No, it was not for the better. Nixon should have been hanged, as should Bush and Cheney be hanged. Allowing our leaders to get away with war crimes only ensures future war crimes.
If HTML5 adopted a studio-approved DRM solution Netflix (and most other streaming providers) would drop Silverlight and Flash in a heartbeat. There is definitely something to be said for that...
What exactly is to be said for that? As long as Netflix uses DRM, they deserve all the silverlight/flash headaches they get. Making DRM easier for Netflix doesn't benefit anyone but Netflix.
The Iraq war was an unpopular idea at the time. Some of the largest protests ever occured in opposition to the Iraq war. That the media at the time doesn't make this clear is testament to the power of the American propaganda system.
The FBI only cares if you embarass a major campaign contributor. e.g. AT&T is the largest campaign contributor in the country, beating out even Goldman Sachs.
Why not? They could abolish the corporation as an entity today without affecting anyones rights to assemble. All the freedom to assemble means is that physical human beings have the right to congregate in one place. This is completely unrelated to incorporation.
But as OWS showed, the right to assemble no longer exists in the US.
I preempted your obviousness with the phrase "(not the same as pretending to be a generic browser)" in my post. Did you not read it?
What's the significance of that? A user agent is not an authorization or authentication mechanism. It doesn't matter what the UA is, it's not hacking.
Again, you made that up on the spot. And it has NOTHING to do with law.
Bullshit. It's easily independently verified as fact. Either publicly facing web servers are intended to be default allow or default deny. Let's assume they are default deny. Did you get permission before you sent slashdot.org an HTTP GET request? No? OMG, unauthorized access! Hacker hacker! Better get the FBI!
But, you say, there's a TOS that authorizes access. Unfortunately, that TOS resides on a page that you can't request without already having authorization. You have to make an unauthorized request before you even know if you have authorization. Clearly, this is a cluster fuck, and would make the internet unusable if default deny was the standard.
So there you have it. Assuming that default allow is not the general policy of the internet leads to an absurd result. Therefore default allow is the policy of the internet. QED.
And the only way you can know whether you are allowed access to a building is to try all the doors, and assume it's public property if you find one that isn't locked?
Ah, so at least you admit that it's OK for me to jiggle the lock. Now explain to me how I can jiggle the metaphorical lock and determine whether or not I am authorized without getting the content back.
If all I do is jiggle the lock, and the web server responds with private data, who's fault is that?
I repeat, what you think is not illegal clearly is, because this guy just got convicted for it. The evidence is on my side.
You assume the government itself obeys the law. We abandoned the rule of law a long time ago. Most activity of the government is illegal and they only get away with it because they have all the guns.
if the government has the ability to regulate the most important tools used in political speech, it has basically regulated the speech.
By providing such a powerful tool for speech, the government has already regulated speech. They have ensured that the vast majority of speech people are exposed to through the media carries a pro-corporate message. That is not free speech.
Not quite. They found that, since a corporation was just a collection of people, you could not restrict their right to free speech.
What they forgot was that the very existence of a corporation is a privilege granted by government. They don't even have to exist at all, and in their absence people still have the right to free speech. Since the private individuals that comprise a corporation still retain all of their individual rights when the corporation's speech is restricted, it can't be
Restricting corporate speech is not a restriction on individual rights. Permitting corporate speech is rightly considered as government assistance for that speech, and the government is not obligated to help you speak.
I think we can probably engineer some way to have both a free corporate press and restricted corporate political speech - but I'm not smart enough to say how.
How about we have neither? Free speech for individuals, and only individuals. A corporate press is simply too dangerous, individuals cannot compete with it. And I include the government in this too, the government as an entity should be making no speech at all, except for legislation and official policy statements. It certainly should not be lobbying its constituents.
We don't have the actual headers of the request he used. But we know he didn't just construct a URL. We know that he constructed a request pretending to be (spoofing) a request from an iPad. So he set up the User Agent to claim to be from a particular iPad app (not the same as pretending to be a generic browser). And he set up a request for a particular iPad identity. Which would typically be in the body of a request, not the URL. He may have spoofed other elements, but as I say we don't have the actual request in question.
I also want to add that all of those activities sound exactly like one would do if he wanted to reverse engineer a protocol for compatibility reasons. That is a practice that has been in wide use for a long time, and the internet wouldn't exist as it is today without it.
Prosecuting someone who has poked around at a web server with no authorization controls hurts all of us who want to use third party clients with proprietary web apps.
Further, I want to add that this is a bad ruling for policy reasons. If you want AT&T to implement good security (and I think we all do), you have to hold them liable for breaches of that security. If they can go crying to the police every time their lack of security bites them in the ass, they have no incentive to implement real security.
Prosecuting someone who has done nothing but request URLs and give their content to a newspaper hurts all of us who expect our private data to be secured with actual authorization controls.
I suspect they were primarily concerned with the adverse effect suspending the first sale doctrine would have on currently legitimate business. Surely ending the first sale doctrine overseas would benefit the publishers, but it would hurt a lot of other companies too.
I doubt the rights of the individual ever came up.
We don't have the actual headers of the request he used. But we know he didn't just construct a URL. We know that he constructed a request pretending to be (spoofing) a request from an iPad. So he set up the User Agent to claim to be from a particular iPad app (not the same as pretending to be a generic browser). And he set up a request for a particular iPad identity. Which would typically be in the body of a request, not the URL. He may have spoofed other elements, but as I say we don't have the actual request in question.
So users of the User Agent Switcher are hackers now? None of this amounts to any type of authentication or authorization, so it's impossible for any reasonable person to say his access was unauthorized.
But you did it in the knowledge that you could have navigated there using the intended links.
How am I supposed to know whether a URI has links to it or not? Why is the presence of a link (which could be created by third parties) more important than the actual security settings of the web server?
Just because something isn't protected by locks or other security measures doesn't mean it's OK for you to steal it.
Again, the internet operates on an assumption of default allow. The only way I know whether I am allowed to access a resource is to try and see if it is available.
What's the difference between spoofing, and requesting an URL? What made weev's HTTP GET a "spoof" and what makes mine legit? Lay it out for me in technical terms. Is it because he constructed the URL manually? Guess what, I constructed the URL to your user page manually too. What's the real difference?
FWIW, there was nothing clever about this at all. weev's a dick, and he deserves to be in jail, but for many other things. But in this particular act, he was clearly unjustly railroaded. I wish he had been caught *actually hacking*, in which case I could enjoy the shadenfreude. But this isn't hacking, and this ruling endangers everyone on the internet.
Slashdot Mirror
Yes, yes I would.
How is bringing a war criminal to justice "stooping low"?
No, I'd quite like to see Obama hanged as well.
Then Johnson and Kennedy should have been hanged for their crimes, just as Nixon should be hanged for his.
No, it was not for the better. Nixon should have been hanged, as should Bush and Cheney be hanged. Allowing our leaders to get away with war crimes only ensures future war crimes.
If HTML5 adopted a studio-approved DRM solution Netflix (and most other streaming providers) would drop Silverlight and Flash in a heartbeat. There is definitely something to be said for that...
What exactly is to be said for that? As long as Netflix uses DRM, they deserve all the silverlight/flash headaches they get. Making DRM easier for Netflix doesn't benefit anyone but Netflix.
The Iraq war was an unpopular idea at the time. Some of the largest protests ever occured in opposition to the Iraq war. That the media at the time doesn't make this clear is testament to the power of the American propaganda system.
The FBI only cares if you embarass a major campaign contributor. e.g. AT&T is the largest campaign contributor in the country, beating out even Goldman Sachs.
That might be why I don't like it. I haven't enjoyed a comedy with a laugh track since Seinfeld.
Explain Beethoven. Explain red velvet cupcakes. Explain Batman.
Those things are good. Their popularity doesn't need an explanation.
Why not? They could abolish the corporation as an entity today without affecting anyones rights to assemble. All the freedom to assemble means is that physical human beings have the right to congregate in one place. This is completely unrelated to incorporation.
But as OWS showed, the right to assemble no longer exists in the US.
OK, now explain to me the popularity of the Big Bang Theory?
Usually when there are bids for a contract, the losing bids are confidential.
That should be illegal. The public procurement process should be completely transparent. Don't like it? Don't do business with the government.
No, the best solution is complete transparency. If the facts are defamatory, so be it.
I preempted your obviousness with the phrase "(not the same as pretending to be a generic browser)" in my post. Did you not read it?
What's the significance of that? A user agent is not an authorization or authentication mechanism. It doesn't matter what the UA is, it's not hacking.
Again, you made that up on the spot. And it has NOTHING to do with law.
Bullshit. It's easily independently verified as fact. Either publicly facing web servers are intended to be default allow or default deny. Let's assume they are default deny. Did you get permission before you sent slashdot.org an HTTP GET request? No? OMG, unauthorized access! Hacker hacker! Better get the FBI!
But, you say, there's a TOS that authorizes access. Unfortunately, that TOS resides on a page that you can't request without already having authorization. You have to make an unauthorized request before you even know if you have authorization. Clearly, this is a cluster fuck, and would make the internet unusable if default deny was the standard.
So there you have it. Assuming that default allow is not the general policy of the internet leads to an absurd result. Therefore default allow is the policy of the internet. QED.
And the only way you can know whether you are allowed access to a building is to try all the doors, and assume it's public property if you find one that isn't locked?
Ah, so at least you admit that it's OK for me to jiggle the lock. Now explain to me how I can jiggle the metaphorical lock and determine whether or not I am authorized without getting the content back.
If all I do is jiggle the lock, and the web server responds with private data, who's fault is that?
I repeat, what you think is not illegal clearly is, because this guy just got convicted for it. The evidence is on my side.
You assume the government itself obeys the law. We abandoned the rule of law a long time ago. Most activity of the government is illegal and they only get away with it because they have all the guns.
Music as a way of making a living is as viable as ever. I spend more per month seeing musicians play live than I spent on CDs.
You can subject the freedom to associate to the same analysis. You are free to assemble, but the government doesn't have to assist your assembly.
if the government has the ability to regulate the most important tools used in political speech, it has basically regulated the speech.
By providing such a powerful tool for speech, the government has already regulated speech. They have ensured that the vast majority of speech people are exposed to through the media carries a pro-corporate message. That is not free speech.
Not quite. They found that, since a corporation was just a collection of people, you could not restrict their right to free speech.
What they forgot was that the very existence of a corporation is a privilege granted by government. They don't even have to exist at all, and in their absence people still have the right to free speech. Since the private individuals that comprise a corporation still retain all of their individual rights when the corporation's speech is restricted, it can't be
Restricting corporate speech is not a restriction on individual rights. Permitting corporate speech is rightly considered as government assistance for that speech, and the government is not obligated to help you speak.
I think we can probably engineer some way to have both a free corporate press and restricted corporate political speech - but I'm not smart enough to say how.
How about we have neither? Free speech for individuals, and only individuals. A corporate press is simply too dangerous, individuals cannot compete with it. And I include the government in this too, the government as an entity should be making no speech at all, except for legislation and official policy statements. It certainly should not be lobbying its constituents.
"The Press" in the UK has systematically abused it's position.
We're not talking about the press. We're talking about individuals like you and me expressing our opinions online, and getting hit with libel charges.
Having been skating on thin ice for more than a decade, hacking of phones of both the weak and the powerful was the final straw.
Phone hacking was already illegal. There's no need for a new law.
We don't have the actual headers of the request he used. But we know he didn't just construct a URL. We know that he constructed a request pretending to be (spoofing) a request from an iPad. So he set up the User Agent to claim to be from a particular iPad app (not the same as pretending to be a generic browser). And he set up a request for a particular iPad identity. Which would typically be in the body of a request, not the URL. He may have spoofed other elements, but as I say we don't have the actual request in question.
I also want to add that all of those activities sound exactly like one would do if he wanted to reverse engineer a protocol for compatibility reasons. That is a practice that has been in wide use for a long time, and the internet wouldn't exist as it is today without it.
Prosecuting someone who has poked around at a web server with no authorization controls hurts all of us who want to use third party clients with proprietary web apps.
Further, I want to add that this is a bad ruling for policy reasons. If you want AT&T to implement good security (and I think we all do), you have to hold them liable for breaches of that security. If they can go crying to the police every time their lack of security bites them in the ass, they have no incentive to implement real security.
Prosecuting someone who has done nothing but request URLs and give their content to a newspaper hurts all of us who expect our private data to be secured with actual authorization controls.
I suspect they were primarily concerned with the adverse effect suspending the first sale doctrine would have on currently legitimate business. Surely ending the first sale doctrine overseas would benefit the publishers, but it would hurt a lot of other companies too.
I doubt the rights of the individual ever came up.
We don't have the actual headers of the request he used. But we know he didn't just construct a URL. We know that he constructed a request pretending to be (spoofing) a request from an iPad. So he set up the User Agent to claim to be from a particular iPad app (not the same as pretending to be a generic browser). And he set up a request for a particular iPad identity. Which would typically be in the body of a request, not the URL. He may have spoofed other elements, but as I say we don't have the actual request in question.
So users of the User Agent Switcher are hackers now? None of this amounts to any type of authentication or authorization, so it's impossible for any reasonable person to say his access was unauthorized.
But you did it in the knowledge that you could have navigated there using the intended links.
How am I supposed to know whether a URI has links to it or not? Why is the presence of a link (which could be created by third parties) more important than the actual security settings of the web server?
Just because something isn't protected by locks or other security measures doesn't mean it's OK for you to steal it.
Again, the internet operates on an assumption of default allow. The only way I know whether I am allowed to access a resource is to try and see if it is available.
You should also mention Julian Assange, who has never stepped foot in the United States and has never been subject to its laws.
FWIW, he was on the Colbert Report (filmed in NYC) in 2010.
What's the difference between spoofing, and requesting an URL? What made weev's HTTP GET a "spoof" and what makes mine legit? Lay it out for me in technical terms. Is it because he constructed the URL manually? Guess what, I constructed the URL to your user page manually too. What's the real difference?
FWIW, there was nothing clever about this at all. weev's a dick, and he deserves to be in jail, but for many other things. But in this particular act, he was clearly unjustly railroaded. I wish he had been caught *actually hacking*, in which case I could enjoy the shadenfreude. But this isn't hacking, and this ruling endangers everyone on the internet.