The EPA couldn't use published data from journals, academics, geological surveys, and other information where they have rights to access
Maybe this is an incentive for scientists to stop publishing in journals that want to keep their data secret that fundamentally makes science more open.
Perhaps next step should be a Law that federally funded public universities, When evaluating how qualified a professor or team is for hiring or retention or working on a government grant --- may not consider publications that appeared only in "closed journals" without free access to research datasets.
Things have improved a lot since then. You can compare that to the industrial hellholes that existed in the Soviet era or China's industrial binge.
I think if we roll back the last 20 years of ADDITIONAL EPA regulation and expansion, we should be good, and we won't be a hellhole. Trouble is the EPA SOLVED those problems it was created to solve, Then like all bureaucracies its leadership decided to keep expanding and make more and more rules beyond its original and appropriate scope. They're not being paid to keep donig exactly what they're doing... Any person who is acting as a Leader/Committee person sees their agency's role to be constantly doing more than what they've been doing.
Exactly..... It is brilliant that they finally require this of the EPA. Clearly, the next step should be to require ALL existing EPA regulation meet this bar or become invalidated on a specified date.
Also, this standard of rigor should be applied to other government regulators that purport to use Science, such as those wanting to restrict human activity based on supposed threats to a species or ecology, or, such as when the FDA wants to make decisions restricting the composition of foods, Or banning//revokingwitholding approval of a drug, etc.
"Sorry, unless some other team can reproduce the same cosmic ray event in their own detector.
This kind of research is Not used to write policy, also has a Much higher bar for scientific rigor than a medical study, such that the results of any medical study should have a higher level of doubt.
Also, particle physicists require 5 Sigmas of statisical confidence at a minimum. That is beyond feasibility for most medical research.... indeed, medical researchers are known to have to fudge things, such as by throwing out some data or abusive tactics like cherrypicking (that invalidate the theoretical foundation for the statistics) to get the results they want.
Common Science, medical science, corporate reports (wtf?) have nothing to do with the ENVIRONMENTAL Protection Agency.
The study of Medical science has something to do with How People are Harmed by negative environmental impacts necessary to show that certain environmental impacts are BAD for people.
CORPORATE REPORTS are Germane to some science, because private industry has done research or collected data.
I know for a fact they haven't "ALWAYS" required contributors to assign any rights. Even if they have, assignment without consideration may be non-binding.
Also, I'm fairly sure Eric Young and Hudson haven't assigned copyright to them, they're using the code in a commercial SSL library for $$$, after all.....
They don't have to "Sign it away to heirs". Copyrights automatically become property of their estate, Unless they put in a legal structure to explicitly donate that asset, and their heirs will ultimately direct the disposition.
They need to make such an assumption if they want to make progress as some people may no longer be reachable
Regardless of what is convenient for the project, the DEFAULT Under copyright is ALL RIGHTS RESERVED. The licensing for the contributions were not implicit.... OpenSSL contributions were made under a specific license https://www.openssl.org/source...
The license they put it under has a SPECIFIC statement Barring license changes: * The licence and distribution terms for any publically available version or
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
So then encourage as many authors as possible to write a Reply:
I Do Not consent at this time to the license change regarding my contribution Nor any derivative work, added, or modified versions thereof. Derivative work includes all code added or to the project after my contributions which extended any functionality on top of OpenSSL based on any derivative of my earlier code, Including any non-literal copying of design style, naming conventions, or other aesthetic and miscellaneous aspects of my work found in later contributions by other authors.
Basically two Extended 3-Part BSD licenses WITH Advertising Clause, therefore the Purists would claim they are GPL-Incompatible, and GPL Software should not link with OpenSSL --- Although I do not agree with that assessment. No issues linking to OpenSSL so long as you obey the terms of the OpenSSL license in the binary distribution of OpenSSL, and the GPL in the terms of the distribution of the software linking to openssl.
The ones that don't do much extra by policy don't qualify to have their root certificate included in browsers.
What do you mean by that? You suggested EV certs mean the CA sends boots on the ground and verifies the presence of your offices, But they don't.
In reality, what it means Is they ask you a series of questions whose answers will be checked using databases containing information gathered from public records.
Because OV certificates are the category you mention above, there isn't much extra qualification involved.
The CAs are not allowed to put in a Company Name they have not verified. They're basically just the same as the EVs. You upload some scanned documents, and then answer some questions, and you'll get either type of cert really quick, except the EV has an arbitrarily higher price tag.
Let's say, you entered paypal in Google and miraculously the second link leads to paypall.com
Wait.... Google lists a Fake website as Hit #2 in a search result, and people are ragging on LetsEncrypt? Clearly, the Search Engine is to blame here.
The way you safely access PayPal is DONT SEARCH FOR IT. you type http://www.paypal.com/ into your Browser address bar, AND you check the typing carefully before pressing enter.
Also, if you typo'd the website name, your browser should show an error page. And if you've ever visited www.paypal.com it should warn you that maybe you made a typo, before proceeding to access the different site.
Informational websites with no credentials do NOT need TLS, typically
Yes they do, if for no other reason than to protect visitors privacy against passive interception and tampering by their ISP.
Furthermore, websites such as Google search engine need TLS to avoid connections being hijacked by a malicious party and then used to phish attack against other Google.com/Same-origin properties
A CA issuing an EV cert IS expected to have "boots on the ground" physically verifying that the cert's applicant is who they say they are, has an office where they say they do, etc.
EV pretty much just means they paid extra, and the buyer is a company. Depending on which CA, there won't be much extra verification.
Also, there's another type of cert you didn't mention which are Organization-Verified Non-EV Certificates. For example: Amazon.Com has one, The certificate lists the company name "Amazon" as the company name on the cert instead of just a blank or "Domain Owner Verified" in the company name.
Although, for some reason Chrome does not show the company name on Organization-Verified certificates.
If the identity of the endpoint can't be verified, exactly how is it that MITM is prevented?
The purpose of these CAs is to Verify the Identity of the Domain Name for the purpose of establishing TLS connections. They verify DNS domain name Identity, Not Organizational Identity.
I.e. They verify the person who controls the Hostname authorizes the certificate, Not that the Hostname is owned by the company name and end user speculates the DNS domain name belongs to.
It is at best a Crapshoot that in theory the accident might have been avoidable.
"FAILURE TO YIELD" Accidents. Are almost always unavoidable by the party not at fault. They usually involve a car behind you plowing into your rear, because you stopped properly at a traffic light.
Until shown otherwise, Not at Fault means Not at Fault, the Uber did not cause the accident, and the AI is not responsible for it, period.
I don't believe the collision should turn up the temperature on the "Debate" about SDCs at all.
Perhaps also an effort to encourage Google to come back and offer these advertisers some discounted rates?
Chances are Google won't need to. I would bet that other companies will continue to buy those ad slots, regardless of what Walmart may do, now it may be true that the winning bids for those ads will be lower as a result of less competition from Walmart, etc, But this is all at Walmart's loss.
I would be willing to post solutions/answers on StackOverflow, If StackOverflow would generate revenue for me based on people viewing or using my solution.
The root certs in question were not widely deployed and were revoked long ago not that that excuses the CA from issuing them.
It could still be useful if someone were to extract them on one of the few deployments in existence..... Just because the cert has been "Revoked", does not mean people are not still running around with hardware or software that will trust it. Because many applications don't even bother to check for revocation, example: Firefox doesn't check CRLs, instead they have their own proprietary CRL service that only bothers with high-profile site names --- too much latency would be re-introduced by turning proper revocation checks back on.
In reality he probably just need to go to the court and get an injunction, probably the eBay sellers will just give up at that point, and not persist in wanting to sell the items, and fight the case.
This is true, but an enterprise with an infringed patent would likely find some kind of Copyright claim to make in order to file a DMCA letter. Then if the infringement claimed in the DMCA letter were disputed by the offender, the lawyers would bring up Both the copyright AND the counterfeit goods, trademark, and patent infringement issues.
That's pretty funny, since I'm looking at my last CenturyLink (telecom) bill and it contains a specific line item fee for "franchise at 3%."
Apparently my city can, and does, franchise the local telecom, despite this special "federal regulated" status they hold.
No..... For a Telecom, that is basically also what they call part of the basic permitting necessary for access to rights of way. FCC S-253 has allowed municipalities to impose their building codes, construction schedules, etc and charge a nominal fee to recover no more than their costs of managing the public right of way. The municipalities are not able to impose further obligations, For example, they cannot set out any questions or requirements about services, they cannot require financial information, They cannot make Approval or Denial based on the discretion of officials in the muncipality.
n Bell Atlantic-Maryland, Inc. v. Prince George's County, 49 F. Supp. 2d 205 (D.C. Md 1999)
Slashdot Mirror
in short creative works that are copyrighted, data is a collection of fact that is not copyrightable.
Your comment on Slashdot is a Datum in a collection of data called a database on Slashdot's servers, and it is copyrightable.
Also, yes, journals and scientific databases contain data, and their publishers restrict access and require licensing of usage.
The EPA couldn't use published data from journals, academics, geological surveys, and other information where they have rights to access
Maybe this is an incentive for scientists to stop publishing in journals that want to keep their data secret
that fundamentally makes science more open.
Perhaps next step should be a Law that federally funded public universities, When evaluating how qualified
a professor or team is for hiring or retention or working on a government grant --- may not consider
publications that appeared only in "closed journals" without free access to research datasets.
Things have improved a lot since then. You can compare that to the industrial hellholes that existed in the Soviet era or China's industrial binge.
I think if we roll back the last 20 years of ADDITIONAL EPA regulation and expansion, we should be good, and we won't be a hellhole.
Trouble is the EPA SOLVED those problems it was created to solve, Then like all bureaucracies its leadership decided to keep expanding and make more and more rules beyond its original and appropriate scope. They're not being paid to keep donig exactly what they're doing... Any person who is acting as a Leader/Committee person sees their agency's role to be constantly doing more than what they've been doing.
Exactly..... It is brilliant that they finally require this of the EPA.
Clearly, the next step should be to require ALL existing EPA regulation meet this bar or become invalidated on a specified date.
Also, this standard of rigor should be applied to other government regulators that purport to use Science, such as those wanting to restrict human activity based on supposed threats to a species or ecology, or, such as when the FDA wants to make decisions restricting the composition of foods, Or banning//revokingwitholding approval of a drug, etc.
"Sorry, unless some other team can reproduce the same cosmic ray event in their own detector.
This kind of research is Not used to write policy, also has a Much higher bar for scientific rigor than a medical study,
such that the results of any medical study should have a higher level of doubt.
Also, particle physicists require 5 Sigmas of statisical confidence at a minimum.
That is beyond feasibility for most medical research.... indeed, medical researchers are known to have to fudge things,
such as by throwing out some data or abusive tactics like cherrypicking (that invalidate the theoretical foundation for
the statistics) to get the results they want.
Common Science, medical science, corporate reports (wtf?) have nothing to do with the ENVIRONMENTAL Protection Agency.
The study of Medical science has something to do with How People are Harmed by negative environmental impacts necessary
to show that certain environmental impacts are BAD for people.
CORPORATE REPORTS are Germane to some science, because private industry has done research or collected data.
I know for a fact they haven't "ALWAYS" required contributors to assign any rights.
Even if they have, assignment without consideration may be non-binding.
Also, I'm fairly sure Eric Young and Hudson haven't assigned copyright to them,
they're using the code in a commercial SSL library for $$$, after all.....
Some contributors contributions may be so small they cannot actually claim copyright.
As usual: it depends.
They don't have to "Sign it away to heirs". Copyrights automatically become property of their estate, Unless they put in a legal structure to explicitly donate that asset, and their heirs will ultimately direct the disposition.
They need to make such an assumption if they want to make progress as some people may no longer be reachable
Regardless of what is convenient for the project, the DEFAULT Under copyright is ALL RIGHTS RESERVED.
The licensing for the contributions were not implicit.... OpenSSL contributions were made under a specific license
https://www.openssl.org/source...
The license they put it under has a SPECIFIC statement Barring license changes:
* The licence and distribution terms for any publically available version or
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
* [including the GNU Public Licence.]
*/
So then encourage as many authors as possible to write a Reply:
I Do Not consent at this time to the license change regarding my contribution Nor any derivative work, added, or modified versions thereof.
Derivative work includes all code added or to the project after my contributions which extended any functionality on
top of OpenSSL based on any derivative of my earlier code, Including any non-literal copying of design style, naming conventions, or other aesthetic and miscellaneous aspects of my work found in later contributions by other authors.
Basically two Extended 3-Part BSD licenses WITH Advertising Clause, therefore the Purists would
claim they are GPL-Incompatible, and GPL Software should not link with OpenSSL --- Although I do not
agree with that assessment. No issues linking to OpenSSL so long as you obey the terms of the OpenSSL license
in the binary distribution of OpenSSL, and the GPL in the terms of the distribution of the software linking to openssl.
https://www.openssl.org/source...
The ones that don't do much extra by policy don't qualify to have their root certificate included in browsers.
What do you mean by that? You suggested EV certs mean the CA sends boots on the ground and verifies the presence of your offices, But they don't.
In reality, what it means Is they ask you a series of questions whose answers will be checked using databases containing information gathered from public records.
Because OV certificates are the category you mention above, there isn't much extra qualification involved.
The CAs are not allowed to put in a Company Name they have not verified. They're basically just the same as the EVs. You upload some scanned documents, and then answer some questions, and you'll get either type of cert really quick,
except the EV has an arbitrarily higher price tag.
Let's say, you entered paypal in Google and miraculously the second link leads to paypall.com
Wait.... Google lists a Fake website as Hit #2 in a search result, and people are ragging on LetsEncrypt? Clearly, the Search Engine is to blame here.
The way you safely access PayPal is DONT SEARCH FOR IT. you type http://www.paypal.com/ into your Browser address bar, AND you check the typing carefully before pressing enter.
Also, if you typo'd the website name, your browser should show an error page. And if you've ever visited www.paypal.com it should warn you that maybe you made a typo, before proceeding to access the different site.
Informational websites with no credentials do NOT need TLS, typically
Yes they do, if for no other reason than to protect visitors privacy against passive interception and tampering by their ISP.
Furthermore, websites such as Google search engine need TLS to avoid connections being hijacked by a malicious party and then used to phish attack against other Google.com/Same-origin properties
A CA issuing an EV cert IS expected to have "boots on the ground" physically verifying that the cert's applicant is who they say they are, has an office where they say they do, etc.
EV pretty much just means they paid extra, and the buyer is a company. Depending on which CA, there won't be much extra verification.
Also, there's another type of cert you didn't mention which are Organization-Verified Non-EV Certificates. For example: Amazon.Com has one, The certificate lists the company name "Amazon" as the company name on the cert instead of just a blank or "Domain Owner Verified" in the company name.
Although, for some reason Chrome does not show the company name on Organization-Verified certificates.
If the identity of the endpoint can't be verified, exactly how is it that MITM is prevented?
The purpose of these CAs is to Verify the Identity of the Domain Name for the purpose of establishing TLS connections. They verify DNS domain name Identity, Not Organizational Identity.
I.e. They verify the person who controls the Hostname authorizes the certificate, Not that the Hostname is owned by the company name and end user speculates the DNS domain name belongs to.
It is at best a Crapshoot that in theory the accident might have been avoidable.
"FAILURE TO YIELD" Accidents. Are almost always unavoidable by the party not at fault.
They usually involve a car behind you plowing into your rear, because you stopped properly at a traffic light.
Until shown otherwise, Not at Fault means Not at Fault, the Uber did not cause the accident, and the AI is not responsible for it, period.
I don't believe the collision should turn up the temperature on the "Debate" about SDCs at all.
Perhaps also an effort to encourage Google to come back and offer these advertisers some discounted rates?
Chances are Google won't need to. I would bet that other companies will continue to buy those ad slots, regardless of what Walmart may do, now it may be true that the winning bids for those ads will be lower as a result of less competition from Walmart, etc, But this is all at Walmart's loss.
I would be willing to post solutions/answers on StackOverflow,
If StackOverflow would generate revenue for me based on people viewing or using my solution.
Why don't you just "use strict" for all your code, then?
https://www.w3schools.com/js/j...
The root certs in question were not widely deployed and were revoked long ago not that that excuses the CA from issuing them.
It could still be useful if someone were to extract them on one of the few deployments in existence.....
Just because the cert has been "Revoked", does not mean people are not still running around with hardware or software that will trust it. Because many applications don't even bother to check for revocation, example: Firefox doesn't check CRLs, instead they have their own proprietary CRL service that only bothers with high-profile site names --- too much latency would be re-introduced by turning proper revocation checks back on.
In reality he probably just need to go to the court and get an injunction, probably the eBay sellers will just give up at that point, and not persist in wanting to sell the items, and fight the case.
This is true, but an enterprise with an infringed patent would likely find some kind of Copyright claim to make in order to file a DMCA letter.
Then if the infringement claimed in the DMCA letter were disputed by the offender, the lawyers would bring up Both the copyright AND the counterfeit goods, trademark, and patent infringement issues.
That's pretty funny, since I'm looking at my last CenturyLink (telecom) bill and it contains a specific line item fee for "franchise at 3%."
Apparently my city can, and does, franchise the local telecom, despite this special "federal regulated" status they hold.
No..... For a Telecom, that is basically also what they call part of the basic permitting necessary for access to rights of way. FCC S-253 has allowed municipalities to impose their building codes, construction schedules, etc and charge a nominal fee to recover no more than their costs of managing the public right of way. The municipalities are not able to impose further obligations, For example, they cannot set out any questions or requirements about services, they cannot require financial information, They cannot make Approval or Denial based on the discretion of officials in the muncipality.
n Bell Atlantic-Maryland, Inc. v. Prince George's County, 49 F. Supp. 2d 205
(D.C. Md 1999)