I work for an ISP and honestly, we love SpamCop. Our abuse mail gets a lot of complaints. We can take action on maybe 2% of them, because people simply don't give us enough information. "Stop sending me spam" does nothing for us, nor do the 75% of people who forward the spam and do not inlcude the headers. (Honestly, how can so many people still not know to include full headers when reporting spam?)
The SpamCop reports have ALL the information we need (timestamps with time zone are crucial) to track down a spammer and get them off our network. The other nice thing is that once all the SpamCop complaints are handled, we usually find that the few regular spam reports we can track were about the same people we just got done banning due to the SpamCop reports.
So, at least for us, SpamCop is very effective. Granted that's just one ISP, but there ya go.
Not sure if you will ever see this, but figured I'd post it anyway...
I seem to have been mistaken. Doing some Googling I found that what seems to have happened is that some senator or representative said the Copy Protection should invalidate claims against the Audio Home Recording Act. Whether it does violate the law, in spirit or letter, does not ever seem to have been decided. Still might make a good case though. Maybe even a case the the DMCA violates the AHRA would be fun. I can't afford those kinds of attornies though. Anyone out there want to take a pro bono case?:)
Here's a link that seems to sum up a majority of what I found...
One of the more interesting quotes in the article:
"Boucher is among the most prominent voices asking whether plans to gird CDs against unauthorized copying violates a compromise struck in a law called the Audio Home Recording Act. He quoted from a Senate Judiciary Committee report accompanying that law, which said that a "key purpose of (the legislation) is to insure the right of consumers to make analog and digital recordings of copyrighted music for private, noncommercial use."
That meant that consumers' creation of a copy to use in the car, or to give to a family member, was legal, that report said.
However, some attorneys have noted that the law only gives people a protection from being prosecuted under copyright law. It doesn't require the record companies to ensure people can easily make those copies."
Mp3 music is crap at all but the highest quality. Most of the encodes you find on Kazaa are poor. Downloads are iffy as well. Add this up and what do we find? Millions of people downloading bunches of crap music.
Based on the quality of the majority of music today, even if every download you got from Kazaa was a perfect quality ripped from CD at 190 bps mp3, that sentence "Millions of people downloading bunches of crap music." would still be true.
I don't buy many CD's anymore, not because the music is free, but because the music sucks.
And another thing, didn't the RIAA get a cut off every blank CD for copyright infringement? And wasn't part of that deal that they would not release Copy-Protected CDs? I may not be remembering correctly, but if I am, there might be a good class action suit there...
This suddenly has me thinking. Maybe not entirely on-topic, but close...
A minor can not be legally held to a contract. I started college at 17, and my parents had to go with me and sign everything right under my name. Needless, to say, it was a little embarrasing. But that aside, they had to do that because, at 17, I could not legally enter into any contracts.
What is the difference between a software license, a contract, and the license regarding music CDs? Should not these all be considered invalid for anyone under 18? (yeah, yeah, US-centric, but that's where the lawsuits are...) I know most licenses contain the clause that if the license is invalid or unenforceable, you can not use the softwate/whatever. But if it is invalid/unenforceable, how can they legally stop you from using it, copying it, whatever?
IANAL, so I could be way the hell off-base. And I am sure someone has probably tried that before, right? And I assume lost? Or we would have heard all about it?
Ahhh... But you miss one point that the courts hide and the judges will never tell you about. It's called Jury Nullification. It is part of the whole point of the process to give the people power over the courts, lawmakers, and the government in general. Since the Government does not like losing power, they will not share anything about Jury Nullification with you.
So, what is Jury Nullificatin? It the the process by which, to use your example:
if(lawYouDontAgreeWith==broken) janeDoe!=guilty
If you do not agree with the law, then return an innocent verdict, or side with the defendant in civil court. The whole point is that if you can convince a Jury the law is wrong, you will not be convicted of it. Jury Nullification is the second most powerful tool a citizen has, next to the right to vote. Of course, it requires a Jury trial, and educated Jury members, so yeah, she's pretty much screwed.
IANAL, but the way I see it is that if they allow people to sell in game items as "real" property, then those in-game items take on "real" tangible value. And with our society the way it is, in America, anyway, that means lawsuits. So, if your $3000 lightsaber is lost due to a server crash, you could sue them.
And what of theft? If you have $5,000 real-life worth of in-game items, and I kill your character, and steal them, could that consitute theft in real-life? Would they be liable for allowing that to happen in-game?
These are all questions they do not want to have to deal with. By taking the stand that they do not allow real-world selling of in-game assets, and by enforcing that stance by account deletion, etc, they are creating a legal barrier to prevent any of that from happening. If they turn a blind eye and allow the sales to continue, they are giving de facto approval, and thus allowing real-life value to be assigned to in-game items. I can't imagine any other action than them shutting down these sales.
The annoying part in all this is that we, as a society, have only ourselves to blame for ruining our own fun.
First off, let me say that I whole-heartedly agree with you.
Here is my question though. At what point does an institution move from being a victim of an attack to being responsible for it?
Don't get me wrong here, from reading the article, I would definitely agree the school was somewhat negligent. I mean, if I leave my keys in my ignition, and the car is stolen, my insurance policy has a clause stating that I am at fault for not securing my vehicle, and they don't have to pay. That makes sense to me. And the school having sensitive data in the open is like me leaving my keys in the car. They are responsible for not securing their system.
However, a determined thief with the right skills can eventually steal my car, and a determined hacker with the right skills can eventually break the system. At what point would you say an institution has done all it could reasonably do to prevent the attack, and should be held blameless?
If we are going to hold institutions liable, we need some standards regarding the sensitivity of data, and what levels of security are required for those varying levels of sensitive data. I've honestly got no idea what those should be, only that if we are going to hold people accountable, as you suggest (and I agree with you, remember), we need some codified rules to apply, not just some arbitrarily vague notion of the word "secure."
Now, IANAL, but if SCO makes the argument that the code (which they owned) was included without their permission by one of their employees (who did not have the right to include it) then they might have a very valid court case. Sure, you can argue that by including the code, even without their knowledge or permission, they are still responsible for its release, and bound by the GPL. But I doubt that outcome is likely. It opens too big a can of worms.
Here's why: If I get a job at Microsoft, and slip a bit of GPL code into the next Windows and Office release, without Microsoft's knowledge, it is just too bad for them and the whole thing is free (as in beer) now?
Right or wrong, that is the way I think the courts would see it. Of course, that depends on the attorneys, and what arguments SCO makes. Honestly, I hope it goes to trial as it should be a very interesting case to follow. Unfortunately, if I were forced to bet, I would bet against us.
The only thing that might save us is that since SCO was purposely releasing GPL software, they may have more of a liability for losing that code than would Microsoft in the above example, who was releasing only propriety code, with GPL code thrown in by a saboteur. But then, that makes sense, and the courts sometimes don't.
On Sunday, June 2, Perry began to assess problems on the PC used by Samuels, who thought his system might be infected with a virus. For two hours, Perry tried to fix it, uninstalling and reinstalling antivirus software, but the system continued to malfunction. The next day, Perry gave the PC to Gross to back up, fearing it might crash and lose valuable data.
She spent 2 hours installing and uninstalling and reinstalling anti-virus software? I mean, c'mon here people. I might expect my dad to do something like that if he thought he had a virus. But my dad is not a computer tech. She is supposed to know what the hell she is doing. And then she gives the machine to someone else who decided to look for "large" files?
But Perry and Gross say it wasn't unusual for them to check the content of folders when troubleshooting; a large file, for example, can be an indication that a virus is at work.
WTF? Yeah, that's right. My virus scan program didn't find anything. So, my next step? Go looking for "large" files.
What happened here was that these two idiots managed to get by at their jobs without knowing jack shit, until this case came up. Then, when they had to give an accounting of the steps they were taking to resolve the problem and how they found the illegal material, their ignorance was exposed to management. So, management found reasons to let them go.
I will give them props for having the balls to report what they found, that is commendable. But based on the troubleshooting as reported, I wouldn't let them anywhere near a computer I had to support.
I can't believe any retailer would do this, but after watching the guys from GW at a convention, I can see how it would be them.
Now, granted, my buddy and I wrote and sell our own miniatures game, (which is also free, as in beer, on our website) so you can take this comment with whatever amount of suspicion you like...
We attended a con where someone from GW was there. The people who ran the con had paid to fly him in from England and put him in a hotel and everything. He was one of their special guests... There was a tourney contest where the winner got the chance to go up against the rep from GW. The entire con the GW rep talked about how no GW rep had ever lost to a player. Finally, this kid (maybe 13 or 14 years old) wins the tourney. The GW rep says he gets to not only pick the terrain they are going to fight in, but also gets to pick BOTH armies. This kid was so excited he didn't care, but the rest of were a little suspicious. Turned out we were justified as the GW rep picked this thick dense jungle terrain, gave himself an army full of close combat and melee troops, and then gave the kid a bunch of sniper and long range weapon types. Until now, it was the single most vile thing I had ever seen a game company do. (Funny sidenote, the kid almost won too, that's how bad this guy sucked.) The guys who ran the con were furious and said they'd never invite anyone from GW back, and never have.
So, I can totally expect this from these guys. Can't complain too much though, since it can only help my meager sales...:)
I freely admit that I use my internet service connection in ways unauthorized by my provider. Sure. And they can cut my service at any time of their choosing if they find out. I accept that. I'm violating the agreement, therefore they have the right to terminate it. Simple, to the point, and effective.
Okay, IANAL, but here is my take on this anyway...
What you are saying is that you have entered into a service agreement and now have no intention of actually adhering to the agreement? But, instead of canceling the contract, which you no longer agree to (if indeed, you ever actually did agree to), you will continue to break the agreement until you are caught. That would constitute fraud, which is indeed a crime, and can be prosecuted under the criminal as well as civil courts. Theft of service is still theft. Theft is criminally prosecutable. If you don't like it, don't steal. Simple, to the point, and effective, so to speak...
I'm not saying I like the law any better than you do. The fact of the matter is, Super-DMCA or not, they could technically make a decent criminal theft of service case against you right now, based on the contract you enetered into when you got the service.
I detest the RIAA, DMCA, Patriot Act and the like. I also fully support and admire those who would perform civil disobediance in breaking those laws. (Which requires public disclosure of your actions, by the way...)
However, I think the answer lies somewhere in the middle between what the RIAA and their DMCA wants, and what the "I am owed everything" generation and their "I bought this cd fair and sqaure, so if I want to make copies for all my friends I should have the right to" wants.
Copying copyrighted music is theft. Stealing service is theft. If you don't like it, change the system. If you are going to steal, fine. It doesn't matter to me one way or the other, and I won't tell you not to. Just quit whining about the fact that you might actually get in trouble if you get caught. I am so sick of that!
Not a popular opinion around here, to be sure, but not being a coward, I refuse to post Anonymously. Now if you'll excuse me, I have to tell my Karma good-bye...
Here's why. I had a KDS monitor third hand. My dad bought it used from someone else, and later decided that 19" was too big, and gave it to me. (w00t!)
Anyway, it started acting funny in a scarey way. Screen occasionaly made a popping noise and flashed. I gave KDS a call. They had me read the serial number and determined it was still under warranty. In fact, it was only 2 months shy of going out of warranty. I explained that it was third hand. They said send it back and they'd replace it, or they could put a credit hold on my card, and I could send it back when I got the new one. Considering how untransferable some warranties are, I again explained that this was a third hand monitor. They said it didn't matter. I told them to ship it and put the credit hold on my card. Got the new monitor in a few days, and shipped the old one back. Cost me a total of $30 to replace a free 3rd hand 19" monitor. Screen looks good, and I've had no problems with it. Still looking at it right now, 2 years later, and looks as good as the day they sent it.
Yeah, I know this question is more about quality of the screen, but I've got to hand it to a company that actually stands by its products. My next monitor will probably be KDS too.
I might not notice a couple points of dot pitch, but I sure as hell notice damn good customer service. Personally, that's worth more to me anyway.
How does shutting down your SMTP server block port 80 or access to open relays running on other ports? I think you've exagerated a bit here.
It doesn't. I am referring to Formmail, an HTML to email CGI that is installed everywhere. A lot of the spammers we kill have scripts that run against other peoples' web servers looking for unsecured formmail scripts. Since that runs on port 80, there is not much we can do to block that kind of traffic from our users who would abuse it.
Blocking outbound port 25 stops a lot of spam. But when someone runs a server without locking down formmail, there is not much we can do to prevent our users from spamming against it. As I said, we can't exactly block port 80. We can only clean up and ban access later. Hell, if our abuse department gets logs of someone who was even *trying* to run scripts against formmail, the user is banned.
Is there really some law preventing you from doing so?
As a nationwide wholesale ISP, we fall under different FCC rules than your local ISP. The FCC does not regulate intrastate communications, so most local ISPs are not covered by the FCC. Notice the FCC website clearly says interstate communications. Since we are interstate, we fall under their scope, and thus, their regulations. IANAL, so I can't tell you the exact law. I will assume when our lawyers tell us that, they are telling the truth. That's what they get paid for, and if I wanted to argue with them, I'd have been a lawyer, not a professional geek.
And while this is getting off-topic, we can't tell if it is the same phone, due to the blocking of caller-ID. And we are a wholesaler, not a retail ISP, so we never deal with the end users directly. It is our customers who do so. And yes the authorites and banks *do care*. I'll give you the benefit of the doubt and assume you completely missed the comment about how we are routinely answering subpeonas for logs from federal and state authorities? And how they usually end at dead ends?
As for going after the guy with guns, the FBI does that for us, and we are not a "small business." Quite a few of our customers are not "small businesses" either.
Now maybe you have a small glimpse of how identity theft hurts businesses as much as it does consumers. And leads to more SPAM. See how it all ties together?
Hey, more power to the idea of a new system requiring authentication for sending mail. I am all for that. But how do you stop throw away accounts? People have a hard enough time with waiting periods for guns. Do you propose a waiting period for out-going mail?
"Yes, sir, here is your brand new shiny internet account. However, you can't send mail or post to usenet until the 30 day waiting period is up and you've passed our background checks."
Yeah, that'll fly. Hmmm? Maybe a new slashdot poll? How long would slashdotters be willing to wait before being allowed to send mail on a new net account as a measure to fight spam? In all seriousness, I'd actually like to know the answer to that one... I'd guess it's pretty low, but I might be wrong. I've been wrong before. On occasion.:)
Okay, I have a few problems with this, especially the comment, "Make ISPs responsible for ANY fraudulent email they transmit or relay. Legally reposnsible as in fines and jail terms.".
I work for an ISP. I spend about 30 minutes to an hour of my 8 hour day, 5 days a week, tracking down and banning people who spam through our network. Our SMTP server is locked down to our own IPs, and limited to the amount of email it will send for one user, and we have outbound port 25 filters in place across the network. But, people still spam. They run form mail scripts against unsecure servers (we can't exactly block port 80, now can we?). They find open relays running on other ports. And they spam, and I ban their asses.
Considering the amount of money and time (I'm not the only one at my company who devotes part of my workday to killing spammers) we spend fighting spam, you now suggest we become criminally liable for it? I can tell you right now, if that law passed, we would shut down our SMTP server and that would be that. No outbound mail for anyone. Don't have to worry about spam when their is no email, period.
You want a workable solution? Allow us to block access to anyone blocking caller ID. Most professional spammers block caller ID because they know we can and do block them by their phone number, if we can get it. But blocking access to anyone who blocks caller ID violates privacy rights according to the FCC and we can't do that. (Mom and Pop ISPs might be able to, but we are a wholesale ISP.)
Why would blocking by phone number work? Because professional spammers use stolen IDs (credit cards, names, etc) to buy a throw away account that they use until we knock them offline. (We get the subpeona's for logs all the time to track down these people. Most never get caught.) They can get 10 stolen credit card accounts in an hour. Phone numbers aren't as easy to change.
Take it from someone fighting spam in the trenches, the concept of billing an ISP for any "bad" mail that passed over their server would simply shut down email. Period.
I won't even get into the debate that if an ISP *were* responsible and accountable for every email you sent, you better damn well believe that they would read and approve of every email you sent before forwarding it. Yay Free Speech! (Free as in hand-cuffs.)
could you not still hold the company whose products are being advertised responsible for the spam?
Here's the problem with this. I hate, let's say... Google. I telnet to a Chinese open relay. HELO google.com. W00t! I now send a billion and a half spams to the world. You get one in your in-box, along with everyone else. You and a million other people sue Google. Google loses, I win, and the world is a far worse place.
(And no, I don't hate Google, but it makes a nice example...)
I don't know whether a lot of people realize that we have a lot more rights than the Constitution grants us
Actually, this is a misunderstanding. The Constitution does not grant us any rights. What it does is limit what the government can do with respect to our rights. It says "Congress shall make no law..." This is putting limitations on Congress, not us. The 10th Amendment goes so far as to say, "The powers not delegated to the United States by the Constitution, nor prohibited by it to the States, are reserved to the States respectively, or to the people." Congress can not "give" us rights, only take away rights. (Unless they give back something they previously took away, in which case, it's only returning a stolen right, not granting a new one.)
So what Congress giveth, it can legally take away.
Which is exactly why the Founding Fathers made sure that the people understood that Congress did not give the rights.
I do not disagree that there must be some give and take between security and privacy. Especially in the current state of affairs. We just need to make sure the Homeland Security Department does not evolve into the Ministry of Love. And I have no doubt that the people are acting with the best intentions and doing what they feel is best for America. The problem is, those people are also the ones who happen to be able to hurt it the most.
Governments gradually sink into tyranny and despotism. They do not gradually rise to a Democracy/Republic. Freedom only comes about by bloodshed and death. That is what has me concerned. We live in what is perhaps the greatest country that has ever existed. I just want to keep it that way.
I freely admit that I have the utmost suspicion about any elected or appointed official who makes even the smallest move to injure my freedom, whatever the reason. And I do admit that for the most part, you are right. The problem is that as you progress down that slippery slope, you continue to accelerate, your momentum increases, and it is easier to go farther with each passing moment. Not to mention harder to stop.
Yeah, physics in a political debate, so sue me.:)
I already think the Patriot Act went way too far, and now they're shuffling Patriot II around that goes even farther. Assuming that just because something is in the Constitution, we can't easily lose it, is folly. That was pretty much my point. Your comment Never take anything for granted in constitutional law. is evidence that we are in at least some form of agreement.
Reminds me of a couple appropriate quotes:
The price of liberty is eternal vigilance.
The Constitution may not be perfect, but it's a lot better than what we've got!
It called "ex post facto" and it is a major part of the US Constitution. No law can be passed to make that provision irrelevant either, it would take a Constitutional amendment to.
Right, just like it would take an amendment to pass laws restricting gun ownership. Or restricting free speech. Or any one of the myraid rights lost to the Patriot Act. Or the ones lined up for Patriot II.
Slashdot Mirror
I work for an ISP and honestly, we love SpamCop. Our abuse mail gets a lot of complaints. We can take action on maybe 2% of them, because people simply don't give us enough information. "Stop sending me spam" does nothing for us, nor do the 75% of people who forward the spam and do not inlcude the headers. (Honestly, how can so many people still not know to include full headers when reporting spam?)
The SpamCop reports have ALL the information we need (timestamps with time zone are crucial) to track down a spammer and get them off our network. The other nice thing is that once all the SpamCop complaints are handled, we usually find that the few regular spam reports we can track were about the same people we just got done banning due to the SpamCop reports.
So, at least for us, SpamCop is very effective. Granted that's just one ISP, but there ya go.
Not sure if you will ever see this, but figured I'd post it anyway...
:)
I seem to have been mistaken. Doing some Googling I found that what seems to have happened is that some senator or representative said the Copy Protection should invalidate claims against the Audio Home Recording Act. Whether it does violate the law, in spirit or letter, does not ever seem to have been decided. Still might make a good case though. Maybe even a case the the DMCA violates the AHRA would be fun. I can't afford those kinds of attornies though. Anyone out there want to take a pro bono case?
Here's a link that seems to sum up a majority of what I found...
One of the more interesting quotes in the article:
"Boucher is among the most prominent voices asking whether plans to gird CDs against unauthorized copying violates a compromise struck in a law called the Audio Home Recording Act. He quoted from a Senate Judiciary Committee report accompanying that law, which said that a "key purpose of (the legislation) is to insure the right of consumers to make analog and digital recordings of copyrighted music for private, noncommercial use."
That meant that consumers' creation of a copy to use in the car, or to give to a family member, was legal, that report said.
However, some attorneys have noted that the law only gives people a protection from being prosecuted under copyright law. It doesn't require the record companies to ensure people can easily make those copies."
Very interesting indeed.
Mp3 music is crap at all but the highest quality. Most of the encodes you find on Kazaa are poor. Downloads are iffy as well. Add this up and what do we find? Millions of people downloading bunches of crap music.
Based on the quality of the majority of music today, even if every download you got from Kazaa was a perfect quality ripped from CD at 190 bps mp3, that sentence "Millions of people downloading bunches of crap music." would still be true.
I don't buy many CD's anymore, not because the music is free, but because the music sucks.
And another thing, didn't the RIAA get a cut off every blank CD for copyright infringement? And wasn't part of that deal that they would not release Copy-Protected CDs? I may not be remembering correctly, but if I am, there might be a good class action suit there...
Make the states get involved, not the private attorneys.
Of course, that means that we, as taxpaying citizens, are still footing the bill for the lawsuit.
I say let me tweak BIND and go about my business, and let the ones who are up in arms to start a legal battle pay for their own lawsuit.
But, hey, that's just me...
This suddenly has me thinking. Maybe not entirely on-topic, but close...
A minor can not be legally held to a contract. I started college at 17, and my parents had to go with me and sign everything right under my name. Needless, to say, it was a little embarrasing. But that aside, they had to do that because, at 17, I could not legally enter into any contracts.
What is the difference between a software license, a contract, and the license regarding music CDs? Should not these all be considered invalid for anyone under 18? (yeah, yeah, US-centric, but that's where the lawsuits are...) I know most licenses contain the clause that if the license is invalid or unenforceable, you can not use the softwate/whatever. But if it is invalid/unenforceable, how can they legally stop you from using it, copying it, whatever?
IANAL, so I could be way the hell off-base. And I am sure someone has probably tried that before, right? And I assume lost? Or we would have heard all about it?
Anyone out there have any answers?
Ahhh... But you miss one point that the courts hide and the judges will never tell you about. It's called Jury Nullification. It is part of the whole point of the process to give the people power over the courts, lawmakers, and the government in general. Since the Government does not like losing power, they will not share anything about Jury Nullification with you.
So, what is Jury Nullificatin? It the the process by which, to use your example:
if(lawYouDontAgreeWith==broken) janeDoe!=guilty
If you do not agree with the law, then return an innocent verdict, or side with the defendant in civil court. The whole point is that if you can convince a Jury the law is wrong, you will not be convicted of it. Jury Nullification is the second most powerful tool a citizen has, next to the right to vote. Of course, it requires a Jury trial, and educated Jury members, so yeah, she's pretty much screwed.
Read more about Jury Nullification here.
Even if they torture you, you can't reveal it.
:)
Whoa! Fuck that! I am not a secret agent! I want a password I can reveal BEFORE torture!
Here is your list:
Damn, I could have cared less about Satellite TV, since I have decent cable access w/ broadband that actually works.
But that pisses me off enough that I might just go out and pirate Direct TV simply out of spite!
IANAL, but the way I see it is that if they allow people to sell in game items as "real" property, then those in-game items take on "real" tangible value. And with our society the way it is, in America, anyway, that means lawsuits. So, if your $3000 lightsaber is lost due to a server crash, you could sue them.
And what of theft? If you have $5,000 real-life worth of in-game items, and I kill your character, and steal them, could that consitute theft in real-life? Would they be liable for allowing that to happen in-game?
These are all questions they do not want to have to deal with. By taking the stand that they do not allow real-world selling of in-game assets, and by enforcing that stance by account deletion, etc, they are creating a legal barrier to prevent any of that from happening. If they turn a blind eye and allow the sales to continue, they are giving de facto approval, and thus allowing real-life value to be assigned to in-game items. I can't imagine any other action than them shutting down these sales.
The annoying part in all this is that we, as a society, have only ourselves to blame for ruining our own fun.
And since that solution has now been discussed in a public forum it can never be patented.
You'd sure like to think so, wouldn't ya? Oh well...
First off, let me say that I whole-heartedly agree with you.
Here is my question though. At what point does an institution move from being a victim of an attack to being responsible for it?
Don't get me wrong here, from reading the article, I would definitely agree the school was somewhat negligent. I mean, if I leave my keys in my ignition, and the car is stolen, my insurance policy has a clause stating that I am at fault for not securing my vehicle, and they don't have to pay. That makes sense to me. And the school having sensitive data in the open is like me leaving my keys in the car. They are responsible for not securing their system.
However, a determined thief with the right skills can eventually steal my car, and a determined hacker with the right skills can eventually break the system. At what point would you say an institution has done all it could reasonably do to prevent the attack, and should be held blameless?
If we are going to hold institutions liable, we need some standards regarding the sensitivity of data, and what levels of security are required for those varying levels of sensitive data. I've honestly got no idea what those should be, only that if we are going to hold people accountable, as you suggest (and I agree with you, remember), we need some codified rules to apply, not just some arbitrarily vague notion of the word "secure."
Any ideas? Am I way off-base here?
Don't post that link here! The next thing we know, Miss Vermont will be suing Google and Slashdot!
I'd mod that funny, if I weren't afraid it might come true.
Now, IANAL, but if SCO makes the argument that the code (which they owned) was included without their permission by one of their employees (who did not have the right to include it) then they might have a very valid court case. Sure, you can argue that by including the code, even without their knowledge or permission, they are still responsible for its release, and bound by the GPL. But I doubt that outcome is likely. It opens too big a can of worms.
Here's why: If I get a job at Microsoft, and slip a bit of GPL code into the next Windows and Office release, without Microsoft's knowledge, it is just too bad for them and the whole thing is free (as in beer) now?
Right or wrong, that is the way I think the courts would see it. Of course, that depends on the attorneys, and what arguments SCO makes. Honestly, I hope it goes to trial as it should be a very interesting case to follow. Unfortunately, if I were forced to bet, I would bet against us.
The only thing that might save us is that since SCO was purposely releasing GPL software, they may have more of a liability for losing that code than would Microsoft in the above example, who was releasing only propriety code, with GPL code thrown in by a saboteur. But then, that makes sense, and the courts sometimes don't.
Here is a quote from the article:
On Sunday, June 2, Perry began to assess problems on the PC used by Samuels, who thought his system might be infected with a virus. For two hours, Perry tried to fix it, uninstalling and reinstalling antivirus software, but the system continued to malfunction. The next day, Perry gave the PC to Gross to back up, fearing it might crash and lose valuable data.
She spent 2 hours installing and uninstalling and reinstalling anti-virus software? I mean, c'mon here people. I might expect my dad to do something like that if he thought he had a virus. But my dad is not a computer tech. She is supposed to know what the hell she is doing. And then she gives the machine to someone else who decided to look for "large" files?
But Perry and Gross say it wasn't unusual for them to check the content of folders when troubleshooting; a large file, for example, can be an indication that a virus is at work.
WTF? Yeah, that's right. My virus scan program didn't find anything. So, my next step? Go looking for "large" files.
What happened here was that these two idiots managed to get by at their jobs without knowing jack shit, until this case came up. Then, when they had to give an accounting of the steps they were taking to resolve the problem and how they found the illegal material, their ignorance was exposed to management. So, management found reasons to let them go.
I will give them props for having the balls to report what they found, that is commendable. But based on the troubleshooting as reported, I wouldn't let them anywhere near a computer I had to support.
... that led us to write Shellshock.
:)
I can't believe any retailer would do this, but after watching the guys from GW at a convention, I can see how it would be them.
Now, granted, my buddy and I wrote and sell our own miniatures game, (which is also free, as in beer, on our website) so you can take this comment with whatever amount of suspicion you like...
We attended a con where someone from GW was there. The people who ran the con had paid to fly him in from England and put him in a hotel and everything. He was one of their special guests... There was a tourney contest where the winner got the chance to go up against the rep from GW. The entire con the GW rep talked about how no GW rep had ever lost to a player. Finally, this kid (maybe 13 or 14 years old) wins the tourney. The GW rep says he gets to not only pick the terrain they are going to fight in, but also gets to pick BOTH armies. This kid was so excited he didn't care, but the rest of were a little suspicious. Turned out we were justified as the GW rep picked this thick dense jungle terrain, gave himself an army full of close combat and melee troops, and then gave the kid a bunch of sniper and long range weapon types. Until now, it was the single most vile thing I had ever seen a game company do. (Funny sidenote, the kid almost won too, that's how bad this guy sucked.) The guys who ran the con were furious and said they'd never invite anyone from GW back, and never have.
So, I can totally expect this from these guys. Can't complain too much though, since it can only help my meager sales...
I freely admit that I use my internet service connection in ways unauthorized by my provider. Sure. And they can cut my service at any time of their choosing if they find out. I accept that. I'm violating the agreement, therefore they have the right to terminate it. Simple, to the point, and effective.
Okay, IANAL, but here is my take on this anyway...
What you are saying is that you have entered into a service agreement and now have no intention of actually adhering to the agreement? But, instead of canceling the contract, which you no longer agree to (if indeed, you ever actually did agree to), you will continue to break the agreement until you are caught. That would constitute fraud, which is indeed a crime, and can be prosecuted under the criminal as well as civil courts. Theft of service is still theft. Theft is criminally prosecutable. If you don't like it, don't steal. Simple, to the point, and effective, so to speak...
I'm not saying I like the law any better than you do. The fact of the matter is, Super-DMCA or not, they could technically make a decent criminal theft of service case against you right now, based on the contract you enetered into when you got the service.
I detest the RIAA, DMCA, Patriot Act and the like. I also fully support and admire those who would perform civil disobediance in breaking those laws. (Which requires public disclosure of your actions, by the way...)
However, I think the answer lies somewhere in the middle between what the RIAA and their DMCA wants, and what the "I am owed everything" generation and their "I bought this cd fair and sqaure, so if I want to make copies for all my friends I should have the right to" wants.
Copying copyrighted music is theft. Stealing service is theft. If you don't like it, change the system. If you are going to steal, fine. It doesn't matter to me one way or the other, and I won't tell you not to. Just quit whining about the fact that you might actually get in trouble if you get caught. I am so sick of that!
Not a popular opinion around here, to be sure, but not being a coward, I refuse to post Anonymously. Now if you'll excuse me, I have to tell my Karma good-bye...
Here's why. I had a KDS monitor third hand. My dad bought it used from someone else, and later decided that 19" was too big, and gave it to me. (w00t!)
Anyway, it started acting funny in a scarey way. Screen occasionaly made a popping noise and flashed. I gave KDS a call. They had me read the serial number and determined it was still under warranty. In fact, it was only 2 months shy of going out of warranty. I explained that it was third hand. They said send it back and they'd replace it, or they could put a credit hold on my card, and I could send it back when I got the new one. Considering how untransferable some warranties are, I again explained that this was a third hand monitor. They said it didn't matter. I told them to ship it and put the credit hold on my card. Got the new monitor in a few days, and shipped the old one back. Cost me a total of $30 to replace a free 3rd hand 19" monitor. Screen looks good, and I've had no problems with it. Still looking at it right now, 2 years later, and looks as good as the day they sent it.
Yeah, I know this question is more about quality of the screen, but I've got to hand it to a company that actually stands by its products. My next monitor will probably be KDS too.
I might not notice a couple points of dot pitch, but I sure as hell notice damn good customer service. Personally, that's worth more to me anyway.
How does shutting down your SMTP server block port 80 or access to open relays running on other ports? I think you've exagerated a bit here.
It doesn't. I am referring to Formmail, an HTML to email CGI that is installed everywhere. A lot of the spammers we kill have scripts that run against other peoples' web servers looking for unsecured formmail scripts. Since that runs on port 80, there is not much we can do to block that kind of traffic from our users who would abuse it.
Blocking outbound port 25 stops a lot of spam. But when someone runs a server without locking down formmail, there is not much we can do to prevent our users from spamming against it. As I said, we can't exactly block port 80. We can only clean up and ban access later. Hell, if our abuse department gets logs of someone who was even *trying* to run scripts against formmail, the user is banned.
Security Focus lists formmail as the 3rd highest type of attack for the 1st quarter of 2002, behind Code Red and Nimda.
Is there really some law preventing you from doing so?
As a nationwide wholesale ISP, we fall under different FCC rules than your local ISP. The FCC does not regulate intrastate communications, so most local ISPs are not covered by the FCC. Notice the FCC website clearly says interstate communications. Since we are interstate, we fall under their scope, and thus, their regulations. IANAL, so I can't tell you the exact law. I will assume when our lawyers tell us that, they are telling the truth. That's what they get paid for, and if I wanted to argue with them, I'd have been a lawyer, not a professional geek.
And while this is getting off-topic, we can't tell if it is the same phone, due to the blocking of caller-ID. And we are a wholesaler, not a retail ISP, so we never deal with the end users directly. It is our customers who do so. And yes the authorites and banks *do care*. I'll give you the benefit of the doubt and assume you completely missed the comment about how we are routinely answering subpeonas for logs from federal and state authorities? And how they usually end at dead ends?
As for going after the guy with guns, the FBI does that for us, and we are not a "small business." Quite a few of our customers are not "small businesses" either.
Now maybe you have a small glimpse of how identity theft hurts businesses as much as it does consumers. And leads to more SPAM. See how it all ties together?
Hey, more power to the idea of a new system requiring authentication for sending mail. I am all for that. But how do you stop throw away accounts? People have a hard enough time with waiting periods for guns. Do you propose a waiting period for out-going mail?
:)
"Yes, sir, here is your brand new shiny internet account. However, you can't send mail or post to usenet until the 30 day waiting period is up and you've passed our background checks."
Yeah, that'll fly. Hmmm? Maybe a new slashdot poll? How long would slashdotters be willing to wait before being allowed to send mail on a new net account as a measure to fight spam? In all seriousness, I'd actually like to know the answer to that one... I'd guess it's pretty low, but I might be wrong. I've been wrong before. On occasion.
Okay, I have a few problems with this, especially the comment, "Make ISPs responsible for ANY fraudulent email they transmit or relay. Legally reposnsible as in fines and jail terms.".
:)
I work for an ISP. I spend about 30 minutes to an hour of my 8 hour day, 5 days a week, tracking down and banning people who spam through our network. Our SMTP server is locked down to our own IPs, and limited to the amount of email it will send for one user, and we have outbound port 25 filters in place across the network. But, people still spam. They run form mail scripts against unsecure servers (we can't exactly block port 80, now can we?). They find open relays running on other ports. And they spam, and I ban their asses.
Considering the amount of money and time (I'm not the only one at my company who devotes part of my workday to killing spammers) we spend fighting spam, you now suggest we become criminally liable for it? I can tell you right now, if that law passed, we would shut down our SMTP server and that would be that. No outbound mail for anyone. Don't have to worry about spam when their is no email, period.
You want a workable solution? Allow us to block access to anyone blocking caller ID. Most professional spammers block caller ID because they know we can and do block them by their phone number, if we can get it. But blocking access to anyone who blocks caller ID violates privacy rights according to the FCC and we can't do that. (Mom and Pop ISPs might be able to, but we are a wholesale ISP.)
Why would blocking by phone number work? Because professional spammers use stolen IDs (credit cards, names, etc) to buy a throw away account that they use until we knock them offline. (We get the subpeona's for logs all the time to track down these people. Most never get caught.) They can get 10 stolen credit card accounts in an hour. Phone numbers aren't as easy to change.
Take it from someone fighting spam in the trenches, the concept of billing an ISP for any "bad" mail that passed over their server would simply shut down email. Period.
I won't even get into the debate that if an ISP *were* responsible and accountable for every email you sent, you better damn well believe that they would read and approve of every email you sent before forwarding it. Yay Free Speech! (Free as in hand-cuffs.)
Whew. Enough ranting. Mod away...
could you not still hold the company whose products are being advertised responsible for the spam?
Here's the problem with this. I hate, let's say... Google. I telnet to a Chinese open relay. HELO google.com. W00t! I now send a billion and a half spams to the world. You get one in your in-box, along with everyone else. You and a million other people sue Google. Google loses, I win, and the world is a far worse place.
(And no, I don't hate Google, but it makes a nice example...)
I don't know whether a lot of people realize that we have a lot more rights than the Constitution grants us
Actually, this is a misunderstanding. The Constitution does not grant us any rights. What it does is limit what the government can do with respect to our rights. It says "Congress shall make no law..." This is putting limitations on Congress, not us. The 10th Amendment goes so far as to say, "The powers not delegated to the United States by the Constitution, nor prohibited by it to the States, are reserved to the States respectively, or to the people." Congress can not "give" us rights, only take away rights. (Unless they give back something they previously took away, in which case, it's only returning a stolen right, not granting a new one.)
So what Congress giveth, it can legally take away.
Which is exactly why the Founding Fathers made sure that the people understood that Congress did not give the rights.
I do not disagree that there must be some give and take between security and privacy. Especially in the current state of affairs. We just need to make sure the Homeland Security Department does not evolve into the Ministry of Love. And I have no doubt that the people are acting with the best intentions and doing what they feel is best for America. The problem is, those people are also the ones who happen to be able to hurt it the most.
Governments gradually sink into tyranny and despotism. They do not gradually rise to a Democracy/Republic. Freedom only comes about by bloodshed and death. That is what has me concerned. We live in what is perhaps the greatest country that has ever existed. I just want to keep it that way.
I freely admit that I have the utmost suspicion about any elected or appointed official who makes even the smallest move to injure my freedom, whatever the reason. And I do admit that for the most part, you are right. The problem is that as you progress down that slippery slope, you continue to accelerate, your momentum increases, and it is easier to go farther with each passing moment. Not to mention harder to stop.
:)
Yeah, physics in a political debate, so sue me.
I already think the Patriot Act went way too far, and now they're shuffling Patriot II around that goes even farther. Assuming that just because something is in the Constitution, we can't easily lose it, is folly. That was pretty much my point. Your comment Never take anything for granted in constitutional law. is evidence that we are in at least some form of agreement.
Reminds me of a couple appropriate quotes:
The price of liberty is eternal vigilance.
The Constitution may not be perfect, but it's a lot better than what we've got!
It called "ex post facto" and it is a major part of the US Constitution. No law can be passed to make that provision irrelevant either, it would take a Constitutional amendment to.
Right, just like it would take an amendment to pass laws restricting gun ownership. Or restricting free speech. Or any one of the myraid rights lost to the Patriot Act. Or the ones lined up for Patriot II.
Yeah, nothing to worry about here.