because this will get spam laws accepted, challenged, and cemented a LOT faster than the current process. Why? cell phone access is metered, battery-limited, and often business-critical. "Sorry, I didn't get your voicemail about the system being down because all the spam ran my battery down". Right. That'd go over like a ton of bricks--and get the spammers sued for liability and lost earnings.
We should make sure that the laws that come out of this (and there WILL be laws, just as there WILL be cell-spam now that it's possible) also cover other forms of spam, including email and direct-mail.
I actually live in Austin and contacted them about this, here's essentially what I said:
"You're stumbled blindly into an undiscovered market with no competitors--the market for low-cost, low-profile low-end graphical terminals for home networks. Thousands of geeks are buying old PIIs and expensive, large monitors for their home networks but would really like slicker, more integrated boxen like your i-opener. You'll have to modify the pricing and hardware, do a bit of swapping out, but you can still provide a low-cost solution with a low profile for this market and make money head over foot..."
blanu is one of the developers I know, and have discussed with him this post; this is one of the top developers, Brandon Wiley, as listed on the sourceforge freenet homepage. This response to Eric's attack on freenet needs to be modded up such that it appears along side it.
Two points--the web and freenet aren't competing, for a variety of reasons. A web implementation would make it trivial to find the source of a posting, and also remove a posting--these are things FreeNet is working against.
Secondly, just in case you're interested, there are plans in the pipe for gateways between FreeNet and the Web, i.e. access freenet info through a normal browser--this will leverage the ubiquity of the web without letting the freenet network depend on it, you'll still have to upload your info to a node the normal fashion (as I understand it) which will protect your privacy and the information.
It's pretty scary when Wired slams you with the headline, "Alternative Net Protects Pirates", which contained in the story gems such as:
" Eric Scheirer, a music technology researcher at MIT's Media Lab, said Freenet is an interesting experiment, but said it would likely be used only by a small community of pirates and "privacy nuts." "
And, failing Monday's piece in the Nando Times(http://www.nandotimes.com/opinions/story/bod y/0,1096,500188504-500253045-501284316-0,00.html) , that's actually been the best article so far. The New Scientist is running "Out of control: The Internet is about to get even harder to police" in their current issue at http://www.newscientist.com/news/news_223135.htm l , and ABCNews.com did a one-paragraph style summary of this article at http://more.abcnews.go.com/sections/tech/dailyne ws/freenet000322.html , with the lead of "An Internet system designed to guarantee anonymous free speech on the Web could be used by child pornographers and terrorists, according to New Scientist magazine, " which then proceeds to all but call You and the other programmers pedophiles in a grammatical burp.
My question is, if this is to be successful (which I for one am all in favor of, I'm in close contact with Brandon and Steven, two of the FreeNet programmers, and am very much in support of the existence of this), FreeNet can't come off as a tool for criminals and miscreants, lest you attract more attention than you'd like from the Fed-types. Now, you may say that because it's open-source and already available etc. that the Feds can't put it down, but if it is branded as an evil tool for child pornographers (like it is currently), it will never gain the popularity and user-base needed to make it sufficiently robust against machine removals.
To get something called a tool for privacy nuts by Wired is pretty bad--and the rest of the press has been worse; is there any plan to get this project out of the gutter?
Good point on the certicom patents, but I've used both ECC and RSA, and shotgun-accurate, ECC is muuuch faster for roughly equivalent strengths. It's also much smaller per key; RSA 1024 is about as strong as ECC 131 or 163 (depending on who you're talking to, both are considered by Certicom to be computationally unfeasible).
Quoting Alfred Menzes, a consultant at Certicom and general ECC god-of-knowledge,in his web page says:
NIST recommended that 256-bit ECC key lengths be used for equivalent security as 128-bit AES, and that 384-bit and 512-bit ECC be used for 192-bit and 256-bit AES. The rough estimates of RSA key lengths for equivalent security are 3072 bits, 7680 bits, and 15630 bits. Imagine the performance degradation incurred with RSA implementations at these key sizes, even with e=3!!
This same paper (written in response to Bruce's discussion of ECC in his Nov99 crypto-gram goes on to say on speed:
It is generally agreed that ECC private key operations (signature generation and decryption) are faster than RSA private key operations. It is also generally agreed that ECC public key operations (signature verification and encryption) are slower than RSA public key operations when a small encryption exponent (such as e=3) is used.
He's evidentally building a new house, maybe he's working on the Lord British mansion trying to get it ready for next Halloween...
Also, talking to some Origin employees, there was no small amount of unrest and unease about the EA buyout and heavy-handedness, not to mention EA's history of running game companies into the groung then moving on. Some employees even had shirts with the EA triangle/circle/square logo made out in Borg-style tech.
Maybe Garriot's looking to jumpstart a new gaming company? I'm sure he could attract a lot of the original Origin programming group out of EA.
Maybe Mattel should partner with WAVE--anyone trying to get around CyberPatrol or run CPHack against it will be automatically reported to WAVE and have 'counselors' show up immediately to 'talk' to this offender of common social values about why they don't NEED to know about breast cancer, safe sex practices, STDs or the like.
While the implications for GPL in general and reverse engineering, and all of that are Highly Important, there seems to be a general silence about the, as I see it, FAR more dire consequences here.
Not only is Mattel going after the program, it's also going after the ESSAY and the BLACKLIST. Wait a minute here! Is this ruling saying that while the government can't censor, private companies can censor people--even non-employees??? This is especially frightful considering the CyberPatrol practice of blacklisting sites critical of CyberPatrol even if the user is only filtering, say, porn or whatnot.
Eunuchs are males who have select I/O ports reconfigured early in their development such that they may maintain a stable state throughout their lives and therefore be highly compliant as Opera components and supporting systems.
Non-eunuchs develop normally, but loose the ability to be Opera compliant (except at a very bass level). Furthermore, non-eunuchs gain the ability to really dick people over, as witnessed Feb. 17th.
I mean, it's the differentiator between Unix systems and pretty much everything else....
Also, think of the user experience. For the most part, end users of a unix system experience the same behaviour. cd is cd is cd, cdup is cdup is cdup. cp, mv, vi/pico/emacs are all there, etc. etc. It's only on the back end that the Unices vary so widely. I've moved my old website from HPUX to Sun to Linux to OpenBSD, with others in between and the only major changes were due to differing security/CGI settings and the path to perl...
I'm failing to understand something. Why does it take monay to save iridium? Is there no way we could somehow get the company their tax write-off and have them just open up the network for public use instead of directing them all to suicide?
Furthermore, The guy who pulled out of buying it--how much bandwidth is actually available on these things? If we're talking 56k or somesuch for uplink, then we need to rethink this. Sure, it could be the absolute cooooolest text-based orbital BBS, but really. Beyond the coolness value, I'm doubting the iridiums have that much to offer. Certainly not security.
I thought the fun in Dune2 was running over people with a Spice Harvester and getting that wonderfully digitized "splut" sound out of your SoundBlaster Pro while your GUS sound card played the midi while emulating an MT-32.
Oh, I disagree. If this law goes through, I have a business plan proposition for everyone to join in. Start up a free-web-mail (hotmail-style) service in Washington with the hook of "Since this service is hosted in washington, and the company is a legal resident of the state, all spam mail received through this service that is out of compliance with Washington state law will be prosecuted to the fullest extent of the law" etc. Also, allow forwarding (free or fee? *shrug* tack a text ad onto the.sig of the email?) from this address, so you can not only filter all mischeivious spam, but know that the ISP will prosecute the sender. How many of us would sign up for that service? Especially if it came with lots of fun tools such as bulkmail folders, auto-spam complaint generators (a little scriptlet that reads headers and attempts to contact postmaster@/abuse@relevant.address.com?)
Hell, I'd even pay for it. spammers can FOAD. If states implement it differently, all the better for the consumer (in that it remains only for spam, that is, I admit that caveat), and better for some states in that it will dramatically increase ecommerce through servers in their states because of people seeking protection from spam.
Has this judge actually READ the law? It only requires that spammers user real addresses, and don't misrepresent themselves. I thought in general that misrepresenting oneself was illegal, anyway, but a law that spells this fact out for spam/UCE is overly restrictive?
Please. Anyone got this judge's email addy? We could type it in at some nice, Truste-certified websites for him and see if he still feels that this law is too restrictive.
From their FAQs Q: What happens if my Web site fails a compliance review?
A: In the unlikely event that a site fails a compliance review or TRUSTe has reason to believe that a site is in non-compliance with its stated privacy practices, we will conduct an escalating investigation. Depending on the severity of the breach, the investigation could result in an on-site compliance review by a CPA firm, or revocation of the site's trustmark license. After TRUSTe has exhausted all escalation efforts, extreme violations are referred to the appropriate law authority, which in the U.S. may include the appropriate attorney general's office, the Federal Trade Commission, or the Consumer Protection Agency. TRUSTe may pursue breach of contract or trademark infringement litigation against the site.
I never said they'd take the seal away, but they will hold off on giving it out the first time until the site modifies its practice, as the CEO mentioned in the article. I'd wager this happens/after/ payment, but I can't say for sure. Did you respond to the right post, btw?
In general, I trust no-one, but it is part of Truste's 'deal' that the privacy policy must be easily viewable. Says so on their website as well as in the Salon article.
There's a reason I have many random hotmail accounts that I use to receive activation passwords and nothing else.
I don't understand how this is surprising ANYONE. The only thing truste 'does' for the end user is to say that the company follows the privacy policy it lays out and allows exits at required locations (you can't be forced to give your email address before reading the privacy policy, for example)
It does not, never has, never will, alleviate the need to read the actual policy at a website, word for word, before giving it a valid email address.
Truste is good for privacy policy building, its wizard is excellent for delineating exactly what you do and what you say. This is its true value add for businesses. Realize that Truste is for businesses, and not consumers, and a lot becomes clear. This is the only way this model can work--how many business would bay hundreds of dollars to get something on their site that reads {Truste Certified. This site sells email addresses}
Right. Just south of 1.
Something that would be interesting, tho, is an implementation of that web grafitti software (the controversail one that allows you to post messages connected to websites that other people with the same ware can see?) and have a real, consumer-advocacy-style group go through the big e-commerce sites and rate their privacy practices.
To the 0wn3rz go the ComSats
on
R.I.P. Iridium
·
· Score: 4
Rogue communication satellites abandoned by their creators and no longer supported by their users? Satellites/designed/ for cellphone-like communication?
Hmmmmm... hack targets. *drool* Think of the freenet-style net we could bring on if someone hacked these babies and set up satelite networking. Do they have inband commands?
My bets are on the Cult of the Dead Cow to be the first to OwN these guys. Heh. I predict a satellite-hack version of king of the hill coming up.
Re:Social Firewalls and knowing the enemy
on
Database Nation
·
· Score: 2
I've gotten into a few arguments and usually opted for alternate forms of ID (equally as dangerous, but still).
The fact of the matter is, gov't agencies, if they ask for your SSN, have to give you a Privacy Act Disclosure Notice. Private companies can ask for it. You can refuse but, as you found out, possibly at the cost of not receiving the service you were requesting.
Great links are: http://www.cpsr.org/cpsr/privacy/ssn/SSN-Private .html#private and http://www.cpsr.org/cpsr/privacy/ssn/ssn.faq.htm l#IsItIllegalToAsk
Slashdot Mirror
because this will get spam laws accepted, challenged, and cemented a LOT faster than the current process. Why? cell phone access is metered, battery-limited, and often business-critical. "Sorry, I didn't get your voicemail about the system being down because all the spam ran my battery down". Right. That'd go over like a ton of bricks--and get the spammers sued for liability and lost earnings.
We should make sure that the laws that come out of this (and there WILL be laws, just as there WILL be cell-spam now that it's possible) also cover other forms of spam, including email and direct-mail.
I actually live in Austin and contacted them about this, here's essentially what I said:
"You're stumbled blindly into an undiscovered market with no competitors--the market for low-cost, low-profile low-end graphical terminals for home networks. Thousands of geeks are buying old PIIs and expensive, large monitors for their home networks but would really like slicker, more integrated boxen like your i-opener. You'll have to modify the pricing and hardware, do a bit of swapping out, but you can still provide a low-cost solution with a low profile for this market and make money head over foot..."
blanu is one of the developers I know, and have discussed with him this post; this is one of the top developers, Brandon Wiley, as listed on the sourceforge freenet homepage. This response to Eric's attack on freenet needs to be modded up such that it appears along side it.
Two points--the web and freenet aren't competing, for a variety of reasons. A web implementation would make it trivial to find the source of a posting, and also remove a posting--these are things FreeNet is working against.
Secondly, just in case you're interested, there are plans in the pipe for gateways between FreeNet and the Web, i.e. access freenet info through a normal browser--this will leverage the ubiquity of the web without letting the freenet network depend on it, you'll still have to upload your info to a node the normal fashion (as I understand it) which will protect your privacy and the information.
It's pretty scary when Wired slams you with the headline, "Alternative Net Protects Pirates", which contained in the story gems such as:
d y/0,1096,500188504-500253045-501284316-0 ,00.html) , that's actually been the best article so far. The New Scientist m l , and ABCNews.com e ws/freenet000322.html
"
Eric Scheirer, a music technology researcher at MIT's Media Lab, said Freenet is an interesting experiment, but said it would likely be
used only by a small community of pirates and "privacy nuts."
"
And, failing Monday's piece in the Nando Times(http://www.nandotimes.com/opinions/story/bo
is running "Out of control: The Internet is about to get even harder to police" in their current issue at
http://www.newscientist.com/news/news_223135.ht
did a one-paragraph style summary of this article at
http://more.abcnews.go.com/sections/tech/dailyn
, with the lead of "An Internet system designed to guarantee anonymous free speech on the Web could be used by child pornographers and terrorists, according to New Scientist magazine, " which then
proceeds to all but call You and the other programmers pedophiles in a grammatical burp.
My question is, if this is to be successful (which I for one am all in favor of, I'm in close contact with Brandon and Steven, two of the FreeNet programmers, and am very much in support of the existence of this), FreeNet can't come off as a tool for criminals and miscreants, lest you attract more attention than you'd like from the Fed-types. Now, you may say that because it's open-source and already available etc. that the Feds can't put it down, but if it is branded as an evil tool for child pornographers (like it is currently), it will never gain the popularity and user-base needed to make it sufficiently robust against machine removals.
To get something called a tool for privacy nuts by Wired is pretty bad--and the rest of the press has been worse; is there any plan to get this project out of the gutter?
Quoting Alfred Menzes, a consultant at Certicom and general ECC god-of-knowledge,in his web page says:
This same paper (written in response to Bruce's discussion of ECC in his Nov99 crypto-gram goes on to say on speed:
He's evidentally building a new house, maybe he's working on the Lord British mansion trying to get it ready for next Halloween...
Also, talking to some Origin employees, there was no small amount of unrest and unease about the EA buyout and heavy-handedness, not to mention EA's history of running game companies into the groung then moving on. Some employees even had shirts with the EA triangle/circle/square logo made out in Borg-style tech.
Maybe Garriot's looking to jumpstart a new gaming company? I'm sure he could attract a lot of the original Origin programming group out of EA.
...In a better world:
Maybe Mattel should partner with WAVE--anyone trying to get around CyberPatrol or run CPHack against it will be automatically reported to WAVE and have 'counselors' show up immediately to 'talk' to this offender of common social values about why they don't NEED to know about breast cancer, safe sex practices, STDs or the like.
*sigh*
While the implications for GPL in general and reverse engineering, and all of that are Highly Important, there seems to be a general silence about the, as I see it, FAR more dire consequences here.
Not only is Mattel going after the program, it's also going after the ESSAY and the BLACKLIST. Wait a minute here! Is this ruling saying that while the government can't censor, private companies can censor people--even non-employees??? This is especially frightful considering the CyberPatrol practice of blacklisting sites critical of CyberPatrol even if the user is only filtering, say, porn or whatnot.
Besides the obvious barbies and board games, what else does MAttel make? I don't particularly want to buy anything they're making, period.
Eunuchs are males who have select I/O ports reconfigured early in their development such that they may maintain a stable state throughout their lives and therefore be highly compliant as Opera components and supporting systems.
Non-eunuchs develop normally, but loose the ability to be Opera compliant (except at a very bass level). Furthermore, non-eunuchs gain the ability to really dick people over, as witnessed Feb. 17th.
I mean, it's the differentiator between Unix systems and pretty much everything else....
Also, think of the user experience. For the most part, end users of a unix system experience the same behaviour. cd is cd is cd, cdup is cdup is cdup. cp, mv, vi/pico/emacs are all there, etc. etc. It's only on the back end that the Unices vary so widely. I've moved my old website from HPUX to Sun to Linux to OpenBSD, with others in between and the only major changes were due to differing security/CGI settings and the path to perl...
I'm failing to understand something. Why does it take monay to save iridium? Is there no way we could somehow get the company their tax write-off and have them just open up the network for public use instead of directing them all to suicide?
Furthermore, The guy who pulled out of buying it--how much bandwidth is actually available on these things? If we're talking 56k or somesuch for uplink, then we need to rethink this. Sure, it could be the absolute cooooolest text-based orbital BBS, but really. Beyond the coolness value, I'm doubting the iridiums have that much to offer. Certainly not security.
But it would be cool.
I thought the fun in Dune2 was running over people with a Spice Harvester and getting that wonderfully digitized "splut" sound out of your SoundBlaster Pro while your GUS sound card played the midi while emulating an MT-32.
Check out the kinda sucky wired story
Well, even so there's Bruce Sterling's Hacker Crackdown that was published online...
Oh, I disagree. If this law goes through, I have a business plan proposition for everyone to join in. Start up a free-web-mail (hotmail-style) service in Washington with the hook of "Since this service is hosted in washington, and the company is a legal resident of the state, all spam mail received through this service that is out of compliance with Washington state law will be prosecuted to the fullest extent of the law" etc. Also, allow forwarding (free or fee? *shrug* tack a text ad onto the .sig of the email?) from this address, so you can not only filter all mischeivious spam, but know that the ISP will prosecute the sender. How many of us would sign up for that service? Especially if it came with lots of fun tools such as bulkmail folders, auto-spam complaint generators (a little scriptlet that reads headers and attempts to contact postmaster@/abuse@relevant.address.com?)
Hell, I'd even pay for it. spammers can FOAD. If states implement it differently, all the better for the consumer (in that it remains only for spam, that is, I admit that caveat), and better for some states in that it will dramatically increase ecommerce through servers in their states because of people seeking protection from spam.
Has this judge actually READ the law? It only requires that spammers user real addresses, and don't misrepresent themselves. I thought in general that misrepresenting oneself was illegal, anyway, but a law that spells this fact out for spam/UCE is overly restrictive?
Please. Anyone got this judge's email addy? We could type it in at some nice, Truste-certified websites for him and see if he still feels that this law is too restrictive.
Is GPL now "General Pubic Licentiousness"?
And if it is GPLed, doesn't that mean you can't resell something that packages it? Does this make prostitution universally illegal due to the GPL???
That'll hurt Las Vegas come next comdex.
It's been one of those days.
It is interesting, tho, that revocation of the trustmark is not automatic upon a compliance failure.
Q: What happens if my Web site fails a compliance review?
A: In the unlikely event that a site fails a compliance review or
TRUSTe has reason to believe that a site is in non-compliance with
its stated privacy practices, we will conduct an escalating
investigation. Depending on the severity of the breach, the
investigation could result in an on-site compliance review by a CPA
firm, or revocation of the site's trustmark license. After TRUSTe has
exhausted all escalation efforts, extreme violations are referred to
the appropriate law authority, which in the U.S. may include the
appropriate attorney general's office, the Federal Trade
Commission, or the Consumer Protection Agency. TRUSTe may
pursue breach of contract or trademark infringement litigation
against the site.
I never said they'd take the seal away, but they will hold off on giving it out the first time until the site modifies its practice, as the CEO mentioned in the article. I'd wager this happens /after/ payment, but I can't say for sure. Did you respond to the right post, btw?
In general, I trust no-one, but it is part of Truste's 'deal' that the privacy policy must be easily viewable. Says so on their website as well as in the Salon article.
There's a reason I have many random hotmail accounts that I use to receive activation passwords and nothing else.
I don't understand how this is surprising ANYONE. The only thing truste 'does' for the end user is to say that the company follows the privacy policy it lays out and allows exits at required locations (you can't be forced to give your email address before reading the privacy policy, for example)
It does not, never has, never will, alleviate the need to read the actual policy at a website, word for word, before giving it a valid email address.
Truste is good for privacy policy building, its wizard is excellent for delineating exactly what you do and what you say. This is its true value add for businesses. Realize that Truste is for businesses, and not consumers, and a lot becomes clear. This is the only way this model can work--how many business would bay hundreds of dollars to get something on their site that reads {Truste Certified. This site sells email addresses}
Right. Just south of 1.
Something that would be interesting, tho, is an implementation of that web grafitti software (the controversail one that allows you to post messages connected to websites that other people with the same ware can see?) and have a real, consumer-advocacy-style group go through the big e-commerce sites and rate their privacy practices.
Rogue communication satellites abandoned by their creators and no longer supported by their users? Satellites /designed/ for cellphone-like communication?
Hmmmmm... hack targets. *drool* Think of the freenet-style net we could bring on if someone hacked these babies and set up satelite networking. Do they have inband commands?
My bets are on the Cult of the Dead Cow to be the first to OwN these guys. Heh. I predict a satellite-hack version of king of the hill coming up.
I've gotten into a few arguments and usually opted for alternate forms of ID (equally as dangerous, but still).
e .html#private m l#IsItIllegalToAsk
The fact of the matter is, gov't agencies, if they ask for your SSN, have to give you a Privacy Act Disclosure Notice. Private companies can ask for it. You can refuse but, as you found out, possibly at the cost of not receiving the service you were requesting.
Great links are:
http://www.cpsr.org/cpsr/privacy/ssn/SSN-Privat
and
http://www.cpsr.org/cpsr/privacy/ssn/ssn.faq.ht
as well as http://www.ssa.gov/pubs/10002.html