his own, legitimate biometric data, and show that the data in the database is fraudulent, and cannot possibly be him.
If you want to entertain the Big Brother Totalitarian Despotic Rule chain of thought, there is nothing to stop the FBI from straight up fabricating biometric data for a person they want to use the system against, claim the made up data matches the made up crime they invented, and indict/prosecute an innocent person for purely political reasons.
The supposed issues of disclosing incorrect biometric data and thus disclosing sensitive information incorrectly only happen when the data in the database is *gasp* incorrect.
Rather, the FBI is expecting everyone else to just accept, without question, that the data in the database is legit, citing privacy issues.
It may come as a surprise to you, but almost without exception, the "charitable donations" of corporations directly benefit the company in some financial capacity.
Take for instance, an endowment of this nature: The one who stands to benefit from a big increase in total economic activity is NOT any individual multinational corporation, but the world government who's citizens are getting increased service, because it directly adds to their market index rating, making them more important on the global market.
as such, a corporation can get the kind of exclusive deal they want, (hey, if I give your citizens Foo, will you give me a sweetheart deal on assessing tariffs, duties, and taxes? we're good buddies, right?) which then directly results in a fiscal profit for them over not doing it (if they chose not to "donate", they would still pay the normal rate on duties, tariffs, and taxes doing business in that country. The costs of the "donation" are less than the savings made on the sweetheart deal, ensuring garanteed profit.)
It is not because the corporation has suddenly developed a conscience and has some vestiage of humanitarian spirit lurking inside. it is always profit driven, due to their "fudiciary obligations."
So, I have no doubt that fuckerberg was hoping to make a profit by subsidizing internet access to rural people in india, that he could then get hooked on shitbook, and sell the personal information of for even more profit.
The problem becomes intractible when you consider this statistic is for GLOBAL economic activity, for extending access in ALL countries. That's a lot of sweetheart deals, and lots of assumptions.
Slashdot Mirror
Want a specific example?
A few years ago, I was looking for a copy of a specific file, and constrained my google searches in such a way that I was getting only raw file indexes from google.
My crime: Using google.
What I found-- You know the Atlas experiment? Part of the LHC at CERN? They had an insecured, public facing HTTP server online that had the file I was looking for. The server was clearly not intended to be publicly facing: It had engineering data on the ATLAS detector, some preliminary data from the experiment, employee photos, and some other "clearly not for public disclosure" information on it, being blissfully cataloged by Google's metacrawler.
Did I decide that I needed copies of all that data?
No.
Did I decide that I needed to give that data out to interested parties?
No.
Did I politely disclose the unintended disclosure their servers were doing to the site's admin after looking them up?
Yes.
Am I glad that they made the server more secure afterward?
Yes.
Was I interested in money at any point in this matter?
No.
Could I have been prosecuted for unauthorized access to a computer system, under modern antihacking laws?
HELL YES.
You see it pretty frequently these days: Somebody stumbles upon a vulnerability by mistyping a URL for their bank statement, and get somebody else's statement. BOOM, Criminal access. They do due dilligence to make sure it isnt a fluke-- access a few other statements-- then attempt ethical disclosure. Instead of being thanked for the heads up to the breach, they instead get arrested. (and the hole left unpached.)
When this happens often enough, people who stumble on these things, who really just want it fixed, end up having to take measures to protect themselves. This has now clearly escallated to hostage taking.
Blaming victims indeed.
That's how you get "sued then ignored."
Holding the data makes them have to take you seriously.
It's a terrible thing, but the downward spiral is being driven by the obsinate corporation's sociopathy, not the grey hats.
Be careful with those bandwagon fallacies.
Like all actions undertaken by people, the issue revolves around motive.
If Motive == "Personal enrichment" Then
ExtortMoney="true"
SellStolenData="true"
Else
If Motive=="End-User security improvement" then
If LegitimateEthicalDisclosureSuccessful="True"
ExtortMoney="false"
SellStolenData="false"
Else
ExtortMoney="True"
SellStolenData="false"
End if
End If
EG, the extortion is just a means to compel the obstinate corporation running the grossly insecured system into actually taking SOME action besides "sue and ignore".
When enough well meaning grey hats get "sued and ignored" for Big Corporate Profits, expect their tactics to change to less benign methods than just simple "uhm, hey guys-- You totally have all your shit on a public facing anon FTP server. I can see all your exchange server's dirty laundry. Consider fixing it, m'kay?" into a "Look bros, Not only are you stupid fucks that treat user data like its nothing, you left all your dirty, illegal practices open to public scrutiny by being idiots with your security. Here's how you should properly secure that shit-- Now pay me 30k for the service."
And, if the idiots running these shitty services continue balking about having to actually do things right, expect it to escallate even further to "If you blow me off, I will give the data to somebody who could actually use it." which is the next logical step.
I have done some grey-hat things, (I have literally stumbled across servers that were not intended to be internet facing, that contained privileged data. Thankfully they were from research groups and universities, not corporations. Google indexes LOTS of interesting places.) but I did not exploit that-- I found ethical disclosure to the site operator was sufficient. From what I have been reading though, corporations tend to sue first, and thank never. Instead of getting friendly letters alerting them to the issue, they have forced people to have to hold the data hostage.
I dont extort money from people this way, nor do I attack production systems to find vulnerabilities. (The most I do is set up my own deployment, and then do horrible things to that, and then only out of personal curiosity)
However, I feel compelled to point out-- Not everyone is a sociopathic ass weasle. For some, the extortion of money is more a means than an end. In other words, they dont really want the money, the demand for money is just something used to coerce the corporate overlords they see running lackluster operations into fixing their shit. EG, when they can just blow it off and pretend it never happened, to the sociopath, it never happened. There has to be a publicly exposed element, and personal loss before the problem is actually a problem. That's what the ransom does.
Now, I doubt that MOST of the people doing this have such high minded ideals behind the ransom demands, but asserting blandly that all of them are money grubbing sociopaths hints pretty strongly that you either spend way too much time with that kind of crowd, or that you belong to that crowd yourself.
I dunno. The comparison is pretty apt on many levels when you actually think about it.
1) Rape is a forceful act, in which one person is rendered powerless, then has genetic material forcefully inserted. It is considered a heinous violation, because the perpetrator does this exclusively for their own power tripping and physical pleasure, damaging another human being mentally, emotionally, and physically, then leaving them with all the consequences. It denies the victim agency, and dehumanizes them into a simple object that exists for the perps's pleasure, who's later sufferings are unimportant.
2) This kind of forced update holds many parallels. It is also a forceful act (done without proper consent), in which the user is rendered powerless, and computer data is forcefully inserted. it should be considered and analogously heinous violation because MS is doing this exclusively for its own power tripping and financial benefit, damaging other people's businesses and system configurations, causing mental harm to users and admins who have previously told them NO repeatedly through blocking the update, setting registry keys, and uninstalling prior updates that made it through (all things MS can trivially check for but doesnt) leaving them with all the consequences of the action. This kind of policy denies the user of agency on what does and does not get installed on their system, and dehumanizes them as just statistical figures for unexploited market potential, that exist only to make MS more money, who's sufferings are unimportant to them.
The major difference is that rape affects humans directly, where this kind of digital rape affects humans indirectly.
Further, the kinds of justifications levied in defense of these heinous acts are very similar:
"If she didnt want it, she shouldnt dress provacatively!"
"If you dont want the update, you shouldn't accept security updates promiscuously!"
When you really think about it, the two are very closely related pathologies, and handwaving it away like you did is a disservice to the people who's systems are being violated like that.
Local admin revokes write and execute permisions to %systemroot%\GWX and its sub-objects from TrustedInstaller and System users.
This prevents MS from installing or running their shit there. The updates will silently fail on install.
By the time I got ahold of a copy, it was quite some ways behind NT4 on useful desktop software, and lightyears behind on drivers.
The copy I had was a floppy diskette based installer set, with some ungodly number of diskettes in it. I remember wondering about the similarities between HPFS and NTFS.
Mostly, it felt like windows 3.1 with a 32bit UI instead of a 16 bit one, very ancient windows app support, and very little native apps.
I suppose it could have gone somewhere had IBM actually gone hard-nosed about it after being snubbed my MS when they released NT4. NT4 had some nasty warts-- no PnP support, No USB support, and a number of others. A proper reboot of the OS/2 ecosystem with proper win32 app support, WDM driver support (So it could use windows drivers, even if just using a wrapper to do so) along with proper OpenGL, USB, and PnP support would have gone a long way back in the day.
These days the features of OS/2 are so obsolete it isn't even funny. ReactOS is extreme bleeding edge alpha, and would be more useful than an OS/2 deployment.
The real windows alternatives out there today are OSX and Linux.
Sure they can!
Here's how:
They create a new class of "loan", with a 0% interest rate, and a date of mandatory repayment of 100bn years from now.
They can put a sign up front advertising these amazing loans, "No credit check, not deposit, no ID required!"
The bank can issue up to 9x the value of thier current deposit holdings in such "loans", and the money they lend out comes from nothing-- per how federal reserve banking is designed to work.
If the bank offers such a "loan", you are perfectly free to take all the free money that you will be too dead to pay back by the due date that you want, until the bank runs out of credit.
Most banks are not this stupid, being for profit institutions-- they expect to be paid back their credit, (which, once they are repaid, the money you give them becomes holdings, and they can lend THAT out at 900% as well) and expect that you will hold the loan in either their bank, or another bank they can take an interbank loan from, and mass generate wealth from nothing. Giving away money at 0% with a due date older than the projected heat death of the universe is not something they will consider-- But if they did, it is not bank robbery to accept their generous offer.
I see you are observing the "dildo legislation" I have harped about in the past.
https://yro.slashdot.org/comme...
https://yro.slashdot.org/comme...
Well, here it is, a few years later-- and we have a dildo up all our collective asses (TPP), because after 4 consecutive attempts and being told no each and every time, they decided behind closed doors that we really meant yes, and just jammed it in without even asking.
Expect the same kind of shit with Feinstein and her fetish for backdooring everything and everyone-- for our own safety, of course.
If not her, some other tool with a vested interest in pornoscopes, panopticon surveilance, secret courts and secret rulings, and of course, secret databases that you arent allowed to ask if your data is on file in.
because all that is to keep you safe, citizen! It has nothing whatsoever with the raging hardon we in the panopticon have when we think about how we can charge you with a made up crime and have it stick, all while eating popcorn watching you go about your life 24/7, and snickering about all those "private" things you do, buy, and say online.
Nothing whatsoever. it's all about your safety. Yes. Your safety. Now, please stand in front of the security device...
Oh yes. That's it. Lean a little more to the right. Oh yeah...Mmm.. Good citizen, Very good.
Mint and Ubuntu are package compatible. (mostly)
You can point Ubuntu at a mint repository, and then install mate or cinnamon.
Just be aware that ubuntu's packages break everything later.
The problem I had with Ubuntu concerning Unity, was that their update pacckages did not respect non-unity configurations, and would destroy the desktop of alternatives.
It was ultimately what drove me first to Xubuntu, and later to Mint.
Granted that was several years back, but I doubt the situation has improved much. The updated packages would almost always overwrite the configurations I had set up when it came to the GUI, which would turn on parts of Unity that did not need to be and should not have been activated, which would put the window manager into an unstable condition. I am sure the new configurations in the update packages were well tested on the unity WM, but they were presumptuous on other desktops, and broke shit.
Mint is more careful, since they officially support xfce, mint, and cinnamon all at the same time. Means they dont/cant take things like "oh yeah, they are totally running Unity. Its OK to overwrite the xinit. It'll be fine." for granted.
According to Nolo, it means exactly what I think it means.
http://www.nolo.com/dictionary...
In the context of a "reasonable jury", it would relate to a jury that is ordinary, rational, or appropriate.
The no true scottsman appellation stands: Oracle is straight up saying that a jury that fails to see things its way is not an ordinary, rational, or appropriate jury.
The assertion that there is a specific meaning to the phrase "reasonable jury" outside of this more generic use of the legal definition of the word "reasonable" does not seem to bear fruit. I have searched many different online legal dictionaries for the term, and come up empty. If there is such a specific use of the art, I would be glad to have it defined for me.
As best I can interpret, Oracle is stating that because Google's use is clearly commercial in nature, that the use cannot be a fair use, and takes this as a presupposition for its subsequent intent in the statement-- that no reasonable jury (as in, one that is aware of what constitutes fair use, and uses reason) would conclude that Google's use falls under that category.
It is a no true scottsman, because of this presupposition-- It begs the question.
To counter this line of argument that Oracle is employing, let us instead consider what an API is, and what role it plays in communication.
An API is a specification. Essentially, it is a codified set of definitions for terms, and methods of employment that are permitted within a system of communication. It is roughly analogous to a lexicon for a given written or verbal language.
EG-- a dictionary.
With this in mind, we can point out the fallacy of Oracle's statement, by replacing a few words.
"No reasonable jury could find that Googleâ(TM)s verbatim and entirely commercial use of the dictionary and stated grammar to compete against our written works was a fair use."
Basically, Oracle is presupposing that it owns a language, so any use of that language's lexicon and grammar is theirs to control-- and assert that they get this power through copyright.
Copyright provides restrictions on reproduction and use of fixed media (be it written words, moving pictures, photographs, or audio recordings--)-- it does not cover subject matter. EG, if I paint a nice still-life of some daisies, I don't get to claim ownership over the concept of painting still lifes of daisies. Only over the reproduction of my specific image of daisies.
The court demonstrated that the API documents created by Oracle can be copyrighted-- They can control the dissemination and distribution of those documents, and only those documents. They do not hold any authority over the concepts expressed in the documents. EG-- they don't own the rights to all pictures of daisies-- even if they invented daisies.
One could claim that the VM Google uses (whatever it is called these days) is a derivative work of the Java virtual machine. This is a tricky area legally-- Copyright is not the appropriate vehicle for this kind of intellectual property. (Patents are the appropriate vehicle.) The API documents describe the language and behavior used by the java virtual machine. Google has created a different virtual machine that uses the same language.
At best, the case Oracle can make here is that google copied, verbatim, their dictionary instead of writing their own. The problem, as demonstrated in court, is that there can only be one definition, and the definition given is absolutely precise, as required for a computer language. There are no other ways to rephrase or rewrite the dictionary to make it into a new literary work referencing the same language.
Again, the copyright is over the documents, not the language.
This is why the jury found the use to be a non-infringing, fair use.
An outcome that Oracle insists cannot happen, because "reasons", and that any jury that finds otherwise is not reasonable-- Nevermind that the way they reached the verdict was through application of reason and fairness.
No True Scottsman confirmed.
From http://www.hrc.utexas.edu/educ...
In its zeal to control the publication of books through printing, as it had through controlling the scribes that preceded the printing press, the church enacted quite a few onerous restrictions on reproduction of texts it found disfavorable, and books it felt competed with their monopoly on religious authority-- They viewed it as heretical/irresponsible for lay people to own a bible in any language other than latin, and then ownership was to be restricted only to clergy-- amongst other things. Prior, the church had enjoyed a rather nice position as the monopoly holder on reproduced literary works, and had commanded the market for written literature for quite some time.
The parallel with modern publishers suddenly finding that it is now much more difficult for them to control the circulation of digital media is quite apt.
To be perfectly frank, I didnt feel like digging through 170 "recommended" updates that have boilerplate descriptions of "solves an issue with windows 7" for a short list of KBs that may or may not be fully comprehensive, considering that MS seems to rebadge the GWX update every update cycle.
On a fresh install there are nearly 20 kbs now that either install the GWX malware, or install the backported telemetry from win 10, and that number is only growing.
Rather than going blind and wasting 30 to 40 minutes of my time dutifully examining each and every update in the list to block installation, I ran with it fully expecting the GWX shit to install, and then spend significanly less time uninstalling the unwanted "updates" after the fact. The issue is mature enough that there are automated tools to assist me with that, so why do it manually?
It also gave me the opportunity to personally verify the recent claims about the GWX app, so I rolled with it.
I have skill sets that normal people dont have. (Most people lack good tech skills, and so would be unable to prevent the upgrade like I did.) The dialog lacked a clear and easy option to decline the "generous offer." The windows update that contains GWX is essentially trojanized with its boiler plate description, meaning a typical user wouldnt know it from a proper security patch.
Saying it is my fault for not sanitizing my updates in a painfully laborious process is something I can partially see, given that I do indeed have the skillset to do so. (I elected to allow the GWX malware, both because the automated removal is effective and convenient, and because it would allow me to see the new version everyone was compaining about.) That argument does not hold for basically 99% of the population though. I am unwilling to manually sanitize my OWN update list on each and every patch set released-- I sure as hell am not going to do that for all the non-tech people I know.
The dialog was offensively presumptuous in how it simply told you it was going to upgrade and when. Useless in that it provided only the "Do it NOW!" button, but neglected to offer a "No, I would like to decline this offer" option.
MS is being disingenuous that the upgrade is a scheduled update-- it isnt, it is a seperately spawned scheduled task that only uses the windows update agent as the delivery mechanism. Removing the scheduled task does not require turning off windows automatic updates. The fact that MS KEEPS ON PUSHING NEW KBs FOR THE SAME SHIT, is the only thing implicating windows automatic updates, aside from MS branding the update as recommended.
My solution to the "constantly new KB numbers" problem is to put onerous filesystem ACLs on the folders and registry keys implicated in the GWX bullshit, so that additional updates cannot be installed, because not even SYSTEM or TrustedInstaller have any rights at all to the empty, placeholder locations on the drive and in the registry. The "updates" simply fail. Does not matter what MS names, or how critical they claim the update to be, the place the files are to be stored is a no-man's land. Installation fails.
Not everyone has the skills to do that, and it isnt something that can readily (or safely) be given an easy button for those that dont. I cannot expect hundreds of thousands of people to use a similar cock block strategy.
You shouldnt either.
That's a no true scottsman, straight up!
It begs the question, that if the jury finds against Oracle, the jury is defacto unreasonable!
Why even HAVE a jury?!
No, the assertion is a logical fallacy, and a classic one at that. Oracle needs to define, explicitly, why it feels the instructions to the jury that has already decided the fact of the case that has now concluded were in any way improper.
That it cannot find one, and has to resort to "But, the verdict is unreasonable! I demand the other verdict!" as its justification, indicates that oracle does not have grounds for appeal.
Logical fallacies of international renown like this do not belong in the decision matrix of the legal system. Period.
*shakes head*
I can't help but be reminded of history here. When Gutenburg demonstrated his printing press, the scribes and clergy of the period fell all over themselves with condemnations, onerous laws forbidding the "profane" reproduction of sacred works, and literal goon squads to try to symie the tide of availability that literature now enjoyed.
Fast foward, and here we are again. The people who once controlled production (the print houses and publishers) are falling all over themselves with condemnations, onerous laws forbidding the "immoral" reproduction of profitable works, and sending law enforcement (literal goon squads) to try and stymie the tide of availability that literature now enjoys.
Publishers: As useful and necessary today, as buildings full of clergy and scribes were in Gutenburg's day.
That is to say, less and less every day.
And good riddance.
Yup. Paid close attention to the dialog last night.
My shiny new SSD arrived from Amazon for my upstairs gaming PC, so I decided it would be a good time to do a fresh reinstall.
Did the base install, installed SP1, installed IE11 (Because so much shit wants IE for who knows what gods awful reason), installed security essentials, did the "takes forever and uses lots of ram to check updates" manual update, did the convenience rollup, then checked for updates.
Yup, GWX showed up in an even nastier form than before. It told me proudly that I was scheduled to upgrade on saturday at 11:00am. THERE WAS NO CANCEL BUTTON. I dug through the settings and menu choices. There was no option to cancel the upgrade. The window was just a notification that it had set up the hidden automated task, and when it would happen.
I had to install GWX control panel and use THAT to cancel the update, and remove the GWX components.
From the sound of the summary, microsoft still has "upgrade by default! We KNOW you secretly want it!" as the default, and closing the notification does not cancel the upgrade. They have just begrudgingly added a cancel button, in the disused settings menu, behind a sign that says "beware of the leopard."
It's almost like they simply refuse to accept that what is angering their customers is the "upgrade by default!" behavior, and are acting confused why people dont want to switch.
To be fair, at least NewScientist was better, subject-matter wise, than the more recent love affair with Forbes.com
Here we go. Hot news from 1999!
https://www.newscientist.com/a...
I may be a little addled in my ability to remember, but I have this deeply nagging feeling at the back of my mind that they had a full color e-ink prototype waaaaaaaaaaaay back in the late 90s that used a super hydrophobic cell layer with electrically conductive partition walls.
IIRC, the paper was made from 4 transparent layers over a white back layer. Each layer held a CMYK pigment component in the form of an aqueus solution, held into a tight microdot form by superhydrophobic coatings inside each cell. When the cell is energized, hydroelectrodynamic forces cause the droplet to spread out and cover the cell, with the applied voltage to the cell determining how fully the droplet flattens and covers the cell.
That was waaaaaaaaaaay back though. I will dig to see if I can find the old press releases.
If you read the verbiage of their proposal, they "acknowledge the need for ... accuracy (in records)", but desire, "at their sole descretion" to cooperate with third parties to assure that this is the case--- meaning, they want to be able to say "No" when challenged on the accuracy of their records, with requests to have the data verified by such a third party, while pretending that they would say "yes" when asked.
Basically, the FBI wants to self regulate, and is using some batshit horrible excuses to justify this desire.
The really onerous statment is that they feel meeting the legally protected right of a citizen to know that they are charged with a crime, and who has charged them would constitute an undue burden on their ability to conduct an investigation. (Because, how dare they try to defend themselves in court!) Clearly, the FBI believes that citizens are guilty until proven innocent. This kind of thinking alone should cause any civically minded person to scream bloody murder about this request of theirs.
zoonotic pathogens are a very real concern, and the mutation of endemic animal pathogens into strains able to infect pure human cell lines *HAS* been documented, and was documented nearly a decade ago.
Specifically, early studies of mixed-culture embryos (an animal blastocyst that has had cloned human inner cell mass cells injected into it, along with the animal embryo's normal contents) resulted in unexpected results: In some cases, the resulting tissues were not just heterogenous admixtures of cell lineages, but cell fusion had clearly happened in embryonic development, and genetically hybridized tissue was present. These genetically hybridized cells in the culture tested positive for porcine endemic retrovirus infection (the tissue was of mixed pig and human lineage) and the retroviral sequences involved had adapted to be able to infect the pure human cells in the culture, some non-trivial number of them also testing positive for infection.
https://www.newscientist.com/a...
While modern techniques may permit the creation of genetic hybrid animals capable of growing human organs, the usualy subject of interest for xenotransplantation hosts is the porcine (pig) model. Recent studies into PERVs (Porcine Endogenous RetroViruses) have identified several strains that have strong capacity to adapt to infection of pure human tissues, meaning organs grown in animals that have the viral pathogen present can cause illness in human hosts they are introduced to.
link.springer.com/article/10.1007/s00705-008-0141-7
www.mdpi.com/1999-4915/6/5/2062/htm
These are serious issues with the fundamental concept of using pigs as hosts for xenotransplanted organ harvesting, completely outside the scope of the ethics of creating "Miss Piggy".
Currently, it looks like trying this with pigs will be very difficult, if impossible, to accomplish without dangerous risk of introducing new and dangerous zoonoses into the human population at large, and possibly introducing human specific dna into the porcine germline at large. (The latter being especially easy to have happen by a combination of outstanding need to produce more animals quickly to meet organ demand, costs of proper controls, and human nature where potential profit meets regulatory obstruction)
This is just a bad idea, at least as far as swine host model is concerned. it is just asking for trouble.
It might be that other host animals have lower risk of serious zoonotic transfer, but I am unaware if that is the case or not-- all of the work I have seen has involved mice, rabbit, or swine models, all of which have some form of endogenous viral load that can become infectious to humans after infecting hybrid cell culture media, at least in vitro.
These scientists would do much better with using organ tissue priting techniques to produce organ analogs to support real organ growth in vitro. (eg, you grow a real organ on a tissue printed support system, made of "unsuitable for transplant but functional" printed organs, that is sustained in a tank.)
That is significantly less ethically dodgy, would solve a number of other issues besides transplant shortages (developed enough, such support systems could, at least in theory, serve as artificial wombs for reproductive assistance), and would not risk human populations with zoonoses.
But for some reason, there is this love affair with trying to use food animals to solve this problem, damn the data telling them it is a bad idea.
The information in this database needs to have extraction and viewing privilige by the person the data concerns.
Otherwise, there is no way to show that, for instance, the finger and iris scan data in the database actually matches the person it is supposed to correspond to.
Example: I pretend I am some other person; say I am actually an illegal migrant, and I have falsified papers attesting that I am a citizen, but the actual person who's credentials I am using/stealing is alive and well in some distant part of the US. This happens all the time. I do this so that I can be hired for a job that needs biometric data on file. So, I arrive at the site, I give finger prints, they scan my eyeballs, maybe take a cheek swab or blood sample, and booya, I have the job.
Later, I comit some felony, and flee the scene.
The guy who's data I stole with my falsified/stolen paperwork cannot contest that the biometric data on file is not his, because he cannot subpoena the data for verification. There are fingerprints on file, they match the ones at the scene-- obviously he is guilty! (And with how eagerly US prosecutors go after people like this, this is a very real threat.)
If the guy and demand reproduction of the biometric data in the file, he can have the data independently verified by a reputable firm by supplying his own, legitimate biometric data, and show that the data in the database is fraudulent, and cannot possibly be him.
If you want to entertain the Big Brother Totalitarian Despotic Rule chain of thought, there is nothing to stop the FBI from straight up fabricating biometric data for a person they want to use the system against, claim the made up data matches the made up crime they invented, and indict/prosecute an innocent person for purely political reasons.
The supposed issues of disclosing incorrect biometric data and thus disclosing sensitive information incorrectly only happen when the data in the database is *gasp* incorrect.
Rather, the FBI is expecting everyone else to just accept, without question, that the data in the database is legit, citing privacy issues.
Bullshit.
I see that you are confused.
I was pointing out that what corporations do is NOT charity.
I was ***NOT*** stating that actual charity is bad.
Nice to see that you have some pent up vitriol, but you are unloading on the wrong person.
It may come as a surprise to you, but almost without exception, the "charitable donations" of corporations directly benefit the company in some financial capacity.
Take for instance, an endowment of this nature: The one who stands to benefit from a big increase in total economic activity is NOT any individual multinational corporation, but the world government who's citizens are getting increased service, because it directly adds to their market index rating, making them more important on the global market.
as such, a corporation can get the kind of exclusive deal they want, (hey, if I give your citizens Foo, will you give me a sweetheart deal on assessing tariffs, duties, and taxes? we're good buddies, right?) which then directly results in a fiscal profit for them over not doing it (if they chose not to "donate", they would still pay the normal rate on duties, tariffs, and taxes doing business in that country. The costs of the "donation" are less than the savings made on the sweetheart deal, ensuring garanteed profit.)
It is not because the corporation has suddenly developed a conscience and has some vestiage of humanitarian spirit lurking inside. it is always profit driven, due to their "fudiciary obligations."
So, I have no doubt that fuckerberg was hoping to make a profit by subsidizing internet access to rural people in india, that he could then get hooked on shitbook, and sell the personal information of for even more profit.
The problem becomes intractible when you consider this statistic is for GLOBAL economic activity, for extending access in ALL countries. That's a lot of sweetheart deals, and lots of assumptions.