I've been on both sides of this one - I got asked to sign one of those agreements for ****** about six months back when I joined their "technical advisory board". I put a line throught the clause about telling them about prior work and signed the document with the change initialed. Nobody objected.
The other interesting tactic I've tried in the past is the pay to play tactic - add a clause that says they can stop me working for anybody if they pay me to stay at home (the same package inc stock and bennies that I'm being offered). Giving them this option wih say 7 days to excercise it from being notified of my intent to work for XYZ corp kept at least on employer happy (I got paid for 12 months "garden leave" - when I left:-)
On the flip side I had a situation where we needed to close VC funding and the lawyers for the money said we had to have IP agreements with everybody before they'd ink the deal - one of my contractors (not even a full time guy) wouldn't sign the agremment - I had to fire him. It wasn't even a particularly bad agreement (it was about as strong as is actually enforcable in Califronia which is to say not very).
It's not about PKI being outdated - it's more about it being unworkable in the real world. PKI is not a bad structure for identifying devices. The basic model works when my gateway wants to know if that really is my mail server it's talking to.
Where it doesn't work is when you try and bind keys to people (as the author points out). This is, in part, because people don't (can't) secure their private keys. It's also in part because the whole concept of identity is fuzzy. Identity theft is trivially easy and so it's simply not possible to create a CA that can really prove or disprove identity.
Add to that the simple fact that security based on "something you know" has never been reliable due to the propensity to share the secret and PKI becomes doomed. Moving to a "something you have" system (eg smart card) helps but now we're back to proving the device we're taking to not the user of the device.
In summary - All trust is relative - PKI assumes that absolute trust is possible and so does not work in the real world.
This has to be one of the worst ideas I've heard in a long time (and I've heard some bad ones).
As somebody who knows quite a lot about internet commerce (I founded CyberSource and beyond.com) I can say with a high degree of certainty that the merchants will laugh in the face of AT&T trying to collect money from them.
It won't fly because:
1) There is no contractual relationship between a merchant hosted by say Exodus and AT&T - absent the contract how will AT&T assert their claim?
2) Assuming for a moment that they are stupid enough to block sites that won't pay they would have an instant PR disaster.
3) If by some reason I can't think of they manage to force merchants to pay then the sites will probably pass it on as an "AT&T surcharge" - this will piss off AT&Ts customers.
I suspect what we're really talking about here is not taking money from every merchantt - it's promoting some merchants in return for a transaction fee (instead of a page views based model). This is not new and was part of the original @home model.
If we take the middle number of 15,000 customers and say $80 each to issue a new plastic (yes that's what it cost to issue a new card) then we're talking $1.2 million for this incident alone.
No sh*t - I had the pleasure (?) of working with the ST506 (the first 5.25 inch hard drive) - 5 megs seemed endless on a 5Mhz 64Kb 8085 CP/M box - oh how the world has changed
This post typed on a PC with 256MB RAM, a 22 GB and a 60GB disk (the 60GB is the IBM this article is about)
I've found that most NDA's can be rendred invalid by simply writing on the bottom of the NDA
"company will provide a writen, specific list of information considered confidential within 7 days of disclosue of such information".
In 99.9% of cases they don't do it.
The clause to watch for is the non-discluse non-use clause where they say you can't use the info - I always put a line through such clauses.
One trend I don't like at all is the NDA visitor badge - when you sign in at reception you sign an NDA - again - put a line through any bit's you don't like and inital the change.
Finally beware any NDA longer then two pages - it can all be said in page or so, more than two is a big red flag
Privacy is mostly a superstition. The net does not add much to the lack of privacy. If you want real privacy you need to not use credit cards, not get a drivers license, not buy a house, never notify the post office of a change of address, not subscribe to magazines, not have a bank account. In other words not participate in the modern world.
The amount of data available on individuals from informations services like ussearch.com is amazing. None of this is realted to web use, it's all just database marketing and public records.
all this has been going on for a long time and people frankly don't care. Yes if you ask them a loaded question they will react but absent that stimulus they will happily ignore the issue.
The thing I have always found amusing is that the p0rn industry in Australia is mostly in ACT (for those who don't know that's appromimatly the equivilent of it being based in Washington DC)
I think the thing people (governments in particular) miss about the net is that there is no "there" on the net. In practical terms all they can do is hurt the domestic industry by regulations while people in other parts of the world will ignore the regulations.
We've already seen this happen with cryptography, betting and porn. The standard for the net as a whole is set by the least restrictive country that is connected.
I don't have full binocular vision. I turns out that I don't spend my life falling down stairs. Binocular vison is of limited usefullness, particularly if the target is some distance away. Where it is usefull is in things like catching moving objects (I can't catch well). It's not usefull much beyond 10 feet.
The reality is that paralax plays a much bigger part in distance detection than binocular vision does for most objects.
As I understand it one of the basic ideas supporting the current 1st ammendment doctrine is no prior restraint. IMHO any ruling that requires owners of automated systems to check the legality of links would have enough of a chilling effect to be considered prior restraint.
I notice in the Wired story they talk about the RIAA having gone for the ISP. This is, I think, perhaps more of concern than the linking issue. The idea that just by writing a letter it's possible to silence a web site is very distubing. I suspect (hope) this is one aspect of the DCMA that won't survive the courts. (see also the Ford vs Blue oval case also had a big company shutting down a little guy by going for the ISP (the details are different but the issue is there - the blue oval case is currently on appeal with the ACLU getting involved).
John (who has been sued enough in the past to know it's all a lottery anyway)
Ok now we got that out of the way. I read the opinion in the BlueOval case (it's here if you are interested - word perfect format not acrobat as despite the instructions otherwise).
While I agree that a lot of it is not related I think the key issue, the 1st ammendment, is applicable. Assuming that the publisher did not have a direct contract with Adobe (if he did all bets are off) then there can be no legitimate argument that allows a commercial entity to chill free speach. Letting adobe previal in this would have massivly chilling effect on large sections of the press and on investigative journalism in particular. As such on the face of it it's unconstitutional (I think P&G vs Bankers Trust is particularly applicable here)
I bought the dell sapecifcally because I don't like the trackpoint. Mine is PIII 650/500 (speed step), ATI Rage Mobility 1400x1050/24 bit (1600x1200 external). I got the 12GB disk (18 was an option but I don't need it - it's the 6th machine in the house:-) and 192MB of ram.
As a dual boot box (Win 98 and Red Hat 6.2) it works great. Better still I can watch *my* selection of movies on long plane rides (why else get a dvd:-).
Why bother with a thinkpad when Dell has a very nice 1400x1050 SXGA+ display available on their Inspiron 5000 (I have one - runs linux just fine and the display works great with the patches from http://intern.linpro.no/~janl/inspir on-5000.html)
Write a good sub debug that prints it's argument to a log file together with lots of timing info (like how much user and system time has elapsed).
Sprinkle liberally through the code.
Study the results. You'll find that often what you though was slow isn't and what you thought was fast is slow. In one case a CGI I saw was taking 2 seconds to just load all the libs that were being requird even though most were not needed!
In another case we found that the fastest way to beuild a free text endgine was to munge the input into a regex and use the builtin grep on the data (cut the search from 500ms to sub 100ms of CPU).
Overall it's very application dependent - most of the optimizations (apart from the regex stuff) are about good coding practice as much as anyting else.
Elected government (are we off topic or what?)
on
EU Web Tax Proposed
·
· Score: 1
While the commission isn't directly elected they are appointed by the elected governments of the member states so it's not true that they are unaccountable.
Come to think of it the US president isn't directly elected either...:-)
In the old days (1980's;-) of shipping physical goods there was a concept known a Free On Board (FOB). The FOB point was where the good changed hands. If I sold somebody a product FOB my loading dock they paid freight and were responsible for any import duty. If on the other had it was FOB their loading dock then I paid freight and dealt with the duty (gross simplification but you get the idea).
It seems to me that with the net the FOB point is at one of the NAPs. If this is the case then the old rules should apply and the importer should deal with the tax. There is lots of international law on this stuff already.
Where the EU is having a problem is not that the law does not allow them to charge vat, it does, it's that they can't detect the imports and regulate them. The real thrust of this proposal is to move the responsibility for collecting existing taxes onto corporations because they are a lot less hassle to persue than consumers.
John (who in another life started a company selling software over the net and so thinks he knows about this stuff:-)
Slashdot Mirror
The other interesting tactic I've tried in the past is the pay to play tactic - add a clause that says they can stop me working for anybody if they pay me to stay at home (the same package inc stock and bennies that I'm being offered). Giving them this option wih say 7 days to excercise it from being notified of my intent to work for XYZ corp kept at least on employer happy (I got paid for 12 months "garden leave" - when I left :-)
On the flip side I had a situation where we needed to close VC funding and the lawyers for the money said we had to have IP agreements with everybody before they'd ink the deal - one of my contractors (not even a full time guy) wouldn't sign the agremment - I had to fire him. It wasn't even a particularly bad agreement (it was about as strong as is actually enforcable in Califronia which is to say not very).
The didn't overturn - they vacated - very different. They asked the Forida court to reconsider which put's the whole thing back in limbo.
It's not about PKI being outdated - it's more about it being unworkable in the real world. PKI is not a bad structure for identifying devices. The basic model works when my gateway wants to know if that really is my mail server it's talking to.
Where it doesn't work is when you try and bind keys to people (as the author points out). This is, in part, because people don't (can't) secure their private keys. It's also in part because the whole concept of identity is fuzzy. Identity theft is trivially easy and so it's simply not possible to create a CA that can really prove or disprove identity.
Add to that the simple fact that security based on "something you know" has never been reliable due to the propensity to share the secret and PKI becomes doomed. Moving to a "something you have" system (eg smart card) helps but now we're back to proving the device we're taking to not the user of the device.
In summary - All trust is relative - PKI assumes that absolute trust is possible and so does not work in the real world.
--
This has to be one of the worst ideas I've heard in a long time (and I've heard some bad ones).
As somebody who knows quite a lot about internet commerce (I founded CyberSource and beyond.com) I can say with a high degree of certainty that the merchants will laugh in the face of AT&T trying to collect money from them.
It won't fly because:
1) There is no contractual relationship between a merchant hosted by say Exodus and AT&T - absent the contract how will AT&T assert their claim?
2) Assuming for a moment that they are stupid enough to block sites that won't pay they would have an instant PR disaster.
3) If by some reason I can't think of they manage to force merchants to pay then the sites will probably pass it on as an "AT&T surcharge" - this will piss off AT&Ts customers.
I suspect what we're really talking about here is not taking money from every merchantt - it's promoting some merchants in return for a transaction fee (instead of a page views based model). This is not new and was part of the original @home model.
Move along folks there is nothing to see here.
John
Ouch!
This post typed on a PC with 256MB RAM, a 22 GB and a 60GB disk (the 60GB is the IBM this article is about)
Thats a lot of change in 20 years.
"company will provide a writen, specific list of information considered confidential within 7 days of disclosue of such information".
In 99.9% of cases they don't do it.
The clause to watch for is the non-discluse non-use clause where they say you can't use the info - I always put a line through such clauses.
One trend I don't like at all is the NDA visitor badge - when you sign in at reception you sign an NDA - again - put a line through any bit's you don't like and inital the change.
Finally beware any NDA longer then two pages - it can all be said in page or so, more than two is a big red flag
IANAL but I've signed a lot of NDA's in my time
The amount of data available on individuals from informations services like ussearch.com is amazing. None of this is realted to web use, it's all just database marketing and public records.
all this has been going on for a long time and people frankly don't care. Yes if you ask them a loaded question they will react but absent that stimulus they will happily ignore the issue.
John (one of the founders of TRUSTe)
Because I suspect he wants roving windows dialup (laptops) and taking a linux box on biz trip to act as a vpn gateway would be a little bit OTT.
The thing I have always found amusing is that the p0rn industry in Australia is mostly in ACT (for those who don't know that's appromimatly the equivilent of it being based in Washington DC)
We've already seen this happen with cryptography, betting and porn. The standard for the net as a whole is set by the least restrictive country that is connected.
The reality is that paralax plays a much bigger part in distance detection than binocular vision does for most objects.
As I understand it one of the basic ideas supporting the current 1st ammendment doctrine is no prior restraint. IMHO any ruling that requires owners of automated systems to check the legality of links would have enough of a chilling effect to be considered prior restraint.
I notice in the Wired story they talk about the RIAA having gone for the ISP. This is, I think, perhaps more of concern than the linking issue. The idea that just by writing a letter it's possible to silence a web site is very distubing. I suspect (hope) this is one aspect of the DCMA that won't survive the courts. (see also the Ford vs Blue oval case also had a big company shutting down a little guy by going for the ISP (the details are different but the issue is there - the blue oval case is currently on appeal with the ACLU getting involved).
John (who has been sued enough in the past to know it's all a lottery anyway)
BTW it would take 1000+ tape drives running at once to move that much data
From the useless stats dept.
40 Gbits/sec = 216 Terabytes in 12 hours.
If you put 1800 120GB DDS4 tapes in FedEx baggies you will move the same about of data (latency is not so good but that's not the point :-)
Never underestimate the bandwidth of a truck load of tapes.
Ok now we got that out of the way. I read the opinion in the BlueOval case (it's here if you are interested - word perfect format not acrobat as despite the instructions otherwise).
While I agree that a lot of it is not related I think the key issue, the 1st ammendment, is applicable. Assuming that the publisher did not have a direct contract with Adobe (if he did all bets are off) then there can be no legitimate argument that allows a commercial entity to chill free speach. Letting adobe previal in this would have massivly chilling effect on large sections of the press and on investigative journalism in particular. As such on the face of it it's unconstitutional (I think P&G vs Bankers Trust is particularly applicable here)
I think Big Blue has a long memeory and they still have not forgiven Microsoft over OS/2. Anything they can do to stick it to MS they will do.
As a dual boot box (Win 98 and Red Hat 6.2) it works great. Better still I can watch *my* selection of movies on long plane rides (why else get a dvd :-).
I've even had win 98 running under vmware on it.
Why bother with a thinkpad when Dell has a very nice 1400x1050 SXGA+ display available on their Inspiron 5000 (I have one - runs linux just fine and the display works great with the patches from http://intern.linpro.no/~janl/inspir on-5000.html)
Sprinkle liberally through the code.
Study the results. You'll find that often what you though was slow isn't and what you thought was fast is slow. In one case a CGI I saw was taking 2 seconds to just load all the libs that were being requird even though most were not needed!
In another case we found that the fastest way to beuild a free text endgine was to munge the input into a regex and use the builtin grep on the data (cut the search from 500ms to sub 100ms of CPU).
Overall it's very application dependent - most of the optimizations (apart from the regex stuff) are about good coding practice as much as anyting else.
Come to think of it the US president isn't directly elected either ... :-)
It seems to me that with the net the FOB point is at one of the NAPs. If this is the case then the old rules should apply and the importer should deal with the tax. There is lots of international law on this stuff already.
Where the EU is having a problem is not that the law does not allow them to charge vat, it does, it's that they can't detect the imports and regulate them. The real thrust of this proposal is to move the responsibility for collecting existing taxes onto corporations because they are a lot less hassle to persue than consumers.
John (who in another life started a company selling software over the net and so thinks he knows about this stuff :-)