Well when you click on a product on a website you are not agreeing to buy. The only point in which you agree to buy is AFTER you have entered your CC number and you see a final total and you hit the submit/I agree/whatever button.
IANAL but this is certainly what a customer is likely to argue in court. The seller has the responsibility to make sure that the invoice total is correct. No excuses. It is very clear that the final 'accept' button is an offer of a contract.
Its a losing proposition for Amazon here. They are going to get crucified by chargebacks for the unauthorized purchases.
The mailings telling people to return the merchandise would appear to risk falling into the category of demanding payment for unsolicited goods. The customer agreed to pay for the goods but for the stated price.
Just fire the middle manager who you have bungling the remediation on this, eat the ten million or so and move on.
Nonsense. Can you say securities violation and/or tax fraud? If the numbers didn't jive, they'd be guilty of market manipulation. If you really believe they're doing that, go ahead and feel free to file a complaint and/or tip here.
Actually the chances that you taxable earnings exactly match your profits are somewhat small. The accounts are meant to represent the business as it is. The rate at which capital equipment should be written off is almost certainly not the same as the rate the IRS allows.
I don't see where the RIAA thinks that there is any incentive here for the ISPs to cooperate. If a customer is going to be hit with a lawsuit that is their problem. There are not going to be grateful to the ISP for getting them the option of a $1000 discount.
Whereas in the blogosphere, there are people who are actually secretly being paid to promote a particular view. Sure, the media may be overpaid fools, but at least you know who's signing their paychecks.
Empirically this is not the case, there have been several Bush administration scandals where journalists turned out to be paid with government (i.e. our) money to propagandize for the GOP.
Product placements are not reported. And the curious silence of the establishment media on the Cunningham scandal in its early days strongly suggests that it was not only politicians that were visiting the Watergat building for the Poker and Hookers parties that court documents allege Brent Wilkes paid for. The number one and number two at the CIA were dismissed as a direct result of that scandal, Foggo for allegedly attending the parties, Porter-Goss for promoting him into that position.
Whereas the blogosphere has an anti-establishment tendency - the mainstream media is all lies, and anything written by an apparently independent blogger or grassroots movement is assumed to be true
Not in the blogs I read. It is routinely assumed that many bloggers are in the direct pay of politicians and campaigns. The same is true on Wikipedia. I have found a few editors there who were very obviously paid shills for a campaign. The Katherine Harris ones being the most amusing, they would be editing in endorsements by politicians who had already made public their refusal to support her. Then they would suddenly disappear and there would be news of a purge by 'Pink Sugar'.
But there are also paid shills and paid shills, I can pretty much guess who wrote many of the wikipedia articles on several Internet security protocols. In some cases people have told me that they wrote them. But its pretty rare that I read one of them and find something blatantly POV. Most people are sensible enough to know that a good article is going to survive much longer than an obvious puff piece.
Its about accountability. If you shill in the blogosphere other people soon find out. You can be a paid shill for Faux news and nobody will say anything against you.
If it creates both (a) discerning people and (b) the need for people to be discerning, it seems disingenuous to praise it for making people more discerning.
If you watch any network TV program these days you will see paid product placements inside the shows. The actors dunking their Oreo cookies in their morning coffee are paid to say that they are their favorite.
People who complain about the blogosphere are almost always doing so because they have a vested interest in keeping people stupid. They don't want people to be questioning the beltway 'reporters' like Tim Russert who last week admitted that he automatically considers high government officials to be on background and clearly treats their statements as unassailable gospel truth rather than as self interested claims which are at best likely to be half truths and are quite likely outright lies.
Because of overpaid fools like Russert there was no resistance when the Bush Administration blundered into Iraq with a plan that many experts including the army chief of staff considered to be half baked.
The point of the blogosphere is not to exclude views, it is to include them. You can find every view on the blogosphere including the paid product placements and specious punditry you find in the mainstream media. But you also find the views the mainstream media don't publish.
The blogosphere is largely a US phenomenon because the US media is by far the worst in the Western world.
Everyday the mainstream media interviews far right idiots like Ann Coulter, Michelle Malkin, hatemongers like Bill Donahue, Pat Robertson etc. etc. etc. I have never once seen Chomsky interviewed in the past five years. And the only question the media asks itself is 'are we being too liberal'. There is a huge market for left and centrist pundits such as Paul Krugman but they don't get booked.
And the idea of having politicians on the talk shows rather than unaccountable pundits simply does not seem to have occurred. Every weekend five or six politicians drawn from the same pool of 15 'A-list' talking heads appear.
Its not simply a right wing bias though, its an establishment bias. In the early Gingrich years I had several exchanges with his staff. At the time they were the disruptors and the establishment was shutting them out. In another ten years the centrist Democrats will be the establishment and everyone else will be shut out, or rather that is what would happen if there was a mainstream media in ten years time which there probably will not be.
Gates and Jobs are not essentially doing the same thing. One is telling the music companies to drop DRM the other is saying "whatever you want we will give it to you". I think most people can tell the difference between those two positions.
OK, you tell me which one you think is Jobs and which you think is Gates here.
Jobs has been giving the RIAA exactly what they want since the launch of iPod. He clearly has no intention of changing. The only 'change' in his position here is that he has repeated earlier statements that the demands made by the RIAA are counterproductive
The real issue for the RIAA is not really preventing copyright theft, it is protecting the system which allows the labels to extract the majority of the profits from the system, locking bands into unequal contracts and usually cheating them of the royalties that they are due.
The MPAA is much less concerned because the studio system is long gone, direct distribution is not a threat.
The way to express it to the suits is "DRM hurts your sales." I think that was the real thrust of Jobs's argument, that music companies could stand to expand their market presence immeasurably if only they promoted interoperability and ease of use--and that's just impossible as long as they insist on DRM.
Jobs and Gates are essentially doing the same thing here. They both understand that DRM is pretty bogus, they are both supporting it since that is the only way to bring the content providers onboard at the moment.
Having attended one of Leonardo's SDMI meetings I would not trust him as far as I could spit. He was the architect of the SDMI fiasco. I have no confidence in either his technical or his political skills.
Incidentally the title father of MPEG is somewhat overblown.
Tell me again why a MAC user would _want_ to run vista on their MAC?
There are many Windows users who would prefer to buy Mac hardware to the PC equivalents. Dell and Gateway are poor on design, Sony is almost as slick as Apple on design but the build quality is poor, Lenovo is solid but unexciting.
I have used Macs in the past, I don't consider them to offer superior usability for my uses. The usability factors are optimized for people other than me.
What I don't think would happen is that a Windows user would buy premium Apple hardware and then load a cheapie version of Vista.
The other benefit of running Windows on a Mac is that it does so annoy followers of the cult of Jobs. Its like during the cold war when many anti-communist types would claim to be libertarians, pointing out that George Orwell was a socialist could sometimes cause them to go into severe shock.
Some folk think that the best editor ever was the original vi.
Can you not tell from the language used in the summary. Read blackmail or extortion for 'political dealing' if this was Microsoft. Note how the benefit to both parties is mentioned, if this were microsoft then it would be evil for everyone except MS.
The subsidies they obtained are not even that great. $89 million over 30 years is only $3 million a year. That is for a $600 million capital investment.
Expecting to do this quietly is somewhat strange, unless they were really concerned that there would be some sort of tree-hugger anti-Google faction.
What I would be rather more worried about if I was Google is the flood plain issue. Building a data center full of expensive delicate equipment in a flood plain is a somewhat odd idea.
I would not take this approach because it is more likely to be counterproductive. Bothering about the competition is silly, a data center is a cost center. It is only to Google's advantage if Yahoo was to build in the same area.
Reading through the comments it appears that his statements may well be the result of something other than his ideology. Such things happen. Quite why Slashdot has to treat each one as if it were an existential threat is beyond me.
It's probably my libertarain tendencies, but I have to ask why it should be the government to come up with the money? Electricity generation shouldn't be a role of the government.
Goverments exist dude, get over it.
Over the past century the balance of opinion is that government sponsored research such as the World Wide Web you are currently using pays greater dividends than directed commercial research.
In 1992/3 the salary of every single person working on the Web at CERN was paid for with government funds including me. The US govt picked up the tab for the folk at NCSA as well. In fact that was the case for at least 70% of the people on the project until Netscape was founded.
When the US government is spending half a billion dollars a day to secure its oil supply in the gulf spending a tenth that amount on basic research to reduce dependence on foreign oil is a no brainer.
Thing is this really isn't even an issue with Microsoft. Microsoft did not invent High Assurance Certificates. And since they are being issued Microsoft has the obligation to support them... same as Opera or Firefox. Really this isn't Microsoft's fault. The blame rests in user error and really clever phishers. Microsoft (and all the other browsers) job is to figure out a way to make sure that users aren't fooled... which when it really comes down to it is next to impossible.
This is really not accurate at all.
First there is no obligation for any browser to deploy EV. The browser providers were involved in the process from the start. The CA-Browser forum involves the CAs and the Browser providers. (Ob disclaimer, yes I am a participant, no I do not speak for them).
The paper does not address any part of the EV process. What it considers is the response of test subjects to the Microsoft version of the EV user experience. That work is soley due to Microsoft.
The paper addresses one particular use case which is the easiest to test but makes the greatest demand on the user experience. This makes good sense if your objective is to work out how to make the user experience as effective as possible. It is not an objective test of the utility of EV.
If you prime users to look for the EV indicators the results are rather different. In fact it is so artificial it does not make much sense to test it. But that test is representative of the case where a user is already suspicious of a site and wants to know if they should proceed. In particular the user responding to a an email saying 'your account has been compromised, click here to verify your account'.
Security is risk management not risk elimination. The EV user experience is not designed to meet the type of demands that Bruce Schneier would consider provided perfect security. The point is to improve what we can.
If you are loosing an eight figure sum to phishing the idea of enabling SSL on every one of your Web servers without exception makes a great deal of sense, it is not going to eliminate phishing but it is almost certain to pay for itself.
Unfortuantly, I beg to differ. I'm going to sign up with a deal for my electricity, which in exchange for limiting my usage during certain periods of time, they'll sell me my electricity for 4.5 cents/kwh, including fuel charge. At that rate, putting up a turbine would take more than 50 years to pay itself back, effectivly forever when you figure cost of capital. This result means that it is more economical for me to buy my electricity and invest/not borrow the money.
Those costs are largely due to the small scale production of the equipment. There is no reason why an on-demand water heater should cost three times as much to buy and install as a conventional one if both sold in equal volumes. But I have only a few options to fit the on-demand heater while any plumber can do the conventional one.
The first Nikon digital camera cost $5000, a vastly better model now sells for $400. The difference is that one sold in the thousands, the other in the hundreds of thousands.
From a government policy point of view subsidising wind power in the early stages to allow it to achieve critical mass more quickly makes perfect sense. The oil industry has had tens of billions in handouts over the past six years.
Another no-brainer is for the government to cough up the $50 million or so it would take to build a serious prototype geothermal plant. The main disadvantage of geothermal is that there is some evidence that they may make earthquakes more frequent. This is not necessarily a disadvantage, more frequent quakes means smaller quakes. If we could understand the physics better we may be able to turn the next 'big one' into a series of smaller ones.
The paper discusses a picture in picture attack. I don't see how such an attack fits into any of the phishing attack vectors currently seen.
Let us imagine that we have an email message that takes us to a phishing site. But instead of taking us to a Web page we get a web page within the Web page. Is the user likely to notice? I suspect so.
The experiments don't test that scenario, instead they test the scenario where the user has a browser open with a PIP browser already there. This is a rather easier lay up.
I have spent quite a bit of time working on security usability testing including EV. It is really hard to design a realistic experiment. If you put users in a lab environment they react very differently. In particular in a lab environment they are much more tolerant of errors than in a home environment, they expect things to be not quite right. This means that many security cues are suppressed entirely.
The user experiences we are testing are all designed to be minimaly intrusive. That is they are designed for regular use every day. The idea is not that someone visits their bank, sees the green bar and thinks they are safe. The idea is that they visit their bank fifty to a hundred times seeing the green bar every single time and then notice it is not there in an attack scenario.
Ultimately the objective of EV is not to stop phishing, it is to provide accountability. If you go to the EV site you should know that the site has been authenticated and you can either hold the site accountable or the issuer of the cert. This may reduce phishing, but it is not by itself going to eliminate it.
Ultimately the test that matters here is how people react in a large scale deployment. The cost of phishing is huge. It is a very visible attack that eats up a huge amount of customer service and staff resources besides the cost of the actual fraud losses (secondary losses are much higher). If EV reduces those costs by even a few percent it more than pays for itsef.
The idea of EV was not to protect banks though, it was to protect customers. The user experience is not fixed for all time. If the IE7 EV experience does not work then we can change it to make it better. At this point however we need the type of data that you can only get from large scale deployment to know.
If you know to look for the green bar you will be a lot safer than you are now. The problem is how to design something that is pervasive without being invasive.
They already know. Iceland has been aggressively using geothermal energy for years. Unfortunately their techniques are not directly applicable except perhaps in Hawaii since they are essentially living on a volcano.
10% of energy requirements is a huge amount for a country the size of the US with the energy consumption of the US. It means that China could easily achieve a similar figure.
If you add that to wind you get a significant reduction in oil and gas import requirements.
These technologies are interesting because they have almost no running costs, the consumables are minimal. There is a huge potential for applying mass manufacturing techniques to reduce capital costs. Conventional power stations are expensive to build because they have to be built large for the sake of efficiency. They have to eke every last watt out of the fuel they consume. If you have essentially no fuel costs a 50% reduction in capital costs is much to be prefered over a 10% improvement in efficiency.
They keep telling us that there are all these other countries out there -- has anyone proposed that some of the others could possibly do this, since it's so, y'know, important? Neither article quite says that, either.
Seems an odd decision for the US to surrender leadership in this area without a fight.
The moonbase and the mars mission are both doomed. The Appolo program was funded for one reason alone, to do something that the Soviets could not. In the wake of the Cuban missile crisis JFK decided to spend the Soviets into the ground. The Appolo program was a good investment on that basis.
There is no long term political goal that has a constitutency large enough to sustain either mission past the end of the Bush administration. Nor is it very likely that the country is going to be building monuments to Bush II.
Manned space missions are adventurism, not science. A landing on Mars is not going to defeat Bin Laden or intimidate the Chinese. The 'international space station' is emblematic more of the futility of the whole project than anything else.
In comparison Hubble has been a goldmine. The only flaw in the Hubble design (the mirror was botched by a contractor) was that it was designed for manned servicing. A design that allowed for servicing by a robot would have been considerably more flexible.
How conflicts should be handled is currently unresolved. Many countries have other island nations within their 12 mile territorial borders, yet none have tried to exercise jurisdiction.
Its not relevant, HMG never recognized Sealand. The US courts have explicitly rejected the claim that 'sealand' is a nation. This decision is not binding on the UK courts but it is a common law jurisdiction and it is almost certain that the UK would apply the same logic.
More importantly it demonstrates that the US would hold the UK responsible for any actions by 'sealand'. Given the avowed intent to operate as a rogue state it is not at all likely that any other country would be wanting to protect 'sealand' independence.
My joke site (SSLI: Search for Satanic Lyrics) used to be the number one result for "Satanic Lyrics, but about two months ago, ZAP! Gone from the frone page of Google. It's something like number 50 now, so instead of getting... ummm... three visitors a day, I get something like one a week:-)
I see similar traffic due to the fact that my site is the number 3 for PI to a certain number of decimal places.
I made a proposal in the W3C AC forum a week ago that would kill linkspam. So far I have not managed to follow up with Google.
The key observation here is that linkspam is not aimed at the reader of the blog, its aimed at the search engines, in particular Google. So all we need to do is to define some RDFa type markup that allows a blog to mark regions of the page as comming from a third party source.
There is also a proposal to extend the norobots scheme to allow marking of regions but I don't like that as it breaches a core principle of HTML: declarative coding. Norobots is an imperative command, 'this is external content' is declarative.
What's irritating to me is that I've been a sole proprietorship for almost six years now. I can furnish bank and credit references and tax records to that effect. Seems as though there ought to be a way to verify through those records.
Length of time that a company has been in business is a pretty good indication of legitimacy. The question is how to codify the rules in a form that works internationally.
There are certainly sole traders who hold organizational validation certificates today but the vast majority are for corporations, government agencies etc. I would suspect that most of the sole trader certs are for code signing rather than SSL. At this point there is no enhanced user experience for EV code signing and resolution of the sole trader issue is generally considered to be a necessary first step.
It is important to remember here that the object of the exercise is to be able to tell the consumer when the purchase they make if backed by accountability.
The CAs would very much like to sell EV certs to anyone who is willing to buy one. One of the intentional features of the go green user interface is that it shows the issuer name. If the issuer messes up the relying party can hold the issuer accountable.
Mom and Pop Shops will have no difficulty getting the Green bar if they use Paypal or the like as their shopping basket.
The woman quoted on the WSJ site does not have a certificate today, she uses a Paypal shopping basket. So quite why she thinks that she would want an EV cert is not clear.
Mom and Pop shops that are incorporated can get a cert like anyone else. The issue is not size, it is what is being authenticated. The EV stage 1 rules specify minimum standards for authenticating incorporation credentials. This is not possible if the applicant is not a corporation.
The CABForum is currently working on rules to allow certificates to be issued to sole traders etc. These should be ready in a few months.
It isn't... some english court decided that it is too far away... it is however close enough to be completly destroyed by a couple of rounds from a big gun placed on the english beach...
An English court made a rulling that the land on which the tower stands was not British territory at the time of the case. The court did not recognize any counter claim to sovereignty either expressly or implicitly. HMG does not recognize Sealand as a foreign government, under the UK constitution that power can only be exercised by the Privy Council.
The courts of England and Wales do not exercise jurisdiction over Edinburgh either but that does not mean that they are not UK territory.
The UK has since extended its territorial claims as permitted by an international treaty. Under the treaty the signatories recognize UK sovereignty over the sea floor on which the tower stands and thus the tower itself.
One final point, under UK law sovereignty claims do not lapse. The Bates family could claim the salvage rights to the tower as an abandonded vessel but that does not grant sovereignty rights. Since it is undisputed that the tower was occupied by British servicemen first the sovereignty claim was established then and continues. A similar claim is made to Rockall, an atoll in the Irish sea that has only been occupied once and for the period of only six months.
South Georgia is also unoccupied but it did not stop the UK fighting a war over sovereignty after the Argentine invasion.
The only reason England hasn't threatened military force is the sole fact that an invasion of what is, under international law, a sovereign nation, is illegal.
Thats utterly untrue. Under International law man made structures do not count for the purposes of sovereignty claims.
The only reason that the UK has not dealt with the situation is that there is at this point no reason to believe that illegality is taking place there.
Empirically the illegality of an invasion would not be much of a factor in preventing an invasion. It has not stopped us in the past. You don't create the world's largest empire in history by sticking to the letter of the law.
Sealand is no more sovereign territory than the 'Justus township' that the Montana tax dodgers set up. The British threshold of tolerance for loonies armed to the teeth is not very high. If they were to make their earlier mistake of pointing a loaded machine gun at a Royal Navy vessel today they might find that post 9-11 rules of engagement permit the threatened vessel to respond immediately with lethal force.
Re:How to buy Sealand for free in just 5 steps
on
Sealand Put Up For Sale
·
· Score: 3, Insightful
Last time there was a slashdot story on them, they had the business model of providing a place where folks could store sensitive data without fear of subpeona
Such confidence would be misplaced.
Either the platform is British Soveriegn territory or it isn't.
The most likely case is that the British courts consider the platform to be under UK jurisdiction following the expansion of the teritorial limits. International law does not recognize teritorial claims based on man made structures. Contrary to claims made British court has ever recognized sovereignty claims by any other party over the platform.
Ergo if the UK courts choose to issue a subpoena the subpoena can be served and enforced. Moreover since the Bates family are the directors of HavenCo and they live in the UK they can be arrested and imprisoned on contempt charges if they refuse to comply regardless of the sovereign status of the platform.
If the British courts did choose to recognize the sovereignty of the platform they or anyone else can declare war on it and blow the thing to smitherines if they make a nuisance of themselves.
The main reason that this has not happened to date seems to be that HavenCo does not have any customers worth the trouble.
The article is a little short on details... all they did was removed the cover to access the hard drive. Oh well, its ecks-mass.
Pity that Sony did not think to make the drive removable by the user. The SATA standard allows this for RAID arrays but its even more logical for laptops and cameras and as a general 'high capacity' storage medium.
I guess that this is the sort of feature we will have to wait a while on, till the competition has heated up.
Slashdot Mirror
IANAL but this is certainly what a customer is likely to argue in court. The seller has the responsibility to make sure that the invoice total is correct. No excuses. It is very clear that the final 'accept' button is an offer of a contract.
Its a losing proposition for Amazon here. They are going to get crucified by chargebacks for the unauthorized purchases.
The mailings telling people to return the merchandise would appear to risk falling into the category of demanding payment for unsolicited goods. The customer agreed to pay for the goods but for the stated price.
Just fire the middle manager who you have bungling the remediation on this, eat the ten million or so and move on.
Actually the chances that you taxable earnings exactly match your profits are somewhat small. The accounts are meant to represent the business as it is. The rate at which capital equipment should be written off is almost certainly not the same as the rate the IRS allows.
I don't see where the RIAA thinks that there is any incentive here for the ISPs to cooperate. If a customer is going to be hit with a lawsuit that is their problem. There are not going to be grateful to the ISP for getting them the option of a $1000 discount.
Empirically this is not the case, there have been several Bush administration scandals where journalists turned out to be paid with government (i.e. our) money to propagandize for the GOP.
Product placements are not reported. And the curious silence of the establishment media on the Cunningham scandal in its early days strongly suggests that it was not only politicians that were visiting the Watergat building for the Poker and Hookers parties that court documents allege Brent Wilkes paid for. The number one and number two at the CIA were dismissed as a direct result of that scandal, Foggo for allegedly attending the parties, Porter-Goss for promoting him into that position.
Whereas the blogosphere has an anti-establishment tendency - the mainstream media is all lies, and anything written by an apparently independent blogger or grassroots movement is assumed to be true
Not in the blogs I read. It is routinely assumed that many bloggers are in the direct pay of politicians and campaigns. The same is true on Wikipedia. I have found a few editors there who were very obviously paid shills for a campaign. The Katherine Harris ones being the most amusing, they would be editing in endorsements by politicians who had already made public their refusal to support her. Then they would suddenly disappear and there would be news of a purge by 'Pink Sugar'.
But there are also paid shills and paid shills, I can pretty much guess who wrote many of the wikipedia articles on several Internet security protocols. In some cases people have told me that they wrote them. But its pretty rare that I read one of them and find something blatantly POV. Most people are sensible enough to know that a good article is going to survive much longer than an obvious puff piece.
Its about accountability. If you shill in the blogosphere other people soon find out. You can be a paid shill for Faux news and nobody will say anything against you.
If you watch any network TV program these days you will see paid product placements inside the shows. The actors dunking their Oreo cookies in their morning coffee are paid to say that they are their favorite.
People who complain about the blogosphere are almost always doing so because they have a vested interest in keeping people stupid. They don't want people to be questioning the beltway 'reporters' like Tim Russert who last week admitted that he automatically considers high government officials to be on background and clearly treats their statements as unassailable gospel truth rather than as self interested claims which are at best likely to be half truths and are quite likely outright lies.
Because of overpaid fools like Russert there was no resistance when the Bush Administration blundered into Iraq with a plan that many experts including the army chief of staff considered to be half baked.
The point of the blogosphere is not to exclude views, it is to include them. You can find every view on the blogosphere including the paid product placements and specious punditry you find in the mainstream media. But you also find the views the mainstream media don't publish.
The blogosphere is largely a US phenomenon because the US media is by far the worst in the Western world.
Everyday the mainstream media interviews far right idiots like Ann Coulter, Michelle Malkin, hatemongers like Bill Donahue, Pat Robertson etc. etc. etc. I have never once seen Chomsky interviewed in the past five years. And the only question the media asks itself is 'are we being too liberal'. There is a huge market for left and centrist pundits such as Paul Krugman but they don't get booked.
And the idea of having politicians on the talk shows rather than unaccountable pundits simply does not seem to have occurred. Every weekend five or six politicians drawn from the same pool of 15 'A-list' talking heads appear.
Its not simply a right wing bias though, its an establishment bias. In the early Gingrich years I had several exchanges with his staff. At the time they were the disruptors and the establishment was shutting them out. In another ten years the centrist Democrats will be the establishment and everyone else will be shut out, or rather that is what would happen if there was a mainstream media in ten years time which there probably will not be.
And you should read the same statements made by Gates.
The computer companies would all much prefer it if the content providers did not insist on DRM, it is not there to protect their interests.
OK, you tell me which one you think is Jobs and which you think is Gates here.
Jobs has been giving the RIAA exactly what they want since the launch of iPod. He clearly has no intention of changing. The only 'change' in his position here is that he has repeated earlier statements that the demands made by the RIAA are counterproductive
The real issue for the RIAA is not really preventing copyright theft, it is protecting the system which allows the labels to extract the majority of the profits from the system, locking bands into unequal contracts and usually cheating them of the royalties that they are due.
The MPAA is much less concerned because the studio system is long gone, direct distribution is not a threat.
Jobs and Gates are essentially doing the same thing here. They both understand that DRM is pretty bogus, they are both supporting it since that is the only way to bring the content providers onboard at the moment.
Having attended one of Leonardo's SDMI meetings I would not trust him as far as I could spit. He was the architect of the SDMI fiasco. I have no confidence in either his technical or his political skills.
Incidentally the title father of MPEG is somewhat overblown.
There are many Windows users who would prefer to buy Mac hardware to the PC equivalents. Dell and Gateway are poor on design, Sony is almost as slick as Apple on design but the build quality is poor, Lenovo is solid but unexciting.
I have used Macs in the past, I don't consider them to offer superior usability for my uses. The usability factors are optimized for people other than me.
What I don't think would happen is that a Windows user would buy premium Apple hardware and then load a cheapie version of Vista.
The other benefit of running Windows on a Mac is that it does so annoy followers of the cult of Jobs. Its like during the cold war when many anti-communist types would claim to be libertarians, pointing out that George Orwell was a socialist could sometimes cause them to go into severe shock.
Some folk think that the best editor ever was the original vi.
The subsidies they obtained are not even that great. $89 million over 30 years is only $3 million a year. That is for a $600 million capital investment.
Expecting to do this quietly is somewhat strange, unless they were really concerned that there would be some sort of tree-hugger anti-Google faction.
What I would be rather more worried about if I was Google is the flood plain issue. Building a data center full of expensive delicate equipment in a flood plain is a somewhat odd idea.
I would not take this approach because it is more likely to be counterproductive. Bothering about the competition is silly, a data center is a cost center. It is only to Google's advantage if Yahoo was to build in the same area.
Reading through the comments it appears that his statements may well be the result of something other than his ideology. Such things happen. Quite why Slashdot has to treat each one as if it were an existential threat is beyond me.
Goverments exist dude, get over it.
Over the past century the balance of opinion is that government sponsored research such as the World Wide Web you are currently using pays greater dividends than directed commercial research.
In 1992/3 the salary of every single person working on the Web at CERN was paid for with government funds including me. The US govt picked up the tab for the folk at NCSA as well. In fact that was the case for at least 70% of the people on the project until Netscape was founded.
When the US government is spending half a billion dollars a day to secure its oil supply in the gulf spending a tenth that amount on basic research to reduce dependence on foreign oil is a no brainer.
This is really not accurate at all.
First there is no obligation for any browser to deploy EV. The browser providers were involved in the process from the start. The CA-Browser forum involves the CAs and the Browser providers. (Ob disclaimer, yes I am a participant, no I do not speak for them).
The paper does not address any part of the EV process. What it considers is the response of test subjects to the Microsoft version of the EV user experience. That work is soley due to Microsoft.
The paper addresses one particular use case which is the easiest to test but makes the greatest demand on the user experience. This makes good sense if your objective is to work out how to make the user experience as effective as possible. It is not an objective test of the utility of EV.
If you prime users to look for the EV indicators the results are rather different. In fact it is so artificial it does not make much sense to test it. But that test is representative of the case where a user is already suspicious of a site and wants to know if they should proceed. In particular the user responding to a an email saying 'your account has been compromised, click here to verify your account'.
Security is risk management not risk elimination. The EV user experience is not designed to meet the type of demands that Bruce Schneier would consider provided perfect security. The point is to improve what we can.
If you are loosing an eight figure sum to phishing the idea of enabling SSL on every one of your Web servers without exception makes a great deal of sense, it is not going to eliminate phishing but it is almost certain to pay for itself.
Those costs are largely due to the small scale production of the equipment. There is no reason why an on-demand water heater should cost three times as much to buy and install as a conventional one if both sold in equal volumes. But I have only a few options to fit the on-demand heater while any plumber can do the conventional one.
The first Nikon digital camera cost $5000, a vastly better model now sells for $400. The difference is that one sold in the thousands, the other in the hundreds of thousands.
From a government policy point of view subsidising wind power in the early stages to allow it to achieve critical mass more quickly makes perfect sense. The oil industry has had tens of billions in handouts over the past six years.
Another no-brainer is for the government to cough up the $50 million or so it would take to build a serious prototype geothermal plant. The main disadvantage of geothermal is that there is some evidence that they may make earthquakes more frequent. This is not necessarily a disadvantage, more frequent quakes means smaller quakes. If we could understand the physics better we may be able to turn the next 'big one' into a series of smaller ones.
Let us imagine that we have an email message that takes us to a phishing site. But instead of taking us to a Web page we get a web page within the Web page. Is the user likely to notice? I suspect so.
The experiments don't test that scenario, instead they test the scenario where the user has a browser open with a PIP browser already there. This is a rather easier lay up.
I have spent quite a bit of time working on security usability testing including EV. It is really hard to design a realistic experiment. If you put users in a lab environment they react very differently. In particular in a lab environment they are much more tolerant of errors than in a home environment, they expect things to be not quite right. This means that many security cues are suppressed entirely.
The user experiences we are testing are all designed to be minimaly intrusive. That is they are designed for regular use every day. The idea is not that someone visits their bank, sees the green bar and thinks they are safe. The idea is that they visit their bank fifty to a hundred times seeing the green bar every single time and then notice it is not there in an attack scenario.
Ultimately the objective of EV is not to stop phishing, it is to provide accountability. If you go to the EV site you should know that the site has been authenticated and you can either hold the site accountable or the issuer of the cert. This may reduce phishing, but it is not by itself going to eliminate it.
Ultimately the test that matters here is how people react in a large scale deployment. The cost of phishing is huge. It is a very visible attack that eats up a huge amount of customer service and staff resources besides the cost of the actual fraud losses (secondary losses are much higher). If EV reduces those costs by even a few percent it more than pays for itsef.
The idea of EV was not to protect banks though, it was to protect customers. The user experience is not fixed for all time. If the IE7 EV experience does not work then we can change it to make it better. At this point however we need the type of data that you can only get from large scale deployment to know.
If you know to look for the green bar you will be a lot safer than you are now. The problem is how to design something that is pervasive without being invasive.
They already know. Iceland has been aggressively using geothermal energy for years. Unfortunately their techniques are not directly applicable except perhaps in Hawaii since they are essentially living on a volcano.
10% of energy requirements is a huge amount for a country the size of the US with the energy consumption of the US. It means that China could easily achieve a similar figure.
If you add that to wind you get a significant reduction in oil and gas import requirements.
These technologies are interesting because they have almost no running costs, the consumables are minimal. There is a huge potential for applying mass manufacturing techniques to reduce capital costs. Conventional power stations are expensive to build because they have to be built large for the sake of efficiency. They have to eke every last watt out of the fuel they consume. If you have essentially no fuel costs a 50% reduction in capital costs is much to be prefered over a 10% improvement in efficiency.
Seems an odd decision for the US to surrender leadership in this area without a fight.
The moonbase and the mars mission are both doomed. The Appolo program was funded for one reason alone, to do something that the Soviets could not. In the wake of the Cuban missile crisis JFK decided to spend the Soviets into the ground. The Appolo program was a good investment on that basis.
There is no long term political goal that has a constitutency large enough to sustain either mission past the end of the Bush administration. Nor is it very likely that the country is going to be building monuments to Bush II.
Manned space missions are adventurism, not science. A landing on Mars is not going to defeat Bin Laden or intimidate the Chinese. The 'international space station' is emblematic more of the futility of the whole project than anything else.
In comparison Hubble has been a goldmine. The only flaw in the Hubble design (the mirror was botched by a contractor) was that it was designed for manned servicing. A design that allowed for servicing by a robot would have been considerably more flexible.
Its not relevant, HMG never recognized Sealand. The US courts have explicitly rejected the claim that 'sealand' is a nation. This decision is not binding on the UK courts but it is a common law jurisdiction and it is almost certain that the UK would apply the same logic.
More importantly it demonstrates that the US would hold the UK responsible for any actions by 'sealand'. Given the avowed intent to operate as a rogue state it is not at all likely that any other country would be wanting to protect 'sealand' independence.
Should have linked this the first time. For more details on this scheme, see my personal blog.
I made a proposal in the W3C AC forum a week ago that would kill linkspam. So far I have not managed to follow up with Google.
The key observation here is that linkspam is not aimed at the reader of the blog, its aimed at the search engines, in particular Google. So all we need to do is to define some RDFa type markup that allows a blog to mark regions of the page as comming from a third party source.
There is also a proposal to extend the norobots scheme to allow marking of regions but I don't like that as it breaches a core principle of HTML: declarative coding. Norobots is an imperative command, 'this is external content' is declarative.
I should have a note ready sometime next week.
Length of time that a company has been in business is a pretty good indication of legitimacy. The question is how to codify the rules in a form that works internationally.
There are certainly sole traders who hold organizational validation certificates today but the vast majority are for corporations, government agencies etc. I would suspect that most of the sole trader certs are for code signing rather than SSL. At this point there is no enhanced user experience for EV code signing and resolution of the sole trader issue is generally considered to be a necessary first step.
It is important to remember here that the object of the exercise is to be able to tell the consumer when the purchase they make if backed by accountability.
The CAs would very much like to sell EV certs to anyone who is willing to buy one. One of the intentional features of the go green user interface is that it shows the issuer name. If the issuer messes up the relying party can hold the issuer accountable.
The woman quoted on the WSJ site does not have a certificate today, she uses a Paypal shopping basket. So quite why she thinks that she would want an EV cert is not clear.
Mom and Pop shops that are incorporated can get a cert like anyone else. The issue is not size, it is what is being authenticated. The EV stage 1 rules specify minimum standards for authenticating incorporation credentials. This is not possible if the applicant is not a corporation.
The CABForum is currently working on rules to allow certificates to be issued to sole traders etc. These should be ready in a few months.
An English court made a rulling that the land on which the tower stands was not British territory at the time of the case. The court did not recognize any counter claim to sovereignty either expressly or implicitly. HMG does not recognize Sealand as a foreign government, under the UK constitution that power can only be exercised by the Privy Council.
The courts of England and Wales do not exercise jurisdiction over Edinburgh either but that does not mean that they are not UK territory.
The UK has since extended its territorial claims as permitted by an international treaty. Under the treaty the signatories recognize UK sovereignty over the sea floor on which the tower stands and thus the tower itself.
One final point, under UK law sovereignty claims do not lapse. The Bates family could claim the salvage rights to the tower as an abandonded vessel but that does not grant sovereignty rights. Since it is undisputed that the tower was occupied by British servicemen first the sovereignty claim was established then and continues. A similar claim is made to Rockall, an atoll in the Irish sea that has only been occupied once and for the period of only six months.
South Georgia is also unoccupied but it did not stop the UK fighting a war over sovereignty after the Argentine invasion.
Thats utterly untrue. Under International law man made structures do not count for the purposes of sovereignty claims.
The only reason that the UK has not dealt with the situation is that there is at this point no reason to believe that illegality is taking place there.
Empirically the illegality of an invasion would not be much of a factor in preventing an invasion. It has not stopped us in the past. You don't create the world's largest empire in history by sticking to the letter of the law.
Sealand is no more sovereign territory than the 'Justus township' that the Montana tax dodgers set up. The British threshold of tolerance for loonies armed to the teeth is not very high. If they were to make their earlier mistake of pointing a loaded machine gun at a Royal Navy vessel today they might find that post 9-11 rules of engagement permit the threatened vessel to respond immediately with lethal force.
Such confidence would be misplaced.
Either the platform is British Soveriegn territory or it isn't.
The most likely case is that the British courts consider the platform to be under UK jurisdiction following the expansion of the teritorial limits. International law does not recognize teritorial claims based on man made structures. Contrary to claims made British court has ever recognized sovereignty claims by any other party over the platform.
Ergo if the UK courts choose to issue a subpoena the subpoena can be served and enforced. Moreover since the Bates family are the directors of HavenCo and they live in the UK they can be arrested and imprisoned on contempt charges if they refuse to comply regardless of the sovereign status of the platform.
If the British courts did choose to recognize the sovereignty of the platform they or anyone else can declare war on it and blow the thing to smitherines if they make a nuisance of themselves.
The main reason that this has not happened to date seems to be that HavenCo does not have any customers worth the trouble.
Pity that Sony did not think to make the drive removable by the user. The SATA standard allows this for RAID arrays but its even more logical for laptops and cameras and as a general 'high capacity' storage medium.
I guess that this is the sort of feature we will have to wait a while on, till the competition has heated up.