You're looking at it the wrong way. As much as the rhetoric about the U.S. becoming fascist is flying, the truth is there are VERY, VERY few countries in the world where it is currently legal to do what you want.
Most of those countries with "poor relations" with the U.S., like Venezuela, have unstable and/or paranoid governments. The conversation with an ISP down there would go something like this:
Gov't Official: It is secure? Americans have access? The American gov't can't monitor what they do?
ISP: It is secure, encrypted and anonymous. We cannot monitor what they do at all!
Gov't Official: Excellent! Just make sure you pass over the traffic of the anti-Castro Americans who are plotting against our Socialist Brother Fidel. Oh, and pass over all traffic for Venezuelans living abroad who are plotting another coup. And those rebels, make sure to let them get accounts and pass over their traffic, too.
ISP: Ummm...no, we can't do that. It is really anonymous and secure. We can't be selective otherwise it wouldn't work at all.
Gov't Official: Shut it down now.
If you create a list of all the countries in the world, then start striking off those without proper Internet connection, where strong crypto is illegal, where data retention laws are in place or imminent and you are going to find yourself looking at a very, very short list. Believe it or not, the U.S. is on that list.
There is NO country in the world where the gov't can't go to the service provider and say "start logging now" and they must comply or face draconian prison sentences.
My idea is simple:
Cash/money orders only. No record of who paid for what that ties back to a real person. Accounts/e-mail addresses like jgru4456@ that have no relation to anything in the real world. TLS/SSL *only* connection for POP/IMAP/user-SMTP, Tor node, OpenVPN for road-warriors, optional e-mail batching, etc.
The idea is if the authorities pop in and say "who owns account jgru4456?" I can honestly say "I have no idea and no way to find out."
Yes, they could force me to start logging, any by traffic analysis start to figure things out. However, what I'm starting to offer is light-years ahead of what is commonplace now.
I'm open to suggestions if you can think of anything that would increase privacy. My goal is, within a year, have servers in multiple countries (aka legal jurisdictions) to make tracking stuff a legal and logistical nightmare.
In 1999, I worked as a contract engineer for a Linux consulting company. We delivered kernel enhancements for the Linux kernel on the Alpha processor to the NSA. The enhancements we to reduce TLB miss overhead when doing comparisons and searches on large amounts of data. The benchmark run to test it was a keyword search through a stream of e-mails.
Heh, I shipped my own server to a co-lo facility in Michigan a month ago. I've also compiled a list of countries and their various data retention/privacy restriction laws. The server is for secure, anonymous e-mail & proxy (no FTP/shell). It is also going to be a Tor & possibly Freenet node. Gonna accept cash/money orders only and keep NO logs at all other than those needed to troubleshoot connectivity and only as long as troubleshooting is necessary. The hardware crypto accelerator (Soekris 1411 - $76) should handle the excess SSL/TLS traffic without bogging the machine.
If Michigan gets around to passing a data retention law I'll have two or three other servers located at well connected locations around the world to bouce traffic off of. (Hence the compiled list.)
The domain will be occulus.net and should be active within a week.
Head back to the original parent of this thread, where they claimed that when China comes close to the US or EU in carbon emmissions, then we can talk. It was then pointed out that China is at about 90% of the EU emmissions so now is the time to talk.
It then degenerated into something along the lines of "that doesn't count, there is a billion of them, measure it per capita". My point was that if we're talking about the amount of carbon in the air, it doesn't matter from the perspective of nature. If the atmosphere can only handle X number of tonnes going it, the argument that "oh, but they don't count because they aren't the carbon pigs the EU and US are" doesn't fly. All that matters is that Total X. Period.
The word "fair" never entered my arguments. I was looking at it from the one point that trumps all -- nature. Nature has no concept of "fair" nor does it have the concept of "rights", those are human inventions and ones that we cannot impose on nature no matter how hard we try.
Right now, some corporations deliberately infringe laws and then have email retention policies that tell employees to destroy all email over 30 days old. In the rare cases where any attempt is made to bring these companies to book, it is very difficult to find the evidence to convict.
Uhhh...no.
I can't think of one corporation that would be able to function if e-mail was destroyed once it hit 31 days old. 90-days, maybe.
Corporate fraud and misdeeds, at least the worst of them and the ones you proscecute for, are systemic and ongoing. If it is ongoing, it will be caught and evidence will be obtained.
Not to mention all those tape backups, off-site storage, etc. Properly purging e-mail is a major hurdle and e-mail is the lifeblood of most companies. The possibility of accidentally losing it all far outweighs the "we're all crooks, keep nothing" possibility.
The correct method is for the authorities to inform the ISP that an investigation is underway. At that point, they are required to start retaining logs for the eventual subpeona. Logs are not turned over without a court order.
This has been effective in the past and there is no evidence to support the notion it is no longer a valid method.
Maybe the atmosphere can't see the difference between a gallon of fuel used to boil drinking water and a gallon poured into a Hummer. But you should be able to.
I can, but all of that falls into the feels-good political BS category. If we're talking NATURE and PHYSICS then all that matters is the result. 3,000 MT of carbon is 3,000 MT of carbon, whether it comes from 1,000,000 people boiling water or 1 guy char-broiling 1,000,000,000 fuzzy kittens.
Those are meaningless numbers. Try dividing by population. The population of China is something like 5 times than of the US (I haven't bothered looking it up, but I think that's close) which puts China at around 1/10 of the emissions of the US, that's a fraction by my definition.
Bullshit. Those are the only numbers that count. Do you really think the atmosphere looks down and says "well, they are #3 in total, pumpung 3,000 metric tons of carbon out but there are so many of them so it doesn't count as much"?
Total count is all that matters to the planet, not "per capita" or any other political, feel-good number.
Hmmm... now that I look it up I find out the luxury tax devestated the boat industry and was repealed by Pres. Clinton in 1993 or so. It had applied a 10% surcharge to boats over $100,000, planes over $25,000, as well as large jewelry, fur and automobile purchases.
None of the other items matter because that's tuff we all pay; regardless if you lied to the IRS or not.
It *does* matter because my point still stands. You're implying the gov't is getting cheated out of money and I'm saying these people aren't Scrooge McDuck. They don't take that money and put it in a room and roll around in it. They SPEND it all, and damn near everything they spend it on is taxed half-a-dozen different ways, anyway. The more they spend, the more they are taxed. That $60,000 boat uses fuel, which is taxed but would NOT have been purchased unless the boat was purchased. The salaries of the boat builders are taxed, etc. There is a ton more than just sales tax involved.
Either way, small businesses and individuals just don't have the lobbying power to "legally" escape the tax man the way corporations do. A decent Senator or Representative costs a lot of money. It's the Golden Rule -- Those with the gold make the rules.
Sales tax is 6-7%. Impact taxes on house purchases are more. Luxury tax on things like big boats can be up to 50%. Property tax is perpetual. Then there is all the secondary taxes on all the upkeep on the houses, cars, boats, kids like sales tax on every item purchased for upkeep (clothes, gas, tires, etc.) They DO add up to much more than most people realize.
Ever wonder why Bubba the Landscaper has a brand new truck every single year, a huge house, 3-4 kids, a big powerboat and a summer place on the shore? It isn't because he's an investment genius. It's because he's NOT PAYING TAXES ON MOST OF HIS INCOME.
A good chunk of what was lost in income tax was spent on sales, use, property and luxury taxes.
The problem is, this effect appears to be entirely unintentional. Walmart has always tried to maintain a family friendly "Bible-belt" image. As a result, they have never in their history carried games that didn't meet their current criteria.
This is so not true.
I was in Walmart the other day, browsing thru DVDs and what did I see: The uncensored version of Comedy Central's Pamela Anderson Roast; the Director's Cut of Rob Zombie's "The Devil's Rejects"; the "Uncensored" Director's Cut of "The Girl Next Door" -- you know, the one where the porn stars move in next door to this high school kid? Tons of "uncensored" and "director's cuts" of almost-porn and very, very violent slasher movies. DVD seasons of South Park, Tripping the Rift, etc. Family-friendly fare it ain't.
Their "criteria" is, and always has been, whatever sells the most without making too much of a PR stink. Music and games are easy targets, so Walmart forces censorship and gets to wave the "family" flag. Since no stink is made with video, they sell damn near everything except hardcore.
I suggest you research further the nature, purpose, and capabilities of multicast.
No, actually, I'm using the term "multicast" to describe the generic "one-to-many" but not "one-to-all" of broadcast. I am *NOT* talking about multicast as it is referrs to IP Multicast. [IP range 224.0.0.0, etc.]
What I mean is the ability to duplicate a stream circuit level to any other circuit subscriber. In an ATM or Frame Relay switch, if you create a circuit from point A to point B and someone at points C & D want a copy, it is trivial to "multicast" that stream to B, C & D without sending to E-Z as well -- all without dealing with IP multicast.
Black Belt Systems? The old Amiga software company?! Wow, I didn't know you guys were still in business. What was that program...ImageMaster? THAT name brings back a lot of memories... (Along with some rather entertaining flamefests between Perry K. @ ASDB and Ben @ BBS.:-)
Almost all optical switching equipment by Nortel, Lucent and Cisco has the capability of multicast. It is very, very simple to just pick a circuit and multicast the stream from that point on. Everything goes to the original destination and a copy all goes down another circuit to where ever else subscribes to the multicast group.
This is done not at the network level, but at the circuit (physical) level so there are no telltale IP fingerprints.
If you own the switch, you don't need to physically "tap" the optics with a splitter, just click a few buttons with the mouse and you're done.
Las time I passed thru customs in London, they asked about the laptop and "do I have the Internet on there". I told him "no" but now, thanks to these dweebs, I'll have to say "Yes, I have the Internet on my laptop."
So the best thing to do is transfer hundreds of GB of data/month on ATT lines & make them wade through the mess?
Specifically, hundreds of Gb of pure random data in the packets, to as many non-US locations as possible. Use as much encryptions (IMAPS, POP3S, HTTPS, etc.) as possible.
And, doesn't it already pop up a warning saying the site's URL doesn't match the certificate's URL? I know I've had it warn when I was on blockbuster.com and the certificate was for www.blockbuster.com or something like that.
Yes, it will pop up a certificate warning. IE does the same thing. However, it is full of big words that most people susceptible to phishing and scams just click thru. The idea is to make a "permanent" warning that something is not quite right and boil it down to the one pertinent issue: the URL you are at doesn't exactly match the one the cert is for.
People need a simple RED == BAD, ORANGE == WARNING, GREEN == GOOD system for this. KISS.
The concept is simple. See the button bar (tab bar on Firefox) up top? Now look down -- see the Status bar down below? In between there is the screen real estate that content should be allowed to touch. Under no circumstances should anything outside of that area be touchable by the browser or any task/thread/job spawned by the browser. Period. The URL bar, button bar, toolbar, and statusbar should be inviolate. Javascript (or ANY script) should be unable to display text in the status bar, thus making it impossible to lie about link location.
Extensions, which are installed explicitly thru a separate procedure, would be the only way to put something in the status bar.
Change the little lock symbol to take up more room in the status bar. Make it list the URL the certificate is issued to next to the lock. If that doesn't match the URL you're on, change the URL bar background to ORANGE (not yellow) and make the lock flash or something. Yes, I know, you clicked "accept this certificate" but it is still a hacked-up cert and needs some cursory attention.
* * *
For those twits that are going to whine "but I don't use the status bar" or "I've rearranged my button/menu/tool bar up top so it isn't that way" this is a trivial issue to work around. This was just a quick way to describe the working screen area for most people.
You're looking at it the wrong way. As much as the rhetoric about the U.S. becoming fascist is flying, the truth is there are VERY, VERY few countries in the world where it is currently legal to do what you want.
Most of those countries with "poor relations" with the U.S., like Venezuela, have unstable and/or paranoid governments. The conversation with an ISP down there would go something like this:
Gov't Official: It is secure? Americans have access? The American gov't can't monitor what they do?
ISP: It is secure, encrypted and anonymous. We cannot monitor what they do at all!
Gov't Official: Excellent! Just make sure you pass over the traffic of the anti-Castro Americans who are plotting against our Socialist Brother Fidel. Oh, and pass over all traffic for Venezuelans living abroad who are plotting another coup. And those rebels, make sure to let them get accounts and pass over their traffic, too.
ISP: Ummm...no, we can't do that. It is really anonymous and secure. We can't be selective otherwise it wouldn't work at all.
Gov't Official: Shut it down now.
If you create a list of all the countries in the world, then start striking off those without proper Internet connection, where strong crypto is illegal, where data retention laws are in place or imminent and you are going to find yourself looking at a very, very short list. Believe it or not, the U.S. is on that list.
There is NO country in the world where the gov't can't go to the service provider and say "start logging now" and they must comply or face draconian prison sentences.
My idea is simple:
Cash/money orders only. No record of who paid for what that ties back to a real person.
Accounts/e-mail addresses like jgru4456@ that have no relation to anything in the real world.
TLS/SSL *only* connection for POP/IMAP/user-SMTP, Tor node, OpenVPN for road-warriors, optional e-mail batching, etc.
The idea is if the authorities pop in and say "who owns account jgru4456?" I can honestly say "I have no idea and no way to find out."
Yes, they could force me to start logging, any by traffic analysis start to figure things out. However, what I'm starting to offer is light-years ahead of what is commonplace now.
I'm open to suggestions if you can think of anything that would increase privacy. My goal is, within a year, have servers in multiple countries (aka legal jurisdictions) to make tracking stuff a legal and logistical nightmare.
In 1999, I worked as a contract engineer for a Linux consulting company. We delivered kernel enhancements for the Linux kernel on the Alpha processor to the NSA. The enhancements we to reduce TLB miss overhead when doing comparisons and searches on large amounts of data. The benchmark run to test it was a keyword search through a stream of e-mails.
- C-Series/
My how far we have come in 7 years. Sensory Networks makes a hardware accelerator (PCI-X) for just this thing. They aren't that expensive, either. http://www.sensorynetworks.com/Products/NodalCore
fnord
Heh, I shipped my own server to a co-lo facility in Michigan a month ago. I've also compiled a list of countries and their various data retention/privacy restriction laws. The server is for secure, anonymous e-mail & proxy (no FTP/shell). It is also going to be a Tor & possibly Freenet node. Gonna accept cash/money orders only and keep NO logs at all other than those needed to troubleshoot connectivity and only as long as troubleshooting is necessary. The hardware crypto accelerator (Soekris 1411 - $76) should handle the excess SSL/TLS traffic without bogging the machine.
If Michigan gets around to passing a data retention law I'll have two or three other servers located at well connected locations around the world to bouce traffic off of. (Hence the compiled list.)
The domain will be occulus.net and should be active within a week.
Head back to the original parent of this thread, where they claimed that when China comes close to the US or EU in carbon emmissions, then we can talk. It was then pointed out that China is at about 90% of the EU emmissions so now is the time to talk.
It then degenerated into something along the lines of "that doesn't count, there is a billion of them, measure it per capita". My point was that if we're talking about the amount of carbon in the air, it doesn't matter from the perspective of nature. If the atmosphere can only handle X number of tonnes going it, the argument that "oh, but they don't count because they aren't the carbon pigs the EU and US are" doesn't fly. All that matters is that Total X. Period.
The word "fair" never entered my arguments. I was looking at it from the one point that trumps all -- nature. Nature has no concept of "fair" nor does it have the concept of "rights", those are human inventions and ones that we cannot impose on nature no matter how hard we try.
Right now, some corporations deliberately infringe laws and then have email retention policies that tell employees to destroy all email over 30 days old. In the rare cases where any attempt is made to bring these companies to book, it is very difficult to find the evidence to convict.
Uhhh...no.
I can't think of one corporation that would be able to function if e-mail was destroyed once it hit 31 days old. 90-days, maybe.
Corporate fraud and misdeeds, at least the worst of them and the ones you proscecute for, are systemic and ongoing. If it is ongoing, it will be caught and evidence will be obtained.
Not to mention all those tape backups, off-site storage, etc. Properly purging e-mail is a major hurdle and e-mail is the lifeblood of most companies. The possibility of accidentally losing it all far outweighs the "we're all crooks, keep nothing" possibility.
The correct method is for the authorities to inform the ISP that an investigation is underway. At that point, they are required to start retaining logs for the eventual subpeona. Logs are not turned over without a court order.
This has been effective in the past and there is no evidence to support the notion it is no longer a valid method.
Maybe the atmosphere can't see the difference between a gallon of fuel used to boil drinking water and a gallon poured into a Hummer. But you should be able to.
I can, but all of that falls into the feels-good political BS category. If we're talking NATURE and PHYSICS then all that matters is the result. 3,000 MT of carbon is 3,000 MT of carbon, whether it comes from 1,000,000 people boiling water or 1 guy char-broiling 1,000,000,000 fuzzy kittens.
Totally different perspectives.
Those are meaningless numbers. Try dividing by population. The population of China is something like 5 times than of the US (I haven't bothered looking it up, but I think that's close) which puts China at around 1/10 of the emissions of the US, that's a fraction by my definition.
Bullshit. Those are the only numbers that count. Do you really think the atmosphere looks down and says "well, they are #3 in total, pumpung 3,000 metric tons of carbon out but there are so many of them so it doesn't count as much"?
Total count is all that matters to the planet, not "per capita" or any other political, feel-good number.
Hmmm... now that I look it up I find out the luxury tax devestated the boat industry and was repealed by Pres. Clinton in 1993 or so. It had applied a 10% surcharge to boats over $100,000, planes over $25,000, as well as large jewelry, fur and automobile purchases.
None of the other items matter because that's tuff we all pay; regardless if you lied to the IRS or not.
It *does* matter because my point still stands. You're implying the gov't is getting cheated out of money and I'm saying these people aren't Scrooge McDuck. They don't take that money and put it in a room and roll around in it. They SPEND it all, and damn near everything they spend it on is taxed half-a-dozen different ways, anyway. The more they spend, the more they are taxed. That $60,000 boat uses fuel, which is taxed but would NOT have been purchased unless the boat was purchased. The salaries of the boat builders are taxed, etc. There is a ton more than just sales tax involved.
Either way, small businesses and individuals just don't have the lobbying power to "legally" escape the tax man the way corporations do. A decent Senator or Representative costs a lot of money. It's the Golden Rule -- Those with the gold make the rules.
Sales tax is 6-7%. Impact taxes on house purchases are more. Luxury tax on things like big boats can be up to 50%. Property tax is perpetual. Then there is all the secondary taxes on all the upkeep on the houses, cars, boats, kids like sales tax on every item purchased for upkeep (clothes, gas, tires, etc.) They DO add up to much more than most people realize.
Ever wonder why Bubba the Landscaper has a brand new truck every single year, a huge house, 3-4 kids, a big powerboat and a summer place on the shore? It isn't because he's an investment genius. It's because he's NOT PAYING TAXES ON MOST OF HIS INCOME.
A good chunk of what was lost in income tax was spent on sales, use, property and luxury taxes.
The problem is, this effect appears to be entirely unintentional. Walmart has always tried to maintain a family friendly "Bible-belt" image. As a result, they have never in their history carried games that didn't meet their current criteria.
This is so not true.
I was in Walmart the other day, browsing thru DVDs and what did I see: The uncensored version of Comedy Central's Pamela Anderson Roast; the Director's Cut of Rob Zombie's "The Devil's Rejects"; the "Uncensored" Director's Cut of "The Girl Next Door" -- you know, the one where the porn stars move in next door to this high school kid? Tons of "uncensored" and "director's cuts" of almost-porn and very, very violent slasher movies. DVD seasons of South Park, Tripping the Rift, etc. Family-friendly fare it ain't.
Their "criteria" is, and always has been, whatever sells the most without making too much of a PR stink. Music and games are easy targets, so Walmart forces censorship and gets to wave the "family" flag. Since no stink is made with video, they sell damn near everything except hardcore.
-Charles
I suggest you research further the nature, purpose, and capabilities of multicast.
No, actually, I'm using the term "multicast" to describe the generic "one-to-many" but not "one-to-all" of broadcast. I am *NOT* talking about multicast as it is referrs to IP Multicast. [IP range 224.0.0.0, etc.]
What I mean is the ability to duplicate a stream circuit level to any other circuit subscriber. In an ATM or Frame Relay switch, if you create a circuit from point A to point B and someone at points C & D want a copy, it is trivial to "multicast" that stream to B, C & D without sending to E-Z as well -- all without dealing with IP multicast.
-Charles
Black Belt Systems? The old Amiga software company?! Wow, I didn't know you guys were still in business. What was that program...ImageMaster? THAT name brings back a lot of memories... (Along with some rather entertaining flamefests between Perry K. @ ASDB and Ben @ BBS. :-)
-Charles
Almost all optical switching equipment by Nortel, Lucent and Cisco has the capability of multicast. It is very, very simple to just pick a circuit and multicast the stream from that point on. Everything goes to the original destination and a copy all goes down another circuit to where ever else subscribes to the multicast group.
This is done not at the network level, but at the circuit (physical) level so there are no telltale IP fingerprints.
If you own the switch, you don't need to physically "tap" the optics with a splitter, just click a few buttons with the mouse and you're done.
[chill]
Las time I passed thru customs in London, they asked about the laptop and "do I have the Internet on there". I told him "no" but now, thanks to these dweebs, I'll have to say "Yes, I have the Internet on my laptop."
Bastards.
-Charles
"Turn off your cell phone. :-)"
Informative?
Because Slashdot doesn't have a +1 Obvious" mod.
And that statement probably narrowed it down to 3. But who is being paranoid.
Obviously, no where NEAR enough people...
-Charles
So the best thing to do is transfer hundreds of GB of data/month on ATT lines & make them wade through the mess?
Specifically, hundreds of Gb of pure random data in the packets, to as many non-US locations as possible. Use as much encryptions (IMAPS, POP3S, HTTPS, etc.) as possible.
-Charles
And, doesn't it already pop up a warning saying the site's URL doesn't match the certificate's URL? I know I've had it warn when I was on blockbuster.com and the certificate was for www.blockbuster.com or something like that.
Yes, it will pop up a certificate warning. IE does the same thing. However, it is full of big words that most people susceptible to phishing and scams just click thru. The idea is to make a "permanent" warning that something is not quite right and boil it down to the one pertinent issue: the URL you are at doesn't exactly match the one the cert is for.
People need a simple RED == BAD, ORANGE == WARNING, GREEN == GOOD system for this. KISS.
Verbatim. Exactly what I was thinking about 2 sentences into that rant. Thanks.
Preview, preview, preview.
By "touchable by browser" I meant "touchable by content rendered by the browser".
The concept is simple. See the button bar (tab bar on Firefox) up top? Now look down -- see the Status bar down below? In between there is the screen real estate that content should be allowed to touch. Under no circumstances should anything outside of that area be touchable by the browser or any task/thread/job spawned by the browser. Period. The URL bar, button bar, toolbar, and statusbar should be inviolate. Javascript (or ANY script) should be unable to display text in the status bar, thus making it impossible to lie about link location.
Extensions, which are installed explicitly thru a separate procedure, would be the only way to put something in the status bar.
Change the little lock symbol to take up more room in the status bar. Make it list the URL the certificate is issued to next to the lock. If that doesn't match the URL you're on, change the URL bar background to ORANGE (not yellow) and make the lock flash or something. Yes, I know, you clicked "accept this certificate" but it is still a hacked-up cert and needs some cursory attention.
* * *
For those twits that are going to whine "but I don't use the status bar" or "I've rearranged my button/menu/tool bar up top so it isn't that way" this is a trivial issue to work around. This was just a quick way to describe the working screen area for most people.
I just went there through Firefox (ver 1.5.0.1) and got the same result as if I went through IE. This doesn't sit well with me.
Funny, I didn't. I did get an "open this with..." dialog for a Flash file, which I ignored, so that could be it.