As Wolfgang Pauli said: "That isn't right. It's not even wrong."
No, contracts can't override the law (we're talking U.S. law, here): a company generally can't have you waive implied warranties (merchantability, fitness for use, etc.), or do all kinds of other things (unconscionability, against public policy...)
But it is certainly legal (until a court says otherwise) to say "we have the right to [do stuff to your service], and by reading and signing this, you agree.
You mention "material" changes to the service - well, (a) if you can still go to the google website and search, well: pffft! - your materiality argument is pretty weak, at least in the Real World of Very Expensive and Prolonged Litigation, and (b) I bet dollars to donuts that the right to change, say, the default search engine, or your choices in that matter, are thoroughly covered in the agreement you signed.
Verizon has entire FLOORS of lawyers to write these things - you think they didn't think it through before implementing this?
I'm not saying it's fair, or right-or-wrong -- I'm just saying: I sincerely hope that, if you're a law student, that when you interview, your potential future employers never see this post.
If you're not a law student, let me just say (as someone who's been an expert witness, working (on another case) for the lead attorney in the RIM (Blackberry) case: you know not whatof you speak.
I DID run a regional carrier-level* ISP several years ago.
(1) What you fail to mention is the "extra garbage traffic" caused by spam itself. And the extra garbage storage. (Remember that anywhere from 60-90% of all e-mail traffic is now spam.)
As an MSP -- I'd be more than happy to endure traffic through my network that ends up stopping some spam that ends up on my network.
(2) The other thing you fail to notice is this: if "my" users run the BlueSecurity tool, they're using ("wasting") upstream bandwidth. Now, hosted/co-lo users with boxes serving websites need that, but there's probably at least a 90/10% ratio of downstream usage for the vast majority of ISP "users". And I can segregate bandwidth for the co-lo/hosted folks vs. the end-users. So - I probably have PLENTY of upstream bandwidth to spare, especially if I traffic-shape intelligently, vs. what inbound spam costs me; and the 'end-user' customers don't care anyway, since 98%+ of their usage is downstream. (Hitting a URL upstream costs zip compared to the warez-suckers with their torrent-spigots wide-open... >;-)
Milomilo
* We ran AT&T-certified data centers with 30+ mile SONET optical loops, multi-homed directly to SprintLink, AT&T, and MCI/Worldnet's POPs, as well as multiple physical NAP cross-connects.
Didn't notice immediately what this acronym was -- but for the more geographically and/or geo-politically aware (read: not us Americans) among us -- the Dnieper river is the third largest in Europe(*), and largest in the Ukraine. It's known as the "holy river" due to its incredibly important role in the historic and economic development of (what's now) Eastern Europe.
(What with all the "I got first post!" crap responses -- I hope nobody minds the occasional reminder that our world is a leetle beet beeger than the route to the nearest Appleby's/Best Buy/Wal-Mart Megaplex....;-)
(*) Extra points for anyone who guessed the Volga and the Danube -- nice try if you thought Rhone or Seine -- remember that Europe goes a little farther EAST than the Eiffel Tower and Stonehenge, mes amis...;-)
Absolutely, unquestionably FALSE, to anyone versed in crypto - or not, as long as he/she is not a complete idiot.
A one-time-pad is quite well-known to be utterly uncrackable (as long as it's used only once -- hence the first two words of the three-word phrase!).
The idea is this: (1) there's a 'message' - which can be represented as a string of letters (and/or numbers). [It's assumed that the message WILL be intercepted as it's transmitted - so it needs to be 'scrambled' so that (a) the 'enemy' who intercepts it can't understand it, but (b) it can be 'unscrambled' and read by the intended receiver.] (2) Generate a string - the same length as the message - of utterly random letters/numbers -- the "one-time pad". (3) Using the random string from the OTP, encrypt the 'message'.
For instance, if the first letter of the message is "A", and the first character of the one-time pad is "G", you might 'add' the A to the G - by adding 1 (the position of A in the English alphabet) to 7 (G's value), to get 8, or "H", in the encrypted message. (When the result is greater than 26 - as when the original message, or 'plaintext' character is "X" and the corresponding one-time-pad character is "R", or 24 + 18 - you'd just express the result mod 26 (subtract 26 repeatedly until the result is less than 26), in this case: 42 - 26 = 16, or the letter "P".)
The trick with one-time pads is that the receiver must have a copy of the (by definition, essentially random) decoding key in advance -- the disadvantage, obviously, being the distribution of keys. (The Diffie-Hellman key-generation technique was developed at least partially in response to this issue -- two people who are separated, and communicating on what's assumed to be a compromised channel (i.e. -- they assume someone's 'listening in' on their conversation) can generate a common key for further secret communication EVEN IF someone is listening in on the entire exchange of information between them!
(This is pretty profound, when you think about it -- I tell you something, and you tell me something, and from that we generate a key -- and even if Alice intercepts everything we tell each other, she can't possibly figure out the key! The whole trick lies in what we each keep to ourselves - the 'starting numbers' we each use to generate what we DO share. These are NOT communicated BUT are essential to the resulting key we each end up with....)
Bottom line - the anonymous coward who said (a) "with an OTP alone I could generate all possible messages..."...yadda yadda, and (b)"there is no uncrackable encryption, therefore, information is free" is a moron. The first statement is equivalent to saying "I can crack any encrypted message of n characters by generating (roughly speaking) n! random messages -- one of them will be the correct (original) message! (That's like saying that all you need to decode any encrypted message is an infinite number of monkeys typing at random -- sure, eventually one of them will type the 'correct' message, but there's no way of telling WHICH, of the very, very few sensible typed messages that emerge, is the original one....)
As for the 2nd assertion - that "there is no uncrackable encryption, therefore information is free" -- this is both false AND stupid. A one-time-pad, correctly implemented, IS uncrackable. This is well-known and well-accepted in the security community.
And the anonymous coward's conclusion - that the supposedly inevitably 'crackable' nature of all communication implies that all information is ultimately 'free' - or what I assume he means: "knowable" - is incorrect. I guarantee that I can transmit a message with a O.T.P. that no one, no matter how much computing power he/she has at his/her disposal, will EVER decipher.
Pattern x ("true") Randomness = Randomness - period.
My bad - not Hemos'. Flame him if you want for not checking every link in every story - with the volume of submissions what they are I can't say's I blame any of the good folks at/.
(Why the bad link? A friend had just ICQd me that he was headed to Amsterdam for a P2P conf. and wanted the name of the place all the 'football' fans go to. Cut and pasted crosswise. I suppose he'll be wondering why he should go to a 'bot lawsuit in the City of Sin...;-)
And for those of you who got their panties in a bunch about the 'unacceptable' or declining quality of/. (ACs, anyone?) - so quit reading it already and run your own. MHO - pretty damn fine job of turning a homebrew blog into a major news source - whynchYOU try it!?
Slashdot Mirror
BitZtream: errr, "bzzzt!" Nope.
As Wolfgang Pauli said: "That isn't right. It's not even wrong."
No, contracts can't override the law (we're talking U.S. law, here): a company generally can't have you waive implied warranties (merchantability, fitness for use, etc.), or do all kinds of other things (unconscionability, against public policy...)
But it is certainly legal (until a court says otherwise) to say "we have the right to [do stuff to your service], and by reading and signing this, you agree.
You mention "material" changes to the service - well, (a) if you can still go to the google website and search, well: pffft! - your materiality argument is pretty weak, at least in the Real World of Very Expensive and Prolonged Litigation, and (b) I bet dollars to donuts that the right to change, say, the default search engine, or your choices in that matter, are thoroughly covered in the agreement you signed.
Verizon has entire FLOORS of lawyers to write these things - you think they didn't think it through before implementing this?
I'm not saying it's fair, or right-or-wrong -- I'm just saying: I sincerely hope that, if you're a law student, that when you interview, your potential future employers never see this post.
If you're not a law student, let me just say (as someone who's been an expert witness, working (on another case) for the lead attorney in the RIM (Blackberry) case: you know not whatof you speak.
Hopfully youl lern to spel befour poasting to Slashdot agen.
...and not to use "And" as the first word of a sentence...
Hopfully you'll learn the following words:
* Hopefully
* "they're" vs. "their"
(Jeezus, people -- is it so wrong to ask that comments be freaking LITERATE?!?! I mean, WOW.)
I DID run a regional carrier-level* ISP several years ago.
(1) What you fail to mention is the "extra garbage traffic" caused by spam itself. And the extra garbage storage. (Remember that anywhere from 60-90% of all e-mail traffic is now spam.)
As an MSP -- I'd be more than happy to endure traffic through my network that ends up stopping some spam that ends up on my network.
(2) The other thing you fail to notice is this: if "my" users run the BlueSecurity tool, they're using ("wasting") upstream bandwidth. Now, hosted/co-lo users with boxes serving websites need that, but there's probably at least a 90/10% ratio of downstream usage for the vast majority of ISP "users". And I can segregate bandwidth for the co-lo/hosted folks vs. the end-users. So - I probably have PLENTY of upstream bandwidth to spare, especially if I traffic-shape intelligently, vs. what inbound spam costs me; and the 'end-user' customers don't care anyway, since 98%+ of their usage is downstream. (Hitting a URL upstream costs zip compared to the warez-suckers with their torrent-spigots wide-open... >;-)
Milomilo
* We ran AT&T-certified data centers with 30+ mile SONET optical loops, multi-homed directly to SprintLink, AT&T, and MCI/Worldnet's POPs, as well as multiple physical NAP cross-connects.
(What with all the "I got first post!" crap responses -- I hope nobody minds the occasional reminder that our world is a leetle beet beeger than the route to the nearest Appleby's/Best Buy/Wal-Mart Megaplex....
(*) Extra points for anyone who guessed the Volga and the Danube -- nice try if you thought Rhone or Seine -- remember that Europe goes a little farther EAST than the Eiffel Tower and Stonehenge, mes amis... ;-)
Absolutely, unquestionably FALSE, to anyone versed in crypto - or not, as long as he/she is not a complete idiot.
A one-time-pad is quite well-known to be utterly uncrackable (as long as it's used only once -- hence the first two words of the three-word phrase!).
The idea is this: (1) there's a 'message' - which can be represented as a string of letters (and/or numbers). [It's assumed that the message WILL be intercepted as it's transmitted - so it needs to be 'scrambled' so that (a) the 'enemy' who intercepts it can't understand it, but (b) it can be 'unscrambled' and read by the intended receiver.] (2) Generate a string - the same length as the message - of utterly random letters/numbers -- the "one-time pad". (3) Using the random string from the OTP, encrypt the 'message'.
For instance, if the first letter of the message is "A", and the first character of the one-time pad is "G", you might 'add' the A to the G - by adding 1 (the position of A in the English alphabet) to 7 (G's value), to get 8, or "H", in the encrypted message. (When the result is greater than 26 - as when the original message, or 'plaintext' character is "X" and the corresponding one-time-pad character is "R", or 24 + 18 - you'd just express the result mod 26 (subtract 26 repeatedly until the result is less than 26), in this case: 42 - 26 = 16, or the letter "P".)
The trick with one-time pads is that the receiver must have a copy of the (by definition, essentially random) decoding key in advance -- the disadvantage, obviously, being the distribution of keys. (The Diffie-Hellman key-generation technique was developed at least partially in response to this issue -- two people who are separated, and communicating on what's assumed to be a compromised channel (i.e. -- they assume someone's 'listening in' on their conversation) can generate a common key for further secret communication EVEN IF someone is listening in on the entire exchange of information between them!
(This is pretty profound, when you think about it -- I tell you something, and you tell me something, and from that we generate a key -- and even if Alice intercepts everything we tell each other, she can't possibly figure out the key! The whole trick lies in what we each keep to ourselves - the 'starting numbers' we each use to generate what we DO share. These are NOT communicated BUT are essential to the resulting key we each end up with....)
Bottom line - the anonymous coward who said (a) "with an OTP alone I could generate all possible messages..."...yadda yadda, and (b)"there is no uncrackable encryption, therefore, information is free" is a moron. The first statement is equivalent to saying "I can crack any encrypted message of n characters by generating (roughly speaking) n! random messages -- one of them will be the correct (original) message! (That's like saying that all you need to decode any encrypted message is an infinite number of monkeys typing at random -- sure, eventually one of them will type the 'correct' message, but there's no way of telling WHICH, of the very, very few sensible typed messages that emerge, is the original one....)
As for the 2nd assertion - that "there is no uncrackable encryption, therefore information is free" -- this is both false AND stupid. A one-time-pad, correctly implemented, IS uncrackable. This is well-known and well-accepted in the security community.
And the anonymous coward's conclusion - that the supposedly inevitably 'crackable' nature of all communication implies that all information is ultimately 'free' - or what I assume he means: "knowable" - is incorrect. I guarantee that I can transmit a message with a O.T.P. that no one, no matter how much computing power he/she has at his/her disposal, will EVER decipher.
Pattern x ("true") Randomness = Randomness - period.
My bad - not Hemos'. Flame him if you want for not checking every link in every story - with the volume of submissions what they are I can't say's I blame any of the good folks at /.
(Why the bad link? A friend had just ICQd me that he was headed to Amsterdam for a P2P conf. and wanted the name of the place all the 'football' fans go to. Cut and pasted crosswise. I suppose he'll be wondering why he should go to a 'bot lawsuit in the City of Sin... ;-)
And for those of you who got their panties in a bunch about the 'unacceptable' or declining quality of /. (ACs, anyone?) - so quit reading it already and run your own. MHO - pretty damn fine job of turning a homebrew blog into a major news source - whynchYOU try it!?