OK, suppose I write an auction-page spider for my computer that watches all the different auction sites I pay attention to. It searches for a good price on, say, CPUs. All I have done is automate my clicking through all the little links. Is that illegal? If so, how is it different thatn me clicking the links? I see the ads, but there's junkbuster, etc.
OK, now I give the program to my friends, because they like it. What's changed? Now I distribute it free off my web page. Is it still OK? What about the fact that I get ad revenue on my page from the people downloading it? What if I had just sold it to my friends to begin with (only a few people...maybe 5 or 10)? So now what if I convert it to a web search engine that people can use to freely search auction sites? Now I'm getting more add revenue, but so what? What if I sell the program or the service?
I guess my point here is where is the transition to illegality? In trdaitional trespassing law, it is when I step onto the property without permission. But ebay gave me permission to use the site. Where did I lose it? (If we allow that I did lose it when I began running a large commercial web site...)
How about a TLD for those who would like to put up a personal page? we could have a TLD with fairly simple requirements: Private citizens only (no businesses allowed); you can't be selling anything; one per person. Sound fair?
The reason that power grids are affected is reasonably simple. There is a large influx of charged particles coming our way at high speeds. Charged particles in motion set up magnetic fields. A changing magnetic field produces currents in loops of wire. A power grid contains LOTS of wire. You can read all about it in any physics text, under Ampere's law, and the Biot-Savart Law, and Faraday's law of induction. This will occur in any loop of wire, but we care about the electrical grid because we care about what form of current comes out of it, and that could change. The earth's magnetic field means that the majority of the particles come in near the poles, causing more problems for those in the north or south. Of course, the northern hemispher is pointed closer to the sun right now (that's why its summer), so the north gets affected more than the south (south of the equator that is).
Perhaps its not the best thing to censor games like this. But, there are plenty out there who do NOT parent responsibly. I don't mean deciding its OK for their kid to play this sort of game, but not forming an opinion. If you are a parent and think its OK for your kid to play the game, buy the game for them. Make them pay you back, but get the game for them.
It seems to me the way to do this is to keep track of time, date, to/from, subject, etc. Don't keep the content, but instead keep the MD5 hash (or something similarrr but faster; MD5 is the best though). Then, you can take the msg that someone forwards to the sysadmin, and MD5 it to see if its legit. It would take some work to make sure that the msg text was exactly the same, otherwise the MD5 would be different. Worth trying tho. I'm not the person to ask about implementation.
MPAA, etc should get with the times and sanction something like MP3.com. You click the button and it starts downloading, and bills your acct. Oh wait, that infringes on Amazon's patent, doesn't it?
I took a crypto intro class not that long ago, and it covered e-voting. We produced a system by which votes can be made, fitting our list of requirements. The important thing to remember here is that you need at least one communication channel that cannot be intercepted. It can be as simple as having the MD5 hash of the server public key printed on your voter registration card. But without that much, someone could (from the math standpoint) intercept everything and pretend to you to be the server and to the server to be you. Still fairly daunting, but theoretically possible. With that in mind, here is the system we designed.
The requirements are: 1) your vote cannot be connected to you 2) 1 person, 1 vote 3) only registered voters can vote 4) no 3rd party interception can change or read the votes (math level, not TCP/IP level. you need one small channel that can't be modified.) 5) you can verify that you voted 6) you can check who you voted for depending how paranoid we want to be, we can make the server not implement 5/6. So here it is. You and the server exchange public keys. You verify the public key you are given against the MD5 hash on your card, to prove there is no middle-man attack happening. You tell them you want to vote. they acknowledge. Now, for simplification purposes, assume we are only voting on one candidate. its not too hard to see how to expand to many different options, but for now assume we want to decide on the president among n candidates. You now build ten (or a hundred, or whatever) valid votes for candidate 1. It includes a GUID, created by selection of a random number from a 128bit keyspace (or 1024, or whatever is sufficient to reduce collision probability below 10^-100 or something equally insane). These are then passed through a blinding function, which obliterates the information if you don't have the blinding factor. In modern crypto, this is a simple as multiplication by a large number. You should now have 10 (or however many) votes for each candidate. the first vote for all the candidates need to share a GUID. You then send all the votes to the central server. They decide they want to see all but number x. You send the relevant 9 (n-1) blinding factors. They then verify that all above proerties are true - votes number 1 has the same GUID for each candidate, they all vote for the same candidate (within each block), etc. They then sign the remaining votes (DIFFERENT KEY PAIR from the one used for general communication). These are then sent back to you (encrypted and signed, of course). At this point, you have one vote for each candidate, all with the same GUID, validly formed, signed by vote central. your id number, key, name, etc are no longer in any way connected to this vote. You can now be paranoid, put the votes on disk, move to a different computer, etc. Select one vote and send it in. You have now voted. the last two proerties we must verify are numbers 5 and 6. This is accomplished by vote central tracking GUIDs and posting corresponding votes, or by a GUID/vote request system, or whatever. complete post is bad, as it prematurely gives out results. Mission accomplished.
Slashdot Mirror
OK, now I give the program to my friends, because they like it. What's changed? Now I distribute it free off my web page. Is it still OK? What about the fact that I get ad revenue on my page from the people downloading it? What if I had just sold it to my friends to begin with (only a few people...maybe 5 or 10)? So now what if I convert it to a web search engine that people can use to freely search auction sites? Now I'm getting more add revenue, but so what? What if I sell the program or the service?
I guess my point here is where is the transition to illegality? In trdaitional trespassing law, it is when I step onto the property without permission. But ebay gave me permission to use the site. Where did I lose it? (If we allow that I did lose it when I began running a large commercial web site...)
Mrs. October sure does have large ... umm... ***MICROSOFT ATTENTION WATCHER HAS DETECTED INNAPROPRIATE BEHAVIOR. SHUTTING DOWN*** bloop.
How about a TLD for those who would like to put up a personal page? we could have a TLD with fairly simple requirements: Private citizens only (no businesses allowed); you can't be selling anything; one per person. Sound fair?
The reason that power grids are affected is reasonably simple. There is a large influx of charged particles coming our way at high speeds. Charged particles in motion set up magnetic fields. A changing magnetic field produces currents in loops of wire. A power grid contains LOTS of wire. You can read all about it in any physics text, under Ampere's law, and the Biot-Savart Law, and Faraday's law of induction. This will occur in any loop of wire, but we care about the electrical grid because we care about what form of current comes out of it, and that could change. The earth's magnetic field means that the majority of the particles come in near the poles, causing more problems for those in the north or south. Of course, the northern hemispher is pointed closer to the sun right now (that's why its summer), so the north gets affected more than the south (south of the equator that is).
Perhaps its not the best thing to censor games like this. But, there are plenty out there who do NOT parent responsibly. I don't mean deciding its OK for their kid to play this sort of game, but not forming an opinion. If you are a parent and think its OK for your kid to play the game, buy the game for them. Make them pay you back, but get the game for them.
It seems to me the way to do this is to keep track of time, date, to/from, subject, etc. Don't keep the content, but instead keep the MD5 hash (or something similarrr but faster; MD5 is the best though). Then, you can take the msg that someone forwards to the sysadmin, and MD5 it to see if its legit. It would take some work to make sure that the msg text was exactly the same, otherwise the MD5 would be different. Worth trying tho. I'm not the person to ask about implementation.
MPAA, etc should get with the times and sanction something like MP3.com. You click the button and it starts downloading, and bills your acct. Oh wait, that infringes on Amazon's patent, doesn't it?
The requirements are:
1) your vote cannot be connected to you
2) 1 person, 1 vote
3) only registered voters can vote
4) no 3rd party interception can change or read the votes (math level, not TCP/IP level. you need one small channel that can't be modified.)
5) you can verify that you voted 6) you can check who you voted for depending how paranoid we want to be, we can make the server not implement 5/6.
So here it is. You and the server exchange public keys. You verify the public key you are given against the MD5 hash on your card, to prove there is no middle-man attack happening.
You tell them you want to vote. they acknowledge.
Now, for simplification purposes, assume we are only voting on one candidate. its not too hard to see how to expand to many different options, but for now assume we want to decide on the president among n candidates.
You now build ten (or a hundred, or whatever) valid votes for candidate 1. It includes a GUID, created by selection of a random number from a 128bit keyspace (or 1024, or whatever is sufficient to reduce collision probability below 10^-100 or something equally insane). These are then passed through a blinding function, which obliterates the information if you don't have the blinding factor. In modern crypto, this is a simple as multiplication by a large number. You should now have 10 (or however many) votes for each candidate. the first vote for all the candidates need to share a GUID.
You then send all the votes to the central server. They decide they want to see all but number x. You send the relevant 9 (n-1) blinding factors. They then verify that all above proerties are true - votes number 1 has the same GUID for each candidate, they all vote for the same candidate (within each block), etc.
They then sign the remaining votes (DIFFERENT KEY PAIR from the one used for general communication). These are then sent back to you (encrypted and signed, of course). At this point, you have one vote for each candidate, all with the same GUID, validly formed, signed by vote central. your id number, key, name, etc are no longer in any way connected to this vote. You can now be paranoid, put the votes on disk, move to a different computer, etc. Select one vote and send it in. You have now voted.
the last two proerties we must verify are numbers 5 and 6. This is accomplished by vote central tracking GUIDs and posting corresponding votes, or by a GUID/vote request system, or whatever. complete post is bad, as it prematurely gives out results.
Mission accomplished.