The most obvious reason adoption was slow is that's not that easy to fill even a GBE pipe.
On the typical home network, this may very well be true. I can fill a 1Gbit/s link at home, if I really want to. But for real data transfers, the network link does not tend to be the bottleneck.
On production servers, things look different. I have worked in a place, where 1Gbit/s links were a very problematic limitation for some of our servers. We would have loved to have 10Gbit/s on board.
First, that does mktime which repeats the same problem. Ie, it uses the time on the local computer, it is not going to a remote computer that has been validated to be accurate.
The server I was hosting this code on of course had ntpd running from day one. The clock on that computer was accurate to within 10ms.
you aren't taking into account the entire release process.
Spending as much time on the release process as it took to write the code in the first place might be acceptable. But having a release process so convoluted that it increases the work by orders of magnitude means there is something wrong with the release process.
You code is useless as it doesn't take in all the possible times throughout the world
It solved the problem it was designed to solve. And that fact alone is enough to prove your statement to be incorrect.
I would have words with you about that code if you were implementing t in a ggobal system, it's i'll thought out.
If you want people to take advice from you, you need to be constructive. Constructive would mean provide concrete suggestions for improvements.
are you even familiar with mktime at all, or did you just copy some code from your 'learn html for Dummies' book?
I know there is not such thing as mktime in html, since it is a markup language not a programming language. That is apparently more than you know about it.
A one-second accuracy is probably sufficient and can be done without too much sweat.
If one minute is sufficient, they are free to use this code, which I wrote years ago. (I don't remember how long it took me to write, but it was less than 100 days).
In the document it forbids Verizon from discussing the letter, even with legal.
If I was the one receiving such a letter, I can see three options for how to deal with it.
Ask legal to translate the letter to English for me
Escalate it up the managment path as far as necessary.
Tell the sender they reached the wrong person, and ask them to instead send it to [address of somebody in legal].
Complying with the letter without questioning is not an option, because I do not have the necessary knowledge to know if that would be legal, or to even tell if the letter was legitimate.
But if you look at the IP utilization there are GIANT blocks of IP addresses that are locked behind allocations determined by technology's 'big players' in what, 1981? 1990?
That part is true. But back then allocations only came in three sizes. Those allocations really were of the smallest size, which would cover their need. That practice was changed soon enough to avoid problems. Slowing down the allocation of IP addresses and not having any of the already allocated addresses handed back would have given enough time, that IPv6 could have been deployed.
The only problem was, that nobody did. People just kept going on deploying more and more IPv4 networks and ignoring IPv6. Other workarounds came along, which stretched the supply of IPv4 addresses even further. The truth is, those workarounds have caused more problems than they solved. They were not necessary in the first place, there was plenty of time to deploy IPv6. The workarounds mean that we now have a much bigger Internet that needs to be converted, which means more work, and it is more expensive. But worse than that, the workarounds are actually part of the reason transitioning to IPv6 is so damn hard. Had IPv4 been free from any NAT, it would have been easier to have IPv4 and IPv6 co-exist.
Some people suggest those early players should hand back those addresses. It wouldn't solve any problem. It would have delayed the problem by a few months. But the problem would have returned and been just a tad worse. Also, it is a myth that those addresses are unused. Even if they are not all advertised in BGP, they may be used internally on systems, which also need to communicate with the public Internet. Hence they cannot be reused without breaking some communication. And even if they could be handed back, the amount of work it would take to ensure they are really not used plus the administrative overhead, means it is just not worth the effort. All that effort would be better spent working on a real solution.
All of those addresses, which could possibly have been handed back would have been used already in 2011. IANA ran out of addresses in early 2011, and APNIC was growing fast at the time.
IP addresses are not actually 'running out' anytime soon
That's only true, because they already have. Rationing of IPv4 addresses is happening already, and it is affecting end users. The problems end users experience will get worse over time. But very few people understand the connection between the problems they are experiencing and shortage of IP addresses.
it's going to be far easier to simply re-allocate blocks that are currently unused than to force everyone to buy new hardware.
But that won't help. There aren't addresses to reallocate. Extrapolate the curve from before IPv4 addresses and ignore the limit. Then you'll find consumption would reach 200% before the end of this decade. No redistribution of IP addresses will solve that. Also redistribution of IP addresses is a problem in itself. Every time you break up a block and redistribute the addresses, the address space gets more fragmented. This fragmentation means more routing table entries, which consume costly CAM resources on the backbone routers. This is a side effect of stretching the utilization of addresses too far.
Research has shown that you should not expect to utilize more than 80-90% of the bits in an address, if that address is supposed to be used for routing. That means you should not expect to utilize 32 bits of the IPv4 addresses, but only 26-29 bits.
Not at all. According to some threads in the tunnelbroker.net forums from May there are HE users who get redirected to Google's Taiwan site. And Google Public DNS apparently sends all users of tunnelbroker.net to a datacenter in Sydney.
As that shortage hits downstream, that's when people will find IPv4 addresses being rationed
This is happening already. The ISP I am using ran out of IPv4 addresses in 2012, and started rationing them down to two per customer. Before that I could have as many devices online as I needed. When they started rationing, I had three devices online, but in the past I have had more.
But I am still better off than customers of certain other ISPs. Some don't even get a single IPv4 address as they are put behind CGN. I have even heard about ISPs deploying CGN without deploying native IPv6 at the same time.
The absolute minimum level of service a customer should tolerate from an ISP which has found it necessary to deploy CGN is a/64 IPv6 prefix routed to the CPE. But a decent level of service would be that the ISP route a/56 or/48 to any customer requesting it through DHCPv6. Plus the ISP should deploy 6to4 and Teredo relays such that customers get reliable communication with those who unfortunately don't have access to native IPv6 yet. Customers who have their own public IPv4 address can deploy their own 6to4 and Teredo relays, but you cannot do that, if you are behind a CGN.
the IPv4 shortage is not as acute there since the US has a lot of blocks allocated to it.
Having an IPv4 address does not help, if the party you want to communicate with does not have one. Does ARIN have enough IPv4 addresses to hand them out not only to users in the ARIN region, but also to everybody those users want to communicate with in the rest of the world?
The other problem is that the contents of those lists are secret and once sensors get going they simply cannot stop.
You can't really keep it secret, if you put it on the user's computer. And consumers are free to avoid any vendor, who try to keep their list secret. I haven't done market research because I have never needed such a product myself, and I have no intention of going into that business either. But I believe there is a market, and I have heard of multiple competing products in that field.
Several of filters have been known to block any sites that post anything critical of their practices
That sort of practice is easy to document. And those you primarily want to keep the critical information away from is those potential customers, who have not yet bought your product.
Every one of those companies has an extremely flawed list for exactly the reasons I just mentioned.
Using the lists should be voluntary. I don't want anybody to force any of those lists upon you. But if somebody finds the lists to be useful, they should be allowed to use them for their own needs. Those needs may include filtering on a phone, which a person is paying for someone else.
I have yet to see any filter that does more than block a bunch of known sites and both kids and adults have a knack for finding sites that should have been on the block list but are not.
Finding out exactly what content to block is the hard part. Actually blocking it once it is identified is the easier part. The telecompany could contract with one of those many companies, who already specialized in the first part. Then they can install that software on a bunch of servers, and sell it as a service to parents wishing to prevent their kids from watching porn on their cellphone.
No one in their right mind would attempt to create a black list, you create a white list.
Things that has already been tried include:
Blacklist
Whitelist
Heuristic
Voluntary marking of content
Reputation based systems.
And because of that people keep coming up with new ideas, which are mostly mixtures of the above ideas. You can get pretty decent results by such a mix. But it is not efficient to have everybody do it on their own, which means there is a legitimate need for somebody to collect the necessary data to do the filtering and make it available.
What is important is, that the parents get to choose which provider the filtering algorithm and data from. Forcing one particular source on them is no good.
We can also discuss who should pay for it. But I find that part of the discussion less important than ensuring that filters are not forced upon adults, who should be allowed to make their own decisions.
Rather than have it all done by Google, Bing, Yahoo, BangBangDuck or whatever, you can install your guardian software on your PC where you can control which ones it lets through and which ones it bans, and use the list available to ensure you don't have to visit them all yourself.
Or does nobody have the time to install software on their kiddies' PC?
I did not say anything about where it should be done, because my comment was focusing more on the policy aspect than the actual technical implementation. Having it done by search engines is obviously not the best place to do it. But on the kids own device is not the best solution either, as even a kid can learn how to bypass that. Putting the filter on a middlebox between the device the kid is using and the internet is a good start. A bit of cooperation from the device the kid is using would help, for example that would allow a mitm on all https connections. A bit of cooperation from search engines would also help, that way you can avoid allowing access to the content through Google cache or Google Images. You could even avoid having the blocked pages show up in search results in the first place.
Why would kids look at online porn with a computer, at their parents home with parental controls, when their smartphones have an unlimited data plan and they can watch anywhere?
This is an opportunity for the telecompanies. They need to introduce phone subscriptions intended for kids, where the parents can apply limitations. I guess they sort of exists already with limitations on phone calls. For example the kid may be allowed to make an unlimited number of calls to certain numbers white listed by the parent, for other numbers they could be limited to for example 1$ of usage per week. It would be very natural to extend that kind of subscriptions with limitations on internet traffic. The parent should be able to login on a webpage where they can both configure limitations on phone calls as well as which filters are applied to the internet traffic.
A similar product might also be interesting for some business, who want to limit what their employees can do on a phone paid by the employer.
However, there is another serious (thought not AS serious) concern. If you stealthily filmed adult couples having sex and published those videos, all without getting consent for the filming, then clearly that's not legal. The child in cp has that same right not to have videos circulated as any adult would have.
You are right. I should have expressed myself more clearly. I of course did not want the distribution to be legal under circumstances, where it would have been illegal even if the depicted persons were adults. But in those cases I think violations should be treated the same regardless of the age of the person depicted.
I suppose you could wait until the child becomes an adult and then buy the rights to the videos from the now adult person. That's all academic, though, since most voters are never going to think so calmly about cp that they could calm down long enough to comprehend such a line of reasoning.
That lack of rational thinking on the matter is so widespread that overall it might actually cause more harm than the abuse itself, which isn't widespread (or at least so we have been lead to believe).
Another topic is, does looking at cp make pedophiles more likely to molest children? Does it make them less likely to do so? I don't know. I suspect you don't either.
Claims have been made both ways. And probably there both exist cases where looking at child pornography stopped somebody from doing itself as well as cases, where looking at it made somebody do it. I think nobody knows if one or the other is true. The rational response to this, would be to do a scientific study to find out if the net effect is positive or negative. But I don't see this happening before a large majority of people start thinking rational about the issue. Currently we are doing things, which for all we know, might make the problem worse.
If people believe the former, even animated cp whose production involved no children at all is not going to be legal.
You could apply the same reasoning to movies where consenting adults are acting out a rape scene. Or movies with no sexual content, but violent scenes played by stuntmen. Those have not been outlawed in spite of some people believing they are making out society more violent.
I am not even convinced the people who want such animated child pornography to be outlawed even have considered whether it has any influence on how many children are actually abused. Many want it outlawed, just because they think it is distasteful. One has to stop and think about why people want child pornography to be illegal. Some do because they believe children are being helped by child pornography being illegal. Others want it to be illegal simply because they despise people of different sexual orientation from themselves.
Despising people because of their sexual orientation is no longer politically correct in large parts of the world. In what we usually think of as the civilised world, it is not illegal to be homosexual, and it is not considered socially acceptable to go and beat up a person for being homosexual. But if you despise people being sexually attracted to children, you can hide between a think-of-the-children defence. And justify whatever you want to do to such people, with "I'm just protecting the children".
There are differences in what means you would want to apply depending on which of the two reasons you have for wanting child pornography to be illegal. Whether you want people to be punished for looking at animated child pornography involving no real children, is one difference. If you despise the people simply for their sexual orientation, you want them to be punished in that case, even if no child is being harmed by it.
Consider the following two scenarios:
First a man who is sexually attracted to a woman of his own age. But the woman does not want to have sex
How about parents doing more to restrict their kids from getting into age-inappropriate things on the internet.
Yes, but there should be tools helping the parents in doing so.
The suggestion in the summary is mixing up two completely unrelated issues. Those issues must be addressed separately, otherwise we are going to end up with the wrong solution.
There may be people who do not want to see porn online and wish to be protected from that. That is fine, but it should be a voluntary decision. Unless the person is a minor, in which case it is the parents' decision. But in order to do this, you need to have the content classified. Now it boils down to who has to pay for maintaining this classification. You cannot just require the sites themselves to do that, because some of them will be outside your jurisdiction, and some of them may not have an interest in being correctly classified. Once you have the classification, getting it applied to the right set of people is not all that hard. But don't force it upon grown ups, who do not want it.
The other issue, which is completely unrelated, and should be treated as such, is the issue of child pornography. Many people are acting as if the main problem to be solved is that of people looking at such pictures. And as long as we can prevent anybody from looking at those pictures, then the problem has been solved. That is not true. All which has been achieved by that is hiding the real problem. The real problem is, that what is depicted took place in the first place. That pictures were taken of it and that somebody saw them did not make the abuse itself any worse for the kid, but in some cases it does help reveal that the abuse is taking place, which can help stopping it.
Current laws may actually do more to destroy evidence of crimes rather than stopping the crimes themselves. How would things change if possession and distribution of child pornography was legalized, but manufacturing and trading it remained illegal? Instead of interest organizations building up censorship, which is ultimately going to hurt more, when it is used for other purposes, those interest organizations could collect child pornography and perform data mining on it, and as soon as they have identified individuals in the images, they can hand that over to authorities. I believe that would do more to stop abuse of children, than the current laws.
So now we are going to support companies by buying their vulnerabilities for them?
It is worse than that. It is essentially rewarding companies for not taking security seriously.
There is software backed by companies which do offer a bug bounty, and there is software backed by companies which offer no bug bounty. Having a bug bounty for more software is desirable. But having government pay it for those companies, who do not pay it themselves, is not the proper solution. A much better solution would be that whenever the government buys software, it will primarily buy from companies, which do offer a bug bounty.
This will mean the software being bought is more likely to be secure. Additionally it will put a force on the market, driving it in the right direction.
The only situation where the government should be paying any bug bounties, is when the bugs are in software or services offered by the government. For example it could apply to security problems found in government websites. But if those products are bought from private companies in the first place, it should be made part of the contract, that the vendor will pay the bug bounty and fix the bug.
And facebook does business in Italy? So Italian courts have jurisdiction over facebook.
Even if they didn't, Italy would probably manage to find some scapegoat anyway. Wasn't Italy the country who decided to jail some more or less random Google employees because a video of bullying had been posted on YouTube? Since all of the people responsible for YouTube were in other countries, they picked some employees with zero connection to YouTube instead.
Now is the time to think about how the entertainment industry can be hit back with their own law. How about legally deploying rootkits on their computers to grab copies of their newest products before they are released.
Slashdot Mirror
Who said it does? If you need 1.1Gbit/s of sustained traffic, then a 1Gbit/s link will not be sufficient. The next step upwards is 10Gbit/s.
On the typical home network, this may very well be true. I can fill a 1Gbit/s link at home, if I really want to. But for real data transfers, the network link does not tend to be the bottleneck.
On production servers, things look different. I have worked in a place, where 1Gbit/s links were a very problematic limitation for some of our servers. We would have loved to have 10Gbit/s on board.
The server I was hosting this code on of course had ntpd running from day one. The clock on that computer was accurate to within 10ms.
Spending as much time on the release process as it took to write the code in the first place might be acceptable. But having a release process so convoluted that it increases the work by orders of magnitude means there is something wrong with the release process.
It solved the problem it was designed to solve. And that fact alone is enough to prove your statement to be incorrect.
If you want people to take advice from you, you need to be constructive. Constructive would mean provide concrete suggestions for improvements.
I know there is not such thing as mktime in html, since it is a markup language not a programming language. That is apparently more than you know about it.
If one minute is sufficient, they are free to use this code, which I wrote years ago. (I don't remember how long it took me to write, but it was less than 100 days).
If I was the one receiving such a letter, I can see three options for how to deal with it.
Complying with the letter without questioning is not an option, because I do not have the necessary knowledge to know if that would be legal, or to even tell if the letter was legitimate.
Install this exploit on your laptop, and the problem will be solved. As soon as they connect the cable, it is no longer their iphone.
That part is true. But back then allocations only came in three sizes. Those allocations really were of the smallest size, which would cover their need. That practice was changed soon enough to avoid problems. Slowing down the allocation of IP addresses and not having any of the already allocated addresses handed back would have given enough time, that IPv6 could have been deployed.
The only problem was, that nobody did. People just kept going on deploying more and more IPv4 networks and ignoring IPv6. Other workarounds came along, which stretched the supply of IPv4 addresses even further. The truth is, those workarounds have caused more problems than they solved. They were not necessary in the first place, there was plenty of time to deploy IPv6. The workarounds mean that we now have a much bigger Internet that needs to be converted, which means more work, and it is more expensive. But worse than that, the workarounds are actually part of the reason transitioning to IPv6 is so damn hard. Had IPv4 been free from any NAT, it would have been easier to have IPv4 and IPv6 co-exist.
Some people suggest those early players should hand back those addresses. It wouldn't solve any problem. It would have delayed the problem by a few months. But the problem would have returned and been just a tad worse. Also, it is a myth that those addresses are unused. Even if they are not all advertised in BGP, they may be used internally on systems, which also need to communicate with the public Internet. Hence they cannot be reused without breaking some communication. And even if they could be handed back, the amount of work it would take to ensure they are really not used plus the administrative overhead, means it is just not worth the effort. All that effort would be better spent working on a real solution.
All of those addresses, which could possibly have been handed back would have been used already in 2011. IANA ran out of addresses in early 2011, and APNIC was growing fast at the time.
That's only true, because they already have. Rationing of IPv4 addresses is happening already, and it is affecting end users. The problems end users experience will get worse over time. But very few people understand the connection between the problems they are experiencing and shortage of IP addresses.
But that won't help. There aren't addresses to reallocate. Extrapolate the curve from before IPv4 addresses and ignore the limit. Then you'll find consumption would reach 200% before the end of this decade. No redistribution of IP addresses will solve that. Also redistribution of IP addresses is a problem in itself. Every time you break up a block and redistribute the addresses, the address space gets more fragmented. This fragmentation means more routing table entries, which consume costly CAM resources on the backbone routers. This is a side effect of stretching the utilization of addresses too far.
Research has shown that you should not expect to utilize more than 80-90% of the bits in an address, if that address is supposed to be used for routing. That means you should not expect to utilize 32 bits of the IPv4 addresses, but only 26-29 bits.
Not at all. According to some threads in the tunnelbroker.net forums from May there are HE users who get redirected to Google's Taiwan site. And Google Public DNS apparently sends all users of tunnelbroker.net to a datacenter in Sydney.
This is happening already. The ISP I am using ran out of IPv4 addresses in 2012, and started rationing them down to two per customer. Before that I could have as many devices online as I needed. When they started rationing, I had three devices online, but in the past I have had more.
/64 IPv6 prefix routed to the CPE. But a decent level of service would be that the ISP route a /56 or /48 to any customer requesting it through DHCPv6. Plus the ISP should deploy 6to4 and Teredo relays such that customers get reliable communication with those who unfortunately don't have access to native IPv6 yet. Customers who have their own public IPv4 address can deploy their own 6to4 and Teredo relays, but you cannot do that, if you are behind a CGN.
But I am still better off than customers of certain other ISPs. Some don't even get a single IPv4 address as they are put behind CGN. I have even heard about ISPs deploying CGN without deploying native IPv6 at the same time.
The absolute minimum level of service a customer should tolerate from an ISP which has found it necessary to deploy CGN is a
Having an IPv4 address does not help, if the party you want to communicate with does not have one. Does ARIN have enough IPv4 addresses to hand them out not only to users in the ARIN region, but also to everybody those users want to communicate with in the rest of the world?
You can't really keep it secret, if you put it on the user's computer. And consumers are free to avoid any vendor, who try to keep their list secret. I haven't done market research because I have never needed such a product myself, and I have no intention of going into that business either. But I believe there is a market, and I have heard of multiple competing products in that field.
That sort of practice is easy to document. And those you primarily want to keep the critical information away from is those potential customers, who have not yet bought your product.
Using the lists should be voluntary. I don't want anybody to force any of those lists upon you. But if somebody finds the lists to be useful, they should be allowed to use them for their own needs. Those needs may include filtering on a phone, which a person is paying for someone else.
Finding out exactly what content to block is the hard part. Actually blocking it once it is identified is the easier part. The telecompany could contract with one of those many companies, who already specialized in the first part. Then they can install that software on a bunch of servers, and sell it as a service to parents wishing to prevent their kids from watching porn on their cellphone.
Things that has already been tried include:
And because of that people keep coming up with new ideas, which are mostly mixtures of the above ideas. You can get pretty decent results by such a mix. But it is not efficient to have everybody do it on their own, which means there is a legitimate need for somebody to collect the necessary data to do the filtering and make it available.
What is important is, that the parents get to choose which provider the filtering algorithm and data from. Forcing one particular source on them is no good.
We can also discuss who should pay for it. But I find that part of the discussion less important than ensuring that filters are not forced upon adults, who should be allowed to make their own decisions.
Rather than have it all done by Google, Bing, Yahoo, BangBangDuck or whatever, you can install your guardian software on your PC where you can control which ones it lets through and which ones it bans, and use the list available to ensure you don't have to visit them all yourself.
Or does nobody have the time to install software on their kiddies' PC?
I did not say anything about where it should be done, because my comment was focusing more on the policy aspect than the actual technical implementation. Having it done by search engines is obviously not the best place to do it. But on the kids own device is not the best solution either, as even a kid can learn how to bypass that. Putting the filter on a middlebox between the device the kid is using and the internet is a good start. A bit of cooperation from the device the kid is using would help, for example that would allow a mitm on all https connections. A bit of cooperation from search engines would also help, that way you can avoid allowing access to the content through Google cache or Google Images. You could even avoid having the blocked pages show up in search results in the first place.
This is an opportunity for the telecompanies. They need to introduce phone subscriptions intended for kids, where the parents can apply limitations. I guess they sort of exists already with limitations on phone calls. For example the kid may be allowed to make an unlimited number of calls to certain numbers white listed by the parent, for other numbers they could be limited to for example 1$ of usage per week. It would be very natural to extend that kind of subscriptions with limitations on internet traffic. The parent should be able to login on a webpage where they can both configure limitations on phone calls as well as which filters are applied to the internet traffic.
A similar product might also be interesting for some business, who want to limit what their employees can do on a phone paid by the employer.
Yes, but there should be tools helping the parents in doing so.
Why?
Because nobody has time to go over every webpage themselves to find out which of them has porn, that they don't want their kids to watch.
You are right. I should have expressed myself more clearly. I of course did not want the distribution to be legal under circumstances, where it would have been illegal even if the depicted persons were adults. But in those cases I think violations should be treated the same regardless of the age of the person depicted.
That lack of rational thinking on the matter is so widespread that overall it might actually cause more harm than the abuse itself, which isn't widespread (or at least so we have been lead to believe).
Claims have been made both ways. And probably there both exist cases where looking at child pornography stopped somebody from doing itself as well as cases, where looking at it made somebody do it. I think nobody knows if one or the other is true. The rational response to this, would be to do a scientific study to find out if the net effect is positive or negative. But I don't see this happening before a large majority of people start thinking rational about the issue. Currently we are doing things, which for all we know, might make the problem worse.
You could apply the same reasoning to movies where consenting adults are acting out a rape scene. Or movies with no sexual content, but violent scenes played by stuntmen. Those have not been outlawed in spite of some people believing they are making out society more violent.
I am not even convinced the people who want such animated child pornography to be outlawed even have considered whether it has any influence on how many children are actually abused. Many want it outlawed, just because they think it is distasteful. One has to stop and think about why people want child pornography to be illegal. Some do because they believe children are being helped by child pornography being illegal. Others want it to be illegal simply because they despise people of different sexual orientation from themselves.
Despising people because of their sexual orientation is no longer politically correct in large parts of the world. In what we usually think of as the civilised world, it is not illegal to be homosexual, and it is not considered socially acceptable to go and beat up a person for being homosexual. But if you despise people being sexually attracted to children, you can hide between a think-of-the-children defence. And justify whatever you want to do to such people, with "I'm just protecting the children".
There are differences in what means you would want to apply depending on which of the two reasons you have for wanting child pornography to be illegal. Whether you want people to be punished for looking at animated child pornography involving no real children, is one difference. If you despise the people simply for their sexual orientation, you want them to be punished in that case, even if no child is being harmed by it.
Consider the following two scenarios:
First a man who is sexually attracted to a woman of his own age. But the woman does not want to have sex
Yes, but there should be tools helping the parents in doing so.
The suggestion in the summary is mixing up two completely unrelated issues. Those issues must be addressed separately, otherwise we are going to end up with the wrong solution.
There may be people who do not want to see porn online and wish to be protected from that. That is fine, but it should be a voluntary decision. Unless the person is a minor, in which case it is the parents' decision. But in order to do this, you need to have the content classified. Now it boils down to who has to pay for maintaining this classification. You cannot just require the sites themselves to do that, because some of them will be outside your jurisdiction, and some of them may not have an interest in being correctly classified. Once you have the classification, getting it applied to the right set of people is not all that hard. But don't force it upon grown ups, who do not want it.
The other issue, which is completely unrelated, and should be treated as such, is the issue of child pornography. Many people are acting as if the main problem to be solved is that of people looking at such pictures. And as long as we can prevent anybody from looking at those pictures, then the problem has been solved. That is not true. All which has been achieved by that is hiding the real problem. The real problem is, that what is depicted took place in the first place. That pictures were taken of it and that somebody saw them did not make the abuse itself any worse for the kid, but in some cases it does help reveal that the abuse is taking place, which can help stopping it.
Current laws may actually do more to destroy evidence of crimes rather than stopping the crimes themselves. How would things change if possession and distribution of child pornography was legalized, but manufacturing and trading it remained illegal? Instead of interest organizations building up censorship, which is ultimately going to hurt more, when it is used for other purposes, those interest organizations could collect child pornography and perform data mining on it, and as soon as they have identified individuals in the images, they can hand that over to authorities. I believe that would do more to stop abuse of children, than the current laws.
It is worse than that. It is essentially rewarding companies for not taking security seriously.
There is software backed by companies which do offer a bug bounty, and there is software backed by companies which offer no bug bounty. Having a bug bounty for more software is desirable. But having government pay it for those companies, who do not pay it themselves, is not the proper solution. A much better solution would be that whenever the government buys software, it will primarily buy from companies, which do offer a bug bounty.
This will mean the software being bought is more likely to be secure. Additionally it will put a force on the market, driving it in the right direction.
The only situation where the government should be paying any bug bounties, is when the bugs are in software or services offered by the government. For example it could apply to security problems found in government websites. But if those products are bought from private companies in the first place, it should be made part of the contract, that the vendor will pay the bug bounty and fix the bug.
Even if they didn't, Italy would probably manage to find some scapegoat anyway. Wasn't Italy the country who decided to jail some more or less random Google employees because a video of bullying had been posted on YouTube? Since all of the people responsible for YouTube were in other countries, they picked some employees with zero connection to YouTube instead.
I like your idea.
Now is the time to think about how the entertainment industry can be hit back with their own law. How about legally deploying rootkits on their computers to grab copies of their newest products before they are released.
And how exactly do they pay the employees in that office?