The gist of sending money from the phone appears to work like this:
1. You text message them or call an 800 number and tell the system to send money to another phone number. 2. The system calls you back and asks you for a PIN for confirmation. You put in the PIN. 3. Money gets sent.
Activating the service to work from your phone in the first place requires a) A paypal account, and b) for you to do the whole PIN confirmation thing once to get the idea of it and make sure that you have the phone and that they can contact you and so forth.
Of course, somebody could probably spoof a text message from you to send money to themselves, but it would then call you back and ask for your PIN to confirm.
Vigilantism is still against the law in this case.
Fuck the law. The law is not working to solve the problem. And until it does, other measures must be taken.
Despite the popular saying, two wrongs CAN make a right.
Computer tampering is computer tampering.
Amazingly enough, it's not. There is a difference between actively patching somebody's computer and popping up a message saying "your shit is broken, do you want to fix it (yes/no)?"
The law may not recognize that difference, but like I said before, fuck the law.
The solution to this problem is to put a few of these guys in jail. The solution is for the feds to get off their goddam lazy asses and prosecute these people.
Waiting for the "feds" to get off their asses and get some shit done is all well and noble and civilized, but oddly enough, it means shit doesn't get done until they actually do that. And there's really no sign of them doing it anytime soon.
And on another note, imposing punishments for crime usually does not deter other would-be criminals. If it did, there'd certainly be no more filesharing services out there, now would there? Hell, just look at how many speeding tickets there are written every day...
You don't poke around in someone's compromised computer, for good or evil.
It's one thing to actually "poke around". It's another thing to send a "shutdown" command to the entire botnet.
I didn't say to actually update the thing. Just make it pop up the website. Let the user run his own update. There's a difference between throwing suggested courses of action in the users face and taking that action for yourself.
Yes, doing so would be against the law too. Well, you know what? Fuck the law. The law isn't solving the problem. The law is never going to solve the problem. People keep bitching that users are not fixing their shit, and this is true, so I suggest that instead of trying all this legal and proper bullshit, that you get in the user's face about it. Emailing people to tell them their computer is fucked is not going to work.
The reason that the exploits are effective are because the users don't care enough to patch their shit and the only way to solve it is to make it so annoying to not patch their shit that they will actually go and do it.
I'm not saying to do it for them. That would be going too far. But there are other means available than actually modifying their computer. If they're owned, then they should be told. If you can disable a botnet, then you should do so. Letting it run and fucking over half the planet with the spam it's sending out just so you can work your ass off to get the law to do something about the spammer, when the law could not care less about whole fucking thing, well, that's just not a real good fucking solution, is it?
The system is broken. Working through a broken system doesn't get shit done. If you want to call it vigilantism, well, then you're missing the point of what I'm saying, but so be it.
A "decent" bot wouldn't run code handed to it unless the executable was cryptographically signed with a private key matching the public key it knows belongs to its One True Beloved Master.
No, that would be a "well-designed" bot. Most botnets are being controlled by script-kiddies running code that they didn't write or possibly even read. Half of them wouldn't be able to pronounce "cryptography", much less use it.
Re:Botmasters will switch to distributed C&C
on
Meet the Botnet Hunters
·
· Score: 3, Insightful
I would imagine fear of the law and getting suied or thrown in jail.
So, here's a clue: Don't tell anybody you did it.
I mean, really. Make a popup or something that says you've been infected to the users, or better yet, just have the bot kill itself quietly and not do anything else. No need for it to be damaging, it's enough to have the bot just stop running and kill it's own restart sequence. Voila, instant botnet death.
Hell, maybe it's a normally available patch that just hasn't been applied, in which case opening Windows Update in a browser window might be enough to get the user to apply the patches, thinking that Windows did it itself, like it's actually prone to do sometimes.
I can think of dozens of ways to avoid prosecution. Hell, this guy has a hard enough time getting the botnet OWNER in trouble, injecting a few commands into the network that you know will do some good and not do any actual harm should be freakin' trivial.
The first rule of not getting in trouble is not getting caught.
FTA: "I know many users within my former organization who felt that anti-virus and spyware scanning would save them," Di Mino said. "However, now I see how many malicious files tied to major botnets remain undetected" by the most popular anti-virus programs.
So WTF? Why is he not forwarding these files on to the major anti-virus vendors like the good netizen he claims to be? ALL of the major vendors have submission mechanisms and are glad to work with researchers to detect this sort of thing. Is this guy sitting on his hands or what?
Things don't get better until people MAKE them get better.
First, if you can access the botnet to the degree at which this guy claims to be able to do, then you can take control of it. And with any decent botnet, you can make the things run arbitrary code. With only minor analysis of the bot, you could make the entire network self-destruct without too much difficulty. Have it kill it's own startup on reboot sequence, then have it create a new RunOnce to delete it's own executable on reboot. Then shut down or force a reboot or just pop a message up on the screen telling the user he's been infected. As soon as somebody notices they'll likely reboot and possibly install updates and patches to their bloody machine.
This is less risky than the obvious angle of simply patching the box so it can't get infected, because you know that the bot is not supposed to be running on the machine in the first place. Patching the box might go bad or have other unknown consequences, but having the bot kill itself is not nearly as bad. And by possibly informing the user of the facts, you can still scare them into patching their box. Screw shutting down the botnet owner's connection, shut down the botnet itself. Take away their tool in one swift stroke. Make 'em have to build a new one, hopefully from a whole new set of boxes.
If you honestly consider what websites you visit to be some kind of major secret, then by all means, don't use these sort of extensions.
Me, I don't much care who knows what websites I go to. It's just not a major secret that I read slashdot and digg and a few other online forums and such.
As for porn... dude, porn websites are so late 90's. Go retro with usenet!:D
The best part of that episode is that, when it first aired, I know that the narrator said "East Kentucky family" and everybody thought it was answered. Then they actually changed than line before releasing the episode into syndication, and now it says "Southern Missouri family". I thought that was a beautiful example of the writers messing around with the uber-fanboy crowd.:)
And your comments seem to completely ignore the whole fact that the entire thing is about the fact that whoever controls a server can deny access to whoever the hell they want.
Of course you can. However, you need to recognize that you are responsible for your actions and that there are circumstances where you will be held accountable for them.
For example, if you were, say, Amazon.com, and you intentionally stopped serving pages to some ISP, then that ISP might sue you. You've intentionally tried to damage that ISP by your actions.
Look at it from the ISPs point of view. Somebody on their network portscanned you, so you respond by blacklisting the ISP. The ISP didn't portscan you, so you've taken action against them without cause. They *do* have a case.
Here's the thing... for most people that this will actually impact, it will simply make it harder for AOL users to use whatever your service is.
AND THAT'S THE GOAL.
AOL has fallen on hard times recently. The "walled garden" isn't holding the users in like it used to. AOL users have come to consider that AOL = the internet, for the most part, and lots of them are using AOL as a more normal, but particularly expensive and annoying, ISP.
But that's not retaining existing customers. Once an AOL user finds out that signing up with a more traditional ISP is not only cheaper, but actually provides a far better service, then they tend to switch. AOL subscriber numbers have been dropping for ages now.
AOL wants to stop, or at least slow, that. And that's why they are going to this service. By degrading the rest of the internet to their users, they hope to make their walled garden seem better by comparison. If AOLers have problems with the internet services delivering email to them, then they will tend to blame the service itself, not AOL.
People complaining that this will make things harder for them are missing the point. It's supposed to make things harder for you. Hard enough to make you give up on supporting AOL users. This gives AOLers a bad impression of the rest of the network and keeps them in their walled garden.
Your comments do not take into consideration the original topic we were discussing at all. Re-read the parent post, and the grandparent, and ye even unto that of the great-great-grandparent before spouting off completely irrelevant material.
In other words, I could answer you, but it would not be worth my time as I never said anything you seem to think I did in the first place. Thank you, come again.
As for the first part -- yes, but it still came from the ISP's network, and how can the admin know that more isn't coming? It's a defensive move, and I really can't blame them if they get aggressive scanning coming out of a network and have no idea if something worse is about to hit. So yes, I can see that kind of reaction happening.
I can understand the reaction as well. I'm not saying it's wrong or anything like that. I'm just saying that in this day and age, doing that sort of thing can be a legal problem, not just a technical one.
You may be breaking some contracts if you do that sort of thing, or you may be breaking the actual law. Or not. Depends on your jurisdiction and interpretation. But regardless, you can be sued for anything, and in this particular instance, there's absolutely no guarantee that you will win. It would take lawyers and time and money as well.
Regardless, it's not as simple as just saying "my server, my rules" anymore. Back before law actually cared about the network, then yeah. But times have changed, man. Recognize the fact. Adapt.
For what? Slamming the door shut in their face when they decided to rattle the lock? Again, private property, what the property owner says goes. If they didn't want to be banned, maybe they shouldn't have gone stirring up trouble, huh?
The ISP didn't "rattle" anything, as user at the ISP did.
Blocking access to a single website or a single network isn't exactly the same thing as blocking users' email since the users have no control over the block, but the users DO have control over what websites they visit. Users have an expectation that email will always work, but they have no expectation that all web sites will always work.
Sorry, but email is not substantially any different than a web site in terms of providing a service. I'm under no obligation to accept your email, nor am I under any obligation to let you access my website. Same rules apply to both.
(Just playing devil's advocate here, I do not actually think that any of what I'm about to say is morally right in any way.)
Since when did allowing someone to access my web server become a right instead of a privilege that I specifically grant and can take away from anyone I choose at any time?
It happened the moment you decided to offer access to the public at large.
Let's try an example: Can shopping malls expel people for being black? Not at all similar, you say? Too racial? Okay, try this one instead: Can shopping malls expel random people for no reason whatsoever?
The answer to both of those, BTW, is no. Despite the fact that it's private property, it's nevertheless considered a public area because the public is granted admission. The owner can eject somebody for cause (making a scene, acting inappropriately, etc), but he cannot eject random people for no reason at all.
Now, the mall *can* eject people for being black or just at random, but then they are setting themselves up for a lawsuit that they might lose.
Similarly, while you'd be well within your rights to block anybody you like for any reason you like, if you do it without cause, then you're setting yourself for a lawsuit that you might lose. Blocking an entire ISP because of a single user of that ISP portscanning you is a shotgun approach. It causes financial damage to that ISP. Now, assuming that the ISP notices and cares, then yeah, they could probably sue you for it and they might even win.
Take the controversial issue of spam blocking for another example. Consider the MAPS service. They publish lists of ISP's they don't like for being friendly to spammers. Other people/ISPs use these lists to filter email from these ISPs out. Result: MAPS has been ordered by courts to remove some of these ISPs from their lists when the ISP sued the MAPS people. This has happened on a number of occasions. Now, is it MAPS right to make these lists in any way they see fit? The obvious answer is yes, however if in making these lists they can knowingly cause damages to ISPs (and since their stated *goal* is to financially damage ISPs in order to make them eject the spammers, they can't really argue otherwise), then some courts have said that they are liable for their actions in that respect.
Is it right? Well, that's debatable. But it is what it is, and the grandparent was correct, you are not guaranteed to win a suit in such a circumstance.
Do girls really only become women in the US at 18 but in most of Europe at 16? 14 in the Netherlands?
In the US, age of consent is left up to the individual states, and it varies from state to state. It's rarely set as high as 18. Most states have it at 16, actually, some have it at 17. A few have it as low as 14.
The Secret Service was created in 1865 in order to combat counterfeit currency. They expanded to include fraud against the government just a few years later.
The Secret Service didn't have anything to do with protecting the President until 1894, and that wasn't actually official until 1902.
From a law enforcement perspective, yes, it is a great difficulty.
Let's say I'm selling Firefox CD's and the cops arrest me, take my computer, take my CD's, publicize information that I'm a thief, yada yada yada. Now the Mozilla foundation rings up and says "hey, that's totally okay with us".. Suddenly not only am I vindicated, but I've got one hell of a good counter-lawsuit against the city.
It's a huge pain in the ass to verify that what somebody was doing was, in fact, illegal before actually arresting them for it. This is something that cops, very generally, don't do. They leave that to lawyers and prosecutors and such.
So in order to prevent wrongful arrest lawsuits against the city, lawyers and prosecutors tend to dumb the law down so that your average cops can understand it. They don't really need to know every single detail, just enough to tell them when to arrest somebody or not.
If you find somebody blatently selling burned CD's, how do you know if they're doing something legal or something illegal? If you have to actually look at the software they are selling and then contact the makers of that software (or find their statements online) before actually shutting the guy down, then yeah, that's a huge pain in the ass. You can't go by the license files the guy himself is giving you (he could be lying), and you can't go by what some random webpage says (it could also be a lie). You need a confirmed truth from the copyright holders mouth before they even take action in the first place.
This basically means that they'll have to know common open source packages, whether selling them is okay, etc, etc. It means a much more difficult training program, it means a much more complex set of guidelines to follow in determining whether or not they should take action against somebody. They have to distill all this information down into what are the possible crimes that can be committed so that the people actually enforcing can understand these things. And yeah, that's a huge pain in the ass.
Oh, and BTW, it's a GOOD thing that it's a huge pain in the ass, because it means that most of these bullshit IP laws will end up going unenforced. That's always nice.
Well, I would argue that they shouldn't be enforcing this sort of thing in the first place, but if they're going to be expected to enforce it, then yes, I agree that they need training and such on enforcing it properly.
If Mozilla permit the sale of copied versions of its software, it makes it virtually impossible for us, from a practical point of view, to enforce UK anti-piracy legislation.
This is one of the most asinine things I've heard in a long time! Just because one piece of software says that it can be distributed even though it's free does not mean that suddenly anti-piracy legislation is unenforceable!
I don't disagree with you that it's asinine, but you have to understand it from their point of view.
The word is coming down from on high to start policing copyright infringement, because some politicians are getting paid by the RIAA (or the UK equivalent). So government kicks into action to try to police that sort of thing. They encounter somebody burning copies of software and selling those. This is an instant red flag to them. Then they come to find out that not only is it totally legit, but actually encouraged.
In their mind, this makes the main thing they're looking for suddenly not always illegal. They don't know the license on each and every piece of software or other copyrighted material. They are looking to do their job in the easiest way possible. They were thinking somebody selling burned CD's = illegal. They were operating on that assumption. Now they are told that they must actually verify what's on those CD's and the licensing terms.
The "virtually unenforcable" is the giveaway line here. It's still perfectly enforcable, this woman just found out that it's not easy to enforce. They could see two people selling burned CD's, and one of them is legal while the other is not. The actions, on the surface, are identical, now they actually have to do work to determine legality.
It's a simple failure of comprehension of the task that they have been asked to do. They thought it was simple, but it's not, and they're understandably in shock at that fact. Okay, you and me understand copyright, and we knew this from the beginning, but this person clearly didn't. That is the disturbing part, and shows that the message being put forth by the RIAA is taking greater hold. Violating copyright is indeed illegal, but what constitutes that violation is more complex than simply burning CD's and selling (or giving) them to other people. The message they're pushing is that it's always wrong, and that message is getting through.
Yeah, I really don't know what he's talking about either. In the USA, usually you buy your ticket and then somebody checks it and possibly rips it in half before you go and sit down in the theater. Depends on the theater, I suppose, and on low traffic days I've been to places that don't have ushers ripping tickets, but usually checking the ticket is the case here too.
If you put a bag of popcorn in a 1000w microwave it takes _at least_ 4 minutes till the kernels stop popping. any less and you are really wasting kernels. you can probably see a bunch at the bottom of the bag. i would make a poit of checking next time.
The popcorn button on my microwave ends up putting a time on the display of about 1:40 or so, and I usually get very, very few unpopped kernels, on the close order of 20, I think.
I don't know the wattage offhand, but there's no need to check the bag; I dump the contents into a bowl for subsequent consumption.:)
If waiting 2,5 minutes for a film to start seems unbearable to him, should he even be watching TV?
2.5 minutes. That's 150 seconds. Try something: Sit there and count off 150 seconds. That's rather a long freakin' time to be waiting for a video to start, no? It takes less time to make a bag of microwave popcorn.
Really, waiting 2.5 minutes isn't the problem, it's waiting 2.5 minutes when you know that it's totally pointless that's really annoying.
Slashdot Mirror
The gist of sending money from the phone appears to work like this:
1. You text message them or call an 800 number and tell the system to send money to another phone number.
2. The system calls you back and asks you for a PIN for confirmation. You put in the PIN.
3. Money gets sent.
Activating the service to work from your phone in the first place requires a) A paypal account, and b) for you to do the whole PIN confirmation thing once to get the idea of it and make sure that you have the phone and that they can contact you and so forth.
Of course, somebody could probably spoof a text message from you to send money to themselves, but it would then call you back and ask for your PIN to confirm.
Vigilantism is still against the law in this case.
Fuck the law. The law is not working to solve the problem. And until it does, other measures must be taken.
Despite the popular saying, two wrongs CAN make a right.
Computer tampering is computer tampering.
Amazingly enough, it's not. There is a difference between actively patching somebody's computer and popping up a message saying "your shit is broken, do you want to fix it (yes/no)?"
The law may not recognize that difference, but like I said before, fuck the law.
The solution to this problem is to put a few of these guys in jail. The solution is for the feds to get off their goddam lazy asses and prosecute these people.
Waiting for the "feds" to get off their asses and get some shit done is all well and noble and civilized, but oddly enough, it means shit doesn't get done until they actually do that. And there's really no sign of them doing it anytime soon.
And on another note, imposing punishments for crime usually does not deter other would-be criminals. If it did, there'd certainly be no more filesharing services out there, now would there? Hell, just look at how many speeding tickets there are written every day...
You don't poke around in someone's compromised computer, for good or evil.
It's one thing to actually "poke around". It's another thing to send a "shutdown" command to the entire botnet.
From shadowserver Mission Statement:
Shadowserver is NOT
A vigilante group
A "hack the hackers" group
Ah. So they're totally ineffective and useless then. Thanks for the clarification.
I didn't say to actually update the thing. Just make it pop up the website. Let the user run his own update. There's a difference between throwing suggested courses of action in the users face and taking that action for yourself.
Yes, doing so would be against the law too. Well, you know what? Fuck the law. The law isn't solving the problem. The law is never going to solve the problem. People keep bitching that users are not fixing their shit, and this is true, so I suggest that instead of trying all this legal and proper bullshit, that you get in the user's face about it. Emailing people to tell them their computer is fucked is not going to work.
The reason that the exploits are effective are because the users don't care enough to patch their shit and the only way to solve it is to make it so annoying to not patch their shit that they will actually go and do it.
I'm not saying to do it for them. That would be going too far. But there are other means available than actually modifying their computer. If they're owned, then they should be told. If you can disable a botnet, then you should do so. Letting it run and fucking over half the planet with the spam it's sending out just so you can work your ass off to get the law to do something about the spammer, when the law could not care less about whole fucking thing, well, that's just not a real good fucking solution, is it?
The system is broken. Working through a broken system doesn't get shit done. If you want to call it vigilantism, well, then you're missing the point of what I'm saying, but so be it.
A "decent" bot wouldn't run code handed to it unless the executable was cryptographically signed with a private key matching the public key it knows belongs to its One True Beloved Master.
No, that would be a "well-designed" bot. Most botnets are being controlled by script-kiddies running code that they didn't write or possibly even read. Half of them wouldn't be able to pronounce "cryptography", much less use it.
I would imagine fear of the law and getting suied or thrown in jail.
So, here's a clue: Don't tell anybody you did it.
I mean, really. Make a popup or something that says you've been infected to the users, or better yet, just have the bot kill itself quietly and not do anything else. No need for it to be damaging, it's enough to have the bot just stop running and kill it's own restart sequence. Voila, instant botnet death.
Hell, maybe it's a normally available patch that just hasn't been applied, in which case opening Windows Update in a browser window might be enough to get the user to apply the patches, thinking that Windows did it itself, like it's actually prone to do sometimes.
I can think of dozens of ways to avoid prosecution. Hell, this guy has a hard enough time getting the botnet OWNER in trouble, injecting a few commands into the network that you know will do some good and not do any actual harm should be freakin' trivial.
The first rule of not getting in trouble is not getting caught.
FTA: "I know many users within my former organization who felt that anti-virus and spyware scanning would save them," Di Mino said. "However, now I see how many malicious files tied to major botnets remain undetected" by the most popular anti-virus programs.
So WTF? Why is he not forwarding these files on to the major anti-virus vendors like the good netizen he claims to be? ALL of the major vendors have submission mechanisms and are glad to work with researchers to detect this sort of thing. Is this guy sitting on his hands or what?
Things don't get better until people MAKE them get better.
First, if you can access the botnet to the degree at which this guy claims to be able to do, then you can take control of it. And with any decent botnet, you can make the things run arbitrary code. With only minor analysis of the bot, you could make the entire network self-destruct without too much difficulty. Have it kill it's own startup on reboot sequence, then have it create a new RunOnce to delete it's own executable on reboot. Then shut down or force a reboot or just pop a message up on the screen telling the user he's been infected. As soon as somebody notices they'll likely reboot and possibly install updates and patches to their bloody machine.
This is less risky than the obvious angle of simply patching the box so it can't get infected, because you know that the bot is not supposed to be running on the machine in the first place. Patching the box might go bad or have other unknown consequences, but having the bot kill itself is not nearly as bad. And by possibly informing the user of the facts, you can still scare them into patching their box. Screw shutting down the botnet owner's connection, shut down the botnet itself. Take away their tool in one swift stroke. Make 'em have to build a new one, hopefully from a whole new set of boxes.
Why should we trust google?
:D
If you honestly consider what websites you visit to be some kind of major secret, then by all means, don't use these sort of extensions.
Me, I don't much care who knows what websites I go to. It's just not a major secret that I read slashdot and digg and a few other online forums and such.
As for porn... dude, porn websites are so late 90's. Go retro with usenet!
See here: http://www.google.com/tools/firefox/safebrowsing/
It basically checks websites you visit against its database and tells you if they are considered dangerous or what have you.
The best part of that episode is that, when it first aired, I know that the narrator said "East Kentucky family" and everybody thought it was answered. Then they actually changed than line before releasing the episode into syndication, and now it says "Southern Missouri family". I thought that was a beautiful example of the writers messing around with the uber-fanboy crowd. :)
And your comments seem to completely ignore the whole fact that the entire thing is about the fact that whoever controls a server can deny access to whoever the hell they want.
Of course you can. However, you need to recognize that you are responsible for your actions and that there are circumstances where you will be held accountable for them.
For example, if you were, say, Amazon.com, and you intentionally stopped serving pages to some ISP, then that ISP might sue you. You've intentionally tried to damage that ISP by your actions.
Look at it from the ISPs point of view. Somebody on their network portscanned you, so you respond by blacklisting the ISP. The ISP didn't portscan you, so you've taken action against them without cause. They *do* have a case.
Here's the thing... for most people that this will actually impact, it will simply make it harder for AOL users to use whatever your service is.
AND THAT'S THE GOAL.
AOL has fallen on hard times recently. The "walled garden" isn't holding the users in like it used to. AOL users have come to consider that AOL = the internet, for the most part, and lots of them are using AOL as a more normal, but particularly expensive and annoying, ISP.
But that's not retaining existing customers. Once an AOL user finds out that signing up with a more traditional ISP is not only cheaper, but actually provides a far better service, then they tend to switch. AOL subscriber numbers have been dropping for ages now.
AOL wants to stop, or at least slow, that. And that's why they are going to this service. By degrading the rest of the internet to their users, they hope to make their walled garden seem better by comparison. If AOLers have problems with the internet services delivering email to them, then they will tend to blame the service itself, not AOL.
People complaining that this will make things harder for them are missing the point. It's supposed to make things harder for you. Hard enough to make you give up on supporting AOL users. This gives AOLers a bad impression of the rest of the network and keeps them in their walled garden.
Your comments do not take into consideration the original topic we were discussing at all. Re-read the parent post, and the grandparent, and ye even unto that of the great-great-grandparent before spouting off completely irrelevant material.
In other words, I could answer you, but it would not be worth my time as I never said anything you seem to think I did in the first place. Thank you, come again.
As for the first part -- yes, but it still came from the ISP's network, and how can the admin know that more isn't coming? It's a defensive move, and I really can't blame them if they get aggressive scanning coming out of a network and have no idea if something worse is about to hit. So yes, I can see that kind of reaction happening.
I can understand the reaction as well. I'm not saying it's wrong or anything like that. I'm just saying that in this day and age, doing that sort of thing can be a legal problem, not just a technical one.
You may be breaking some contracts if you do that sort of thing, or you may be breaking the actual law. Or not. Depends on your jurisdiction and interpretation. But regardless, you can be sued for anything, and in this particular instance, there's absolutely no guarantee that you will win. It would take lawyers and time and money as well.
Regardless, it's not as simple as just saying "my server, my rules" anymore. Back before law actually cared about the network, then yeah. But times have changed, man. Recognize the fact. Adapt.
For what? Slamming the door shut in their face when they decided to rattle the lock? Again, private property, what the property owner says goes. If they didn't want to be banned, maybe they shouldn't have gone stirring up trouble, huh?
The ISP didn't "rattle" anything, as user at the ISP did.
Blocking access to a single website or a single network isn't exactly the same thing as blocking users' email since the users have no control over the block, but the users DO have control over what websites they visit. Users have an expectation that email will always work, but they have no expectation that all web sites will always work.
Sorry, but email is not substantially any different than a web site in terms of providing a service. I'm under no obligation to accept your email, nor am I under any obligation to let you access my website. Same rules apply to both.
(Just playing devil's advocate here, I do not actually think that any of what I'm about to say is morally right in any way.)
Since when did allowing someone to access my web server become a right instead of a privilege that I specifically grant and can take away from anyone I choose at any time?
It happened the moment you decided to offer access to the public at large.
Let's try an example: Can shopping malls expel people for being black?
Not at all similar, you say? Too racial? Okay, try this one instead: Can shopping malls expel random people for no reason whatsoever?
The answer to both of those, BTW, is no. Despite the fact that it's private property, it's nevertheless considered a public area because the public is granted admission. The owner can eject somebody for cause (making a scene, acting inappropriately, etc), but he cannot eject random people for no reason at all.
Now, the mall *can* eject people for being black or just at random, but then they are setting themselves up for a lawsuit that they might lose.
Similarly, while you'd be well within your rights to block anybody you like for any reason you like, if you do it without cause, then you're setting yourself for a lawsuit that you might lose. Blocking an entire ISP because of a single user of that ISP portscanning you is a shotgun approach. It causes financial damage to that ISP. Now, assuming that the ISP notices and cares, then yeah, they could probably sue you for it and they might even win.
Take the controversial issue of spam blocking for another example. Consider the MAPS service. They publish lists of ISP's they don't like for being friendly to spammers. Other people/ISPs use these lists to filter email from these ISPs out. Result: MAPS has been ordered by courts to remove some of these ISPs from their lists when the ISP sued the MAPS people. This has happened on a number of occasions. Now, is it MAPS right to make these lists in any way they see fit? The obvious answer is yes, however if in making these lists they can knowingly cause damages to ISPs (and since their stated *goal* is to financially damage ISPs in order to make them eject the spammers, they can't really argue otherwise), then some courts have said that they are liable for their actions in that respect.
Is it right? Well, that's debatable. But it is what it is, and the grandparent was correct, you are not guaranteed to win a suit in such a circumstance.
Do girls really only become women in the US at 18 but in most of Europe at 16? 14 in the Netherlands?
In the US, age of consent is left up to the individual states, and it varies from state to state. It's rarely set as high as 18. Most states have it at 16, actually, some have it at 17. A few have it as low as 14.
The Secret Service was created in 1865 in order to combat counterfeit currency. They expanded to include fraud against the government just a few years later.
The Secret Service didn't have anything to do with protecting the President until 1894, and that wasn't actually official until 1902.
From a law enforcement perspective, yes, it is a great difficulty.
Let's say I'm selling Firefox CD's and the cops arrest me, take my computer, take my CD's, publicize information that I'm a thief, yada yada yada. Now the Mozilla foundation rings up and says "hey, that's totally okay with us".. Suddenly not only am I vindicated, but I've got one hell of a good counter-lawsuit against the city.
It's a huge pain in the ass to verify that what somebody was doing was, in fact, illegal before actually arresting them for it. This is something that cops, very generally, don't do. They leave that to lawyers and prosecutors and such.
So in order to prevent wrongful arrest lawsuits against the city, lawyers and prosecutors tend to dumb the law down so that your average cops can understand it. They don't really need to know every single detail, just enough to tell them when to arrest somebody or not.
If you find somebody blatently selling burned CD's, how do you know if they're doing something legal or something illegal? If you have to actually look at the software they are selling and then contact the makers of that software (or find their statements online) before actually shutting the guy down, then yeah, that's a huge pain in the ass. You can't go by the license files the guy himself is giving you (he could be lying), and you can't go by what some random webpage says (it could also be a lie). You need a confirmed truth from the copyright holders mouth before they even take action in the first place.
This basically means that they'll have to know common open source packages, whether selling them is okay, etc, etc. It means a much more difficult training program, it means a much more complex set of guidelines to follow in determining whether or not they should take action against somebody. They have to distill all this information down into what are the possible crimes that can be committed so that the people actually enforcing can understand these things. And yeah, that's a huge pain in the ass.
Oh, and BTW, it's a GOOD thing that it's a huge pain in the ass, because it means that most of these bullshit IP laws will end up going unenforced. That's always nice.
Well, I would argue that they shouldn't be enforcing this sort of thing in the first place, but if they're going to be expected to enforce it, then yes, I agree that they need training and such on enforcing it properly.
This is one of the most asinine things I've heard in a long time! Just because one piece of software says that it can be distributed even though it's free does not mean that suddenly anti-piracy legislation is unenforceable!
I don't disagree with you that it's asinine, but you have to understand it from their point of view.
The word is coming down from on high to start policing copyright infringement, because some politicians are getting paid by the RIAA (or the UK equivalent). So government kicks into action to try to police that sort of thing. They encounter somebody burning copies of software and selling those. This is an instant red flag to them. Then they come to find out that not only is it totally legit, but actually encouraged.
In their mind, this makes the main thing they're looking for suddenly not always illegal. They don't know the license on each and every piece of software or other copyrighted material. They are looking to do their job in the easiest way possible. They were thinking somebody selling burned CD's = illegal. They were operating on that assumption. Now they are told that they must actually verify what's on those CD's and the licensing terms.
The "virtually unenforcable" is the giveaway line here. It's still perfectly enforcable, this woman just found out that it's not easy to enforce. They could see two people selling burned CD's, and one of them is legal while the other is not. The actions, on the surface, are identical, now they actually have to do work to determine legality.
It's a simple failure of comprehension of the task that they have been asked to do. They thought it was simple, but it's not, and they're understandably in shock at that fact. Okay, you and me understand copyright, and we knew this from the beginning, but this person clearly didn't. That is the disturbing part, and shows that the message being put forth by the RIAA is taking greater hold. Violating copyright is indeed illegal, but what constitutes that violation is more complex than simply burning CD's and selling (or giving) them to other people. The message they're pushing is that it's always wrong, and that message is getting through.
Yeah, I really don't know what he's talking about either. In the USA, usually you buy your ticket and then somebody checks it and possibly rips it in half before you go and sit down in the theater. Depends on the theater, I suppose, and on low traffic days I've been to places that don't have ushers ripping tickets, but usually checking the ticket is the case here too.
If you put a bag of popcorn in a 1000w microwave it takes _at least_ 4 minutes till the kernels stop popping. any less and you are really wasting kernels. you can probably see a bunch at the bottom of the bag. i would make a poit of checking next time.
:)
The popcorn button on my microwave ends up putting a time on the display of about 1:40 or so, and I usually get very, very few unpopped kernels, on the close order of 20, I think.
I don't know the wattage offhand, but there's no need to check the bag; I dump the contents into a bowl for subsequent consumption.
If waiting 2,5 minutes for a film to start seems unbearable to him, should he even be watching TV?
2.5 minutes. That's 150 seconds. Try something: Sit there and count off 150 seconds. That's rather a long freakin' time to be waiting for a video to start, no? It takes less time to make a bag of microwave popcorn.
Really, waiting 2.5 minutes isn't the problem, it's waiting 2.5 minutes when you know that it's totally pointless that's really annoying.