When approaching a stop sign, red light, or just about anything else you *should* be intending to stop on the line. There is always some margin of safety built in. Usually, for example, the stop line is before crosswalk lines which are set back from the corner a few meters. If something behind you isn't going to stop in time, it is reasonable to adjust your stopping profile (and even accelerate if necessary) so that you still stop but are ahead of the line. If something behind you doesn't hit the brakes at all, the best thing to do may be to speed up and turn right. However, you're unlikely in this scenario to ever get back above the posted limit. Nor would you need to.
The third party can't tell the ISP to disconnect a user. The third-party informs the ISP of what they suspect to be illegal activity. The ISP then has to follow a procedure of notifying the user. The user can claim that their activity isn't infringing and then the ISP forwards the user's and third-parties contact information to each other and the ISP is done. If the user fails to respond, the ISP is supposed to disconnect. What Cox did was to ignore the claims entirely. They had good reason. They were flooded with claims in a way that was overwhelming. A trial court is mostly a finder of fact. In this case, the facts weren't very contested so it's not surprising that the jury went against Cox. The interesting legal arguments will start to get developed now. Primarily that the legitimate requests Cox received were disguised in a sea of illegitimate ones. Followed by an argument that the law places and undue burden. A trial court usually won't entertain these arguments but rather lets them be reserved for appeal. The reason is that a finding of fact usually develops the record in the case which makes deciding the difficult legal questions easier. IANAL. But I am anal.
This is nothing more than a sophisticated from of "everybody else is doing it" argument that you get from small children. If the rules aren't working, the solution is to either enforce the rules better or to change the rules. Having everybody ignore the rules and not change them is the worst possible outcome. It creates a situation where things simply can't get better. Nobody can know the real effect of properly enforced rules so there's no data that can be used for improvement of the rules. What we need is better enforcement for human drivers. It's almost inexcusable that neither cars (nor trains) have automatic speed control systems that prevent exceeding the limit. Invariably somebody will point out the fantastical corner case where accelerating and swerving makes sense but those can be easily solved.
I have no doubt that what you are saying is true - more information makes for better advertising. But I really don't think it's part of the rationale. Any online forum needs a way to deal with trolling. Almost every news site with a comment system ended up shutting it down. Here at/. we use a moderation system to keep things going. FB uses a real-names policy. Even if, as you point out, it doesn't stop everybody from behaving in ridiculous ways, it allows other users to identify them and not interact. Remove their posts from newsfeed or unfriend them. That gets more people using FB since it's a better user experience and the increased traffic is a much bigger factor than the improved targeting. (Targeting is pretty good with no information thanks to tracking cookies. In fact they can probably figure out your real name.) Nothing is going to keep everybody within reasonable bounds. If there were such a thing we wouldn't need a real life legal system. But FB is one of the few online forums that isn't poisoned by anonymous idiots and, in that sense, the policy is working.
Yes this has been pointed out in other threads. However, the initial partners certainly engaged in joint marketing activities where money did change hands. I realize they aren't getting a recurring bill for bandwidth usage.
I take T-mobile's word as well but I also commented earlier that I suspect that money changed hands. My guess is that there is "joint marketing" happening which is where the money gets exchanged. And I don't think there's any regulation against this. Anybody can sign up for "Binge On" and there's no cost to the transaction. But if you want to advertise together with T-Mobile you pay. Splitting the advertising cost seems to make sense and probably the first Binge On providers were the ones who would make the best "joint marketing" provider. (i.e. contribute the highest percentage of the costs). But it's still open to anybody and follows neutrality rules and probably overall good for consumers so it's hard to hate on it.
Because one of the requirements is that they are able to convert your 480p video to 1p if bandwidth is tight and they have strict technical requirements to make this possible.
But almost all big name content providers have this infrastructure already. The narrow part of the tube is from the tower to the device. The bits from the sanctioned content providers aren't any cheaper to deliver that last few hundred meters. By your argument we should have unlimited everything as long as its available from a CDN near the tower. Certainly the reason for binge on is that money changed hands so that the "in" providers are subsidizing the bandwidth.
Then you can use your real name on FB and have fun trolling. People can choose to unfriend you. But then the trolling will be boring so you will try to sign up again with the name of your high school nemesis and the real name policy will thwart you.
If I could post and moderate, I'd give you the funny mod though. You deserve it.
This is a fun way to get modded up but I don't think there's much truth to this. Look at the type of AC trolling we get here but also even some pseudo-anonymous trolling. When people have to use their real name, they are on better behavior. The policy keeps getting tweaked to deal with corner cases but the principle is still that you aren't anonymous on FB so exercise the same restraing you would in "real life" since FB is the new real life.
No but many people arrange social events only through Facebook. You get a Facebook event invite. Sometimes your friends will remember that you are the one person in the whole world who has no Facebook account and will notify you via email. Of course if there is a change of plans and the event gets updated, chances are you will be left out and show up at the wrong place and wrong time.
Would not having an email account affect your social life? Facebook is the new email and new shared calendaring.
The scenario I can think of for this is something like the checkin kiosks at airports where people insert their credit card as a form of identification. Having the bios locked down and the cases sealed makes it much harder to install a rootkit for purposes of engaging in some sort of fraud. Of course it also means if there's a power failure some poor soul has to go around and type the passwords in everywhere.
They don't want a theocracy but they want Christian morals to be enshrined in law no different that Sharia. Nobody has ever tried to tell Christians in this country what to believe. But Christian groups do want laws such as: No business open when people should be at church, no adult entertainment available of any kind, no homosexual people getting married. Display of Christian religious symbols at government establishments but no symbols from competing religion. Sorry but Christians in this country walk around as if they are under attack but in reality nobody really pays any attention to them. What they don't like is their decreasing influence.
Sure. But if you don't work hard it's very likely that you will succeed. Therefore, it makes sense to work hard. When somebody isn't working hard, they aren't acting in their best interest and it's usually obvious to everyone but them. Of course there may be a lot of reasons that the person isn't working hard. Discouraged, disillusioned. Especially since the likelihood of upward mobility through hard work is decreasing. However, what we see lately is people arguing for solutions that don't involve hard work. Those ideas are doomed to failure.
They probably didn't scare very many parents either. Most of them are now so used to false alarms that they are numb to it. Sure inconvenienced a lot of people though.
Good point. Normally the receiving end of the nuclear option tries to avoid it. But perhaps they already knew of alternative sites. This whole thread assumes that solar contributes nothing to their local economy. I would think that the developed land would pay significant property taxes and not use any local resources but I don't know much about the local impact of solar farms.
Farming is an environmental disaster. I don't know about Canada but in the US we pay huge subsidies in order to have unnecessary fertilizer poured onto the land only to wash into the river so that we can grow food that will never be eaten. Replacing farmland with wind turbines is an environment benefit even if they never produce any electricity!
The problem with this play is that it can't be undone. If the project now comes back and offers to pay royalties to the town in perpetuity, the deal suddenly becomes attractive. But it may be impossible to undo the fear mongering. Better to form the objections in a way that's easier to walk them back.
If you don't have a certificate, many server applications (I guess IIS included) will automatically generate one for you. It's not from a trusted CA and your browser will complain loudly about it. But if you accept *and pin* the certificate it guarantees against impersonation. That works fine for internal apps. For production sites, you don't use the auto-generated cert. What applications are doing is similar to what SSH does on new connections. As long as you can guarantee the authenticity of the first request, you can prevent future impersonation. If the server and client are both under your control this is a viable solution. It's not for the public internet.
I think the OP is referring to browsers that *won't* accept SHA1 but are improperly presented with it thus locking those users out. That may be a lesser percentage than those who will get locked out of SHA1 is done away with entirely.
Rather than guess what they are probably doing, the source code is here.
https://github.com/facebook/wa...
But you were pretty close. You're right that *some* browsers that *could* get an SHA2 certificate will get the SHA1 version.
An improvement would be to present the SHA2 certificate if you're sure that the browser can accept it. Otherwise show the SHA1 certificate. Put a warning page up when presenting the SHA1 certificate suggesting that people upgrade browsers.
For those that have older browsers that want the SHA2 certificate but are getting an SHA1, offer an alternative like sha2.facebook.com. I imagine that this is a very small set of users. And as has been mentioned already, certificate pinning is your friend.
The problem with that is the torrent site you use may have infected your machine with malware. That malware could frustrate your attempt to verify the signature. Torrent is a good solution if the tracker is hosted by the distributor. Not so much if you have to poke in dark corners of the interwebs. Of course you can move the download to another machine to verify the signature. There are (unfortunately) not enough people downloading Linux ISOs to even get better performance by torrenting them.:(
Sorry you do have to have an Android device to run the app. But from what I can tell, it doesn't need to be running on a phone. I'll try it out and let you know. I have an old Nexus 6 with no SIM card for a perfect test.
Slashdot Mirror
When approaching a stop sign, red light, or just about anything else you *should* be intending to stop on the line. There is always some margin of safety built in. Usually, for example, the stop line is before crosswalk lines which are set back from the corner a few meters. If something behind you isn't going to stop in time, it is reasonable to adjust your stopping profile (and even accelerate if necessary) so that you still stop but are ahead of the line. If something behind you doesn't hit the brakes at all, the best thing to do may be to speed up and turn right. However, you're unlikely in this scenario to ever get back above the posted limit. Nor would you need to.
The third party can't tell the ISP to disconnect a user. The third-party informs the ISP of what they suspect to be illegal activity. The ISP then has to follow a procedure of notifying the user. The user can claim that their activity isn't infringing and then the ISP forwards the user's and third-parties contact information to each other and the ISP is done. If the user fails to respond, the ISP is supposed to disconnect. What Cox did was to ignore the claims entirely. They had good reason. They were flooded with claims in a way that was overwhelming. A trial court is mostly a finder of fact. In this case, the facts weren't very contested so it's not surprising that the jury went against Cox. The interesting legal arguments will start to get developed now. Primarily that the legitimate requests Cox received were disguised in a sea of illegitimate ones. Followed by an argument that the law places and undue burden. A trial court usually won't entertain these arguments but rather lets them be reserved for appeal. The reason is that a finding of fact usually develops the record in the case which makes deciding the difficult legal questions easier. IANAL. But I am anal.
This is nothing more than a sophisticated from of "everybody else is doing it" argument that you get from small children. If the rules aren't working, the solution is to either enforce the rules better or to change the rules. Having everybody ignore the rules and not change them is the worst possible outcome. It creates a situation where things simply can't get better. Nobody can know the real effect of properly enforced rules so there's no data that can be used for improvement of the rules. What we need is better enforcement for human drivers. It's almost inexcusable that neither cars (nor trains) have automatic speed control systems that prevent exceeding the limit. Invariably somebody will point out the fantastical corner case where accelerating and swerving makes sense but those can be easily solved.
I have no doubt that what you are saying is true - more information makes for better advertising. But I really don't think it's part of the rationale. Any online forum needs a way to deal with trolling. Almost every news site with a comment system ended up shutting it down. Here at /. we use a moderation system to keep things going. FB uses a real-names policy. Even if, as you point out, it doesn't stop everybody from behaving in ridiculous ways, it allows other users to identify them and not interact. Remove their posts from newsfeed or unfriend them. That gets more people using FB since it's a better user experience and the increased traffic is a much bigger factor than the improved targeting. (Targeting is pretty good with no information thanks to tracking cookies. In fact they can probably figure out your real name.) Nothing is going to keep everybody within reasonable bounds. If there were such a thing we wouldn't need a real life legal system. But FB is one of the few online forums that isn't poisoned by anonymous idiots and, in that sense, the policy is working.
Yes this has been pointed out in other threads. However, the initial partners certainly engaged in joint marketing activities where money did change hands. I realize they aren't getting a recurring bill for bandwidth usage.
I take T-mobile's word as well but I also commented earlier that I suspect that money changed hands. My guess is that there is "joint marketing" happening which is where the money gets exchanged. And I don't think there's any regulation against this. Anybody can sign up for "Binge On" and there's no cost to the transaction. But if you want to advertise together with T-Mobile you pay. Splitting the advertising cost seems to make sense and probably the first Binge On providers were the ones who would make the best "joint marketing" provider. (i.e. contribute the highest percentage of the costs). But it's still open to anybody and follows neutrality rules and probably overall good for consumers so it's hard to hate on it.
Because one of the requirements is that they are able to convert your 480p video to 1p if bandwidth is tight and they have strict technical requirements to make this possible.
But almost all big name content providers have this infrastructure already. The narrow part of the tube is from the tower to the device. The bits from the sanctioned content providers aren't any cheaper to deliver that last few hundred meters. By your argument we should have unlimited everything as long as its available from a CDN near the tower. Certainly the reason for binge on is that money changed hands so that the "in" providers are subsidizing the bandwidth.
Then you can use your real name on FB and have fun trolling. People can choose to unfriend you. But then the trolling will be boring so you will try to sign up again with the name of your high school nemesis and the real name policy will thwart you. If I could post and moderate, I'd give you the funny mod though. You deserve it.
This is a fun way to get modded up but I don't think there's much truth to this. Look at the type of AC trolling we get here but also even some pseudo-anonymous trolling. When people have to use their real name, they are on better behavior. The policy keeps getting tweaked to deal with corner cases but the principle is still that you aren't anonymous on FB so exercise the same restraing you would in "real life" since FB is the new real life.
No but many people arrange social events only through Facebook. You get a Facebook event invite. Sometimes your friends will remember that you are the one person in the whole world who has no Facebook account and will notify you via email. Of course if there is a change of plans and the event gets updated, chances are you will be left out and show up at the wrong place and wrong time. Would not having an email account affect your social life? Facebook is the new email and new shared calendaring.
The scenario I can think of for this is something like the checkin kiosks at airports where people insert their credit card as a form of identification. Having the bios locked down and the cases sealed makes it much harder to install a rootkit for purposes of engaging in some sort of fraud. Of course it also means if there's a power failure some poor soul has to go around and type the passwords in everywhere.
They don't want a theocracy but they want Christian morals to be enshrined in law no different that Sharia. Nobody has ever tried to tell Christians in this country what to believe. But Christian groups do want laws such as: No business open when people should be at church, no adult entertainment available of any kind, no homosexual people getting married. Display of Christian religious symbols at government establishments but no symbols from competing religion. Sorry but Christians in this country walk around as if they are under attack but in reality nobody really pays any attention to them. What they don't like is their decreasing influence.
Sure. But if you don't work hard it's very likely that you will succeed. Therefore, it makes sense to work hard. When somebody isn't working hard, they aren't acting in their best interest and it's usually obvious to everyone but them. Of course there may be a lot of reasons that the person isn't working hard. Discouraged, disillusioned. Especially since the likelihood of upward mobility through hard work is decreasing. However, what we see lately is people arguing for solutions that don't involve hard work. Those ideas are doomed to failure.
If things get too bad, though, it may be impossible to keep us barbarians from crashing the gates so Mars would offer safety if not comfort.
I wish there were a -1 Ridiculous moderation!
They probably didn't scare very many parents either. Most of them are now so used to false alarms that they are numb to it. Sure inconvenienced a lot of people though.
Good point. Normally the receiving end of the nuclear option tries to avoid it. But perhaps they already knew of alternative sites. This whole thread assumes that solar contributes nothing to their local economy. I would think that the developed land would pay significant property taxes and not use any local resources but I don't know much about the local impact of solar farms.
Farming is an environmental disaster. I don't know about Canada but in the US we pay huge subsidies in order to have unnecessary fertilizer poured onto the land only to wash into the river so that we can grow food that will never be eaten. Replacing farmland with wind turbines is an environment benefit even if they never produce any electricity!
The problem with this play is that it can't be undone. If the project now comes back and offers to pay royalties to the town in perpetuity, the deal suddenly becomes attractive. But it may be impossible to undo the fear mongering. Better to form the objections in a way that's easier to walk them back.
If you don't have a certificate, many server applications (I guess IIS included) will automatically generate one for you. It's not from a trusted CA and your browser will complain loudly about it. But if you accept *and pin* the certificate it guarantees against impersonation. That works fine for internal apps. For production sites, you don't use the auto-generated cert. What applications are doing is similar to what SSH does on new connections. As long as you can guarantee the authenticity of the first request, you can prevent future impersonation. If the server and client are both under your control this is a viable solution. It's not for the public internet.
I think the OP is referring to browsers that *won't* accept SHA1 but are improperly presented with it thus locking those users out. That may be a lesser percentage than those who will get locked out of SHA1 is done away with entirely.
Rather than guess what they are probably doing, the source code is here. https://github.com/facebook/wa... But you were pretty close. You're right that *some* browsers that *could* get an SHA2 certificate will get the SHA1 version. An improvement would be to present the SHA2 certificate if you're sure that the browser can accept it. Otherwise show the SHA1 certificate. Put a warning page up when presenting the SHA1 certificate suggesting that people upgrade browsers. For those that have older browsers that want the SHA2 certificate but are getting an SHA1, offer an alternative like sha2.facebook.com. I imagine that this is a very small set of users. And as has been mentioned already, certificate pinning is your friend.
The problem with that is the torrent site you use may have infected your machine with malware. That malware could frustrate your attempt to verify the signature. Torrent is a good solution if the tracker is hosted by the distributor. Not so much if you have to poke in dark corners of the interwebs. Of course you can move the download to another machine to verify the signature. There are (unfortunately) not enough people downloading Linux ISOs to even get better performance by torrenting them. :(
Sorry you do have to have an Android device to run the app. But from what I can tell, it doesn't need to be running on a phone. I'll try it out and let you know. I have an old Nexus 6 with no SIM card for a perfect test.