They don't need an act of congress; they just need to chip away at the DMCA safe harbor through legal challenges that existing search engines
are complicit with infringement due to not using industry-standard algorithms as a policy of deterring infringement, such as Disney's patented algorithm.
Good luck with that, the People most likely to get campaign material are people who actually vote and the people most likely to vote this year are the people who voted last election.
I would call this a privacy violation. I didn't opt in to receive any of this spam.
This could be handled simply: No unsolicited personalized direct mail to voters. Appoint an administrator to allow candidates to pay a specified flat fee to include a flier in a monthly mailing for the 3 months before an election day to all registered voters who have opted in.
Voters who wish to receive further messages from a candidate may send in a reply form.
A list of who voted does need to exist to some extent. Otherwise it becomes too easily possible for some entity to start casting votes for other people or dead people without much risk of getting caught
I agree with the record being public; However, there should be a terms of use. It should not be simply freely available for all uses without restriction --- it should be available for on-premises review by any member of the public who signs an agreement but no note-taking, information extraction, disseminating or copying the information without filling out an application, showing a legitimate use, and providing a surety bond to protect the information and use only as approved.
Generating marketing or campaign materials based on names in the list or voting rosters or republishing names should be strictly prohibited.
Taking publicly-available information, then releasing it to the public, can't damage you. The information is already public.
It depends on context. It is possible that there are ways they could republish details gathered from public records which would be damaging.
For example; it may be technically public, however, individuals do not ordinarily disseminate the information. If their actions "advertised" or made the information more easily accessible, then it would still be a damaging intrusion.
If they contact your neighbors or employers, provide a website with clickable links to your neighbors and easy search lookup, Tweet to your followers, or send messages to your Facebook friends, then they have actually taken additional actions which are defamatory and call undue attention to the records, which is intrusive, and there may be compensating damages to be recovered, if financial loss results, such as an employee being fired because they learned through Twitter that their Employee failed to vote.
How is this really any different than requiring you to surrender a key to a locked filing cabinet?
The key is a physical piece of property just like your physical phone which can be lawfully seized.
Technically isn't your fingerprint also information which is stored outside your brain?
Your fingerprint is information, BUT the application of your fingerprint to indicate your approval is
a kind of signature, just like if you can't write, going to the bank, and using your fingerprint to approve a withdrawl is a form of validation.
The police have a gather information which constitutes your fingerprint, BUT they have no right to severe your finger, or to use their access to the information to impersonate you such as by using the information to defraud another person or service that they are you.
Same deal if you have a signature stamp which allows you to approve documents by applying a stamp; the police can seize the physical asset, but they have no right to pretend to be you and apply the signature stamp to a document advising your personal lawyer to take some action, such as drop the case, or produce a recording of your private session.
Also.... your iPhone has a built-in signature verifying device, and they have no right to forge your personal signature to impersonate you and cause your Apple product to take some action.
So I thought it might be instructive to turn the question around and ask the membership about what makes SysVInit or Upstart good.
There, fixed it for you.
Post each new Nice Thing as a new post, not as a reply to another post.
CHECK.
Nice thing about SysV Init: It is simple, just works, and the project adheres to the unix philosophy.
There is no NTP client software in the package, there is no DHCP client software in the package, there are rarely updates to the SysVInit or Upstart projects themselves, and updating doesn't require a reboot.
Only one concrete Nice Thing about SysVInit/Upstart per base-level post.
Not "for free". Settlement Free Peering is based on a mostly balanced flow of traffic. The instant that ratio moves from 1:1 to 100:1.... "free" isn't in the room anymore.
And THIS is what makes them not common carriers; ISPs can do this. In the Telco world, interconnect fees are required to be symmetric, for example: if the agreement is that charges carrier A $0.05 per call record to terminate onto carrier B's network, then it must charge carrier B $0.05 a call to terminate onto carrier A's network, it's not allowed to charge carrier A $0.05 per call and give carrier B free service into carrier A's network.
An interconnect agreement cannot be terminated or repriced to favor specific networks, just based on the ratio of calls in or out.
That would have zero impact. This is like the telephone company in city A have 96 channels to the telephone company in city B, but then 100 people try to make calls. Only some of them will go through, and that's a capacity issue, not regulated by Common Carrier status.
That's not the scenario. It's not capacity between cities, in this case, it is capacity between networks.
The problem is they are discriminating against some networks and refusing to build capacity at the same time
as they are building capacity to other networks for free; that's not a common carrier.
A telco expands capacity based on utilization, and in building more capacity to other networks in the same area:
it's not a case of some networks get capacity built to them for free and some have to pay, it's..... each telco
pays their own costs to build that capacity needed by their customers AND asymmetric usage is settled through the USAGE fees
associated with LD termination on each call.
P.S. Alternatively, the information can be uploaded in encrypted format + Base64 to places such as Pastebin, or Freenet, or other massively distributed publication platform.
The card can then contain just a few 40-character URLs followed by 512-bits worth of cryptocurrency wallet addresses.
Then a couple of 256-bit decryption keys for the coded messages and the rest of the card can be used for a list of randomly generated initialization vectors that will be used for further encrypted messages.
So the website can contain an arbitrarily large amount of information which can then be decrypted using the data on the card.
Also, additional information can be added later by creating a spend transaction to one of the cryptocurrency addresses listed on the card, and publishing the information in the public blockchain, but on the public blockchain the text can be encrypted with the key and one of the initialization vectors on the card can be used. More random initialization vectors and additional addresses and crypto keys required to be provided inside each Nth encrypted message uploaded to the blockchain.
As long as they're going to build and provide plugins for the common use cases, who cares?
It could be pretty cool.
Sounds like a more flexible architecture if they can support multiple package systems.
On the other hand, it might just be unneeded complexity. Frankly, in a lot of places I like things that are
SIMPLE, Reliable, and Fast. I prefer programs that do one thing well and work with other programs using standard text-based communications to meet the rest of needs instead of attempting to accomadate every possible use case within one piece of software ----- a plugin architecture with proprietary interactions is not necessarily "working well" with other programs; it's kind of the opposite idea, expanding one program with addons.
It makes sense for a PACKAGE system to support multiple kinds of storage repositories,
like Yum or APT does.... you can have your CD-based Repos, FTP based Repos, and private mirrors.
I'm not sure it makes sense for a package management system to support arbitrary backend plugins.
Let's change that up slightly, to use 3715 bits out of the 7104 available, approximately 50%:
E-mail address = 40 bytes
Social Security Number binary encoded - 9 digits = 29 bits.
Health Insurance Provider Name - 16 alphanumeric characters = 12 bytes
Health Plan ID - Encoded 6 bits per symbol 8 symbols = 48 bits.
ZIP CODE of City of birth = 15 bits
GPS Latitude and Longitude of current primary workplace (two 32-bit floats) = 64 bits
Employer company name - 16 alphanumeric characters (encoded 6 bits per character) = 12 bytes
Driver's License Number - 10 digits = 32 bits.
Driver's license State (number from 00 to 49)= 6 bits
Driver's license Expiration date (Number of days Since Jan 1, 1970) = 15 bits
Current vehicle license plate 9 alphanumeric characters (encoded 6 bits per character) = 54 bits
Current vehicle VIN number 17 alphanumeric characters (encoded 6 bits per character) = 102 bits
Job Title - 16 alphanumeric characters = 12 bytes
Annual Income in US Dollars - 1 to 14 digits = 47 bits
Mother's maiden name (max: 20 characters) = 15 bytes
Date of birth = 15 bits
Telephone number with area code - 10 digits = 34 bits
Full name - Encoded using 6 bits per character, Uppercase alphabetic characters, digits, spaces, field separator, and NULs only 50 characters = 37 bytes
ZIP CODE of Previous residence = 15 bits
Date moved into current residence = 15 bits
ZIP CODE of Current residence = 15 bits
GPS Latitude and Longitude of current residence (two 32-bit floats) = 64 bits
Street name and house number of current resident Address (6 bits per character ) = max 20 bytes
No... that was just Theo's excuse. He called OpenSSL's memory allocation strategy an "exploit mitigation countermeasure."
Actually, that was just a side effect, and what OpenSSL does that "counteracted" the defense is extremely common in software and software libraries.
It's also generally a good idea as far as performance is concerned ---- and with a library such as SSL which needs to process network traffic (HTTPS, for example); adequate performance is pretty darned important.
They run the plate and get the vehicle description. If it matches, odds are its not stolen or switched plates. If it doesn't match, they boot it or tow it.
Towing requires time and dispatch of the proper equipment. They'll probably just find the VIN somewhere else or break in in some manner.
If it's switched plates and they boot it, the boot can likely be removed in about 2 minutes by picking the lock then using a standard ratchet + spark plug socket. Clamps could also be taken off pretty quickly with a hand drill and a $1.00 grinding wheel or a hammer and chisel to cut through some spot welds in the design of these things, but the city authorities might try and bring up some bullshit about "damage" to city property that had to be done by the owner in order to expeditiously recover the essential use of their vehicle.
I'd have a hard time finding it. It'd require me to read the car manual to check on the location of it.
The police know where the manufacturers put the number, which include some additional locations outside and beneath the vehicle which can be read with a flashlight or optically scanned.
But they are all less convenient for the officer than looking down at the dash, or forcing entry to read it off the door frame or pop the hood to read one of the plates off the engine block, major vehicle components, or one of the other dozens of locations where extra hidden VIN plates are placed.
Perhaps because, in the USA, don't you physically change the licence plate every year?
No.... the plate is easily removable, and someone could steal it or swap an incorrect or forged plate there,
but every year or 2 years you get a new special little sticker to attach to a corner your plate to show the new registration expiration date.
They'll just break out the drill if you make it too hard to pick quickly. Or the screwdriver. It's amazing what a long-handled flat-bladed screwdriver will do to your average pin/wafer tumbler lock...
I suggest the use of a lever tumbler lock design with some defense of the lock surface using hard plate steel containing tungsten-carbide chips, randomization of placement, and false drill points where an entering drill will pierce a pressurized bladder triggering separate re-locking mechanisms to prevent the car from being started or the door from being opened.
Obstructing VIN = Violation of the law, possible Ticket.
Sufficient probable cause for police to force entry into the vehicle to investigate.
Suspicion of car theft, may result in you being detained.
"Any person who, individually or in association with one or more others, knowingly removes, changes, alters, or conceals any motor number, serial, or other identification number, decal or device affixed to a motor vehicle, trailer, semitrailer or motor vehicle part as required by federal law without the consent of the Department, shall be guilty of a Class 6 felony."
The problem is lost keys. There has to be a mechanism for an automotive dealer or manufacturer to replace lost keys, and it has to function without the original key.
No there doesn't.... they can have a frickin' lock control module mated to the keys which must be physically removed and replaced with a new unit paired to new keys, like various manufacturers have been doing with the immobilizer chips since the 2000s.
The "recovery" mechanism should involved forced entry.
Alternatively... a backup traditional lock on the trunk or a door that can be picked by a qualified locksmith but requires such skill that no ordinary thief could achieve it.
The only reason for needing to know if the police are nearby is if one is a criminal and/or thinking of doing something criminal.
False. This is nothing more than an assumption or your opinion stated as if it were a fact. Someone might want to do something that is perfectly legal, but may be perceived as suspicious or likely to draw ire of the police.
They might also want to know when police are operating nearby so they know to pull out their camera phone and look for something interesting.
They might also like to know what areas police are frequenting, so they can stick to those areas for their protection against thugs,
or avoid those areas for protection against vigilante police thugs.
If using DuckDuckGo, then maybe you'll be presumed to have had something to hide; therefore, you automatically lose the action.
Such is the way of tyrannical systems which don't respect personal privacy...
They don't need an act of congress; they just need to chip away at the DMCA safe harbor through legal challenges that existing search engines are complicit with infringement due to not using industry-standard algorithms as a policy of deterring infringement, such as Disney's patented algorithm.
Good luck with that, the People most likely to get campaign material are people who actually vote and the people most likely to vote this year are the people who voted last election.
I would call this a privacy violation. I didn't opt in to receive any of this spam.
This could be handled simply: No unsolicited personalized direct mail to voters. Appoint an administrator to allow candidates to pay a specified flat fee to include a flier in a monthly mailing for the 3 months before an election day to all registered voters who have opted in.
Voters who wish to receive further messages from a candidate may send in a reply form.
A list of who voted does need to exist to some extent. Otherwise it becomes too easily possible for some entity to start casting votes for other people or dead people without much risk of getting caught
I agree with the record being public; However, there should be a terms of use. It should not be simply freely available for all uses without restriction --- it should be available for on-premises review by any member of the public who signs an agreement but no note-taking, information extraction, disseminating or copying the information without filling out an application, showing a legitimate use, and providing a surety bond to protect the information and use only as approved.
Generating marketing or campaign materials based on names in the list or voting rosters or republishing names should be strictly prohibited.
Taking publicly-available information, then releasing it to the public, can't damage you. The information is already public.
It depends on context. It is possible that there are ways they could republish details gathered from public records which would be damaging.
For example; it may be technically public, however, individuals do not ordinarily disseminate the information. If their actions "advertised" or made the information more easily accessible, then it would still be a damaging intrusion.
If they contact your neighbors or employers, provide a website with clickable links to your neighbors and easy search lookup, Tweet to your followers, or send messages to your Facebook friends, then they have actually taken additional actions which are defamatory and call undue attention to the records, which is intrusive, and there may be compensating damages to be recovered, if financial loss results, such as an employee being fired because they learned through Twitter that their Employee failed to vote.
How is this really any different than requiring you to surrender a key to a locked filing cabinet?
The key is a physical piece of property just like your physical phone which can be lawfully seized.
Technically isn't your fingerprint also information which is stored outside your brain?
Your fingerprint is information, BUT the application of your fingerprint to indicate your approval is a kind of signature, just like if you can't write, going to the bank, and using your fingerprint to approve a withdrawl is a form of validation.
The police have a gather information which constitutes your fingerprint, BUT they have no right to severe your finger, or to use their access to the information to impersonate you such as by using the information to defraud another person or service that they are you.
Same deal if you have a signature stamp which allows you to approve documents by applying a stamp; the police can seize the physical asset, but they have no right to pretend to be you and apply the signature stamp to a document advising your personal lawyer to take some action, such as drop the case, or produce a recording of your private session.
Also.... your iPhone has a built-in signature verifying device, and they have no right to forge your personal signature to impersonate you and cause your Apple product to take some action.
This is like being required to sign your name.
The security feature on your phone is designed to not unlock unless you signify approval.
Giving up a key or DNA sample is not signifying your approval; it's just surrendering information which is stored outside your brain.
So I thought it might be instructive to turn the question around and ask the membership about what makes SysVInit or Upstart good.
There, fixed it for you.
Post each new Nice Thing as a new post, not as a reply to another post.
CHECK.
Nice thing about SysV Init: It is simple, just works, and the project adheres to the unix philosophy. There is no NTP client software in the package, there is no DHCP client software in the package, there are rarely updates to the SysVInit or Upstart projects themselves, and updating doesn't require a reboot.
Only one concrete Nice Thing about SysVInit/Upstart per base-level post.
CHECK
Not "for free". Settlement Free Peering is based on a mostly balanced flow of traffic. The instant that ratio moves from 1:1 to 100:1 .... "free" isn't in the room anymore.
And THIS is what makes them not common carriers; ISPs can do this. In the Telco world, interconnect fees are required to be symmetric, for example: if the agreement is that charges carrier A $0.05 per call record to terminate onto carrier B's network, then it must charge carrier B $0.05 a call to terminate onto carrier A's network, it's not allowed to charge carrier A $0.05 per call and give carrier B free service into carrier A's network. An interconnect agreement cannot be terminated or repriced to favor specific networks, just based on the ratio of calls in or out.
Since when were fibre cables, $20000 optics, Switch ports, and 40-Gigabit port licenses free when the link is turned off?
That would have zero impact. This is like the telephone company in city A have 96 channels to the telephone company in city B, but then 100 people try to make calls. Only some of them will go through, and that's a capacity issue, not regulated by Common Carrier status.
That's not the scenario. It's not capacity between cities, in this case, it is capacity between networks. The problem is they are discriminating against some networks and refusing to build capacity at the same time as they are building capacity to other networks for free; that's not a common carrier.
A telco expands capacity based on utilization, and in building more capacity to other networks in the same area: it's not a case of some networks get capacity built to them for free and some have to pay, it's..... each telco pays their own costs to build that capacity needed by their customers AND asymmetric usage is settled through the USAGE fees associated with LD termination on each call.
P.S. Alternatively, the information can be uploaded in encrypted format + Base64 to places such as Pastebin, or Freenet, or other massively distributed publication platform.
The card can then contain just a few 40-character URLs followed by 512-bits worth of cryptocurrency wallet addresses.
Then a couple of 256-bit decryption keys for the coded messages and the rest of the card can be used for a list of randomly generated initialization vectors that will be used for further encrypted messages.
So the website can contain an arbitrarily large amount of information which can then be decrypted using the data on the card.
Also, additional information can be added later by creating a spend transaction to one of the cryptocurrency addresses listed on the card, and publishing the information in the public blockchain, but on the public blockchain the text can be encrypted with the key and one of the initialization vectors on the card can be used. More random initialization vectors and additional addresses and crypto keys required to be provided inside each Nth encrypted message uploaded to the blockchain.
As long as they're going to build and provide plugins for the common use cases, who cares? It could be pretty cool. Sounds like a more flexible architecture if they can support multiple package systems.
On the other hand, it might just be unneeded complexity. Frankly, in a lot of places I like things that are SIMPLE, Reliable, and Fast. I prefer programs that do one thing well and work with other programs using standard text-based communications to meet the rest of needs instead of attempting to accomadate every possible use case within one piece of software ----- a plugin architecture with proprietary interactions is not necessarily "working well" with other programs; it's kind of the opposite idea, expanding one program with addons.
It makes sense for a PACKAGE system to support multiple kinds of storage repositories, like Yum or APT does.... you can have your CD-based Repos, FTP based Repos, and private mirrors.
I'm not sure it makes sense for a package management system to support arbitrary backend plugins.
Or just anonymizing the records as soon as no longer required.
However, 5 years is not very much time if they may need to investigate the possibility of fraudulent applications in the future.
They're late comers to this party: We already have community repos. Chocolatey and BoxStarter. Why would we need OneGet?
It's Internet Explorer vs Netscape all over again :)
Let's change that up slightly, to use 3715 bits out of the 7104 available, approximately 50%:
No... that was just Theo's excuse. He called OpenSSL's memory allocation strategy an "exploit mitigation countermeasure."
Actually, that was just a side effect, and what OpenSSL does that "counteracted" the defense is extremely common in software and software libraries.
It's also generally a good idea as far as performance is concerned ---- and with a library such as SSL which needs to process network traffic (HTTPS, for example); adequate performance is pretty darned important.
They run the plate and get the vehicle description. If it matches, odds are its not stolen or switched plates. If it doesn't match, they boot it or tow it.
Towing requires time and dispatch of the proper equipment. They'll probably just find the VIN somewhere else or break in in some manner.
If it's switched plates and they boot it, the boot can likely be removed in about 2 minutes by picking the lock then using a standard ratchet + spark plug socket. Clamps could also be taken off pretty quickly with a hand drill and a $1.00 grinding wheel or a hammer and chisel to cut through some spot welds in the design of these things, but the city authorities might try and bring up some bullshit about "damage" to city property that had to be done by the owner in order to expeditiously recover the essential use of their vehicle.
I'd have a hard time finding it. It'd require me to read the car manual to check on the location of it.
The police know where the manufacturers put the number, which include some additional locations outside and beneath the vehicle which can be read with a flashlight or optically scanned.
But they are all less convenient for the officer than looking down at the dash, or forcing entry to read it off the door frame or pop the hood to read one of the plates off the engine block, major vehicle components, or one of the other dozens of locations where extra hidden VIN plates are placed.
46.2-1074 https://leg1.state.va.us/cgi-b...
Perhaps because, in the USA, don't you physically change the licence plate every year?
No.... the plate is easily removable, and someone could steal it or swap an incorrect or forged plate there, but every year or 2 years you get a new special little sticker to attach to a corner your plate to show the new registration expiration date.
They'll just break out the drill if you make it too hard to pick quickly. Or the screwdriver. It's amazing what a long-handled flat-bladed screwdriver will do to your average pin/wafer tumbler lock...
I suggest the use of a lever tumbler lock design with some defense of the lock surface using hard plate steel containing tungsten-carbide chips, randomization of placement, and false drill points where an entering drill will pierce a pressurized bladder triggering separate re-locking mechanisms to prevent the car from being started or the door from being opened.
Keep your VIN number covered up.
Obstructing VIN = Violation of the law, possible Ticket.
Sufficient probable cause for police to force entry into the vehicle to investigate.
Suspicion of car theft, may result in you being detained.
The problem is lost keys. There has to be a mechanism for an automotive dealer or manufacturer to replace lost keys, and it has to function without the original key.
No there doesn't.... they can have a frickin' lock control module mated to the keys which must be physically removed and replaced with a new unit paired to new keys, like various manufacturers have been doing with the immobilizer chips since the 2000s.
The "recovery" mechanism should involved forced entry.
Alternatively... a backup traditional lock on the trunk or a door that can be picked by a qualified locksmith but requires such skill that no ordinary thief could achieve it.
The only reason for needing to know if the police are nearby is if one is a criminal and/or thinking of doing something criminal.
False. This is nothing more than an assumption or your opinion stated as if it were a fact. Someone might want to do something that is perfectly legal, but may be perceived as suspicious or likely to draw ire of the police.
They might also want to know when police are operating nearby so they know to pull out their camera phone and look for something interesting.
They might also like to know what areas police are frequenting, so they can stick to those areas for their protection against thugs, or avoid those areas for protection against vigilante police thugs.
Whatever